近几天，刚开机不久就自动弹出一个“关闭系统”窗口，提示：“系统处理程序C:\WINDOWS\system32\lsass.exe 出乎意料地终止，状态码为128。系统将关机，并重新启动。”1分钟后关机重启。我也注意到，本论坛也有好几位朋友遇到这种情况。经查，这是典型的震荡波病毒症状。

但是，我认为：它决不是去年“五一”前后大肆泛滥的那种震荡波病毒。根据是：（1）在系统中搜索不到病毒文件avserve.exe ；（2）用HijackThis在安全模式下也看不到avserve.exe 的踪迹；（3）用11月18日的瑞星最新版V17.53.41查不到病毒；（4）用瑞星、卡尔巴斯和微软的专杀工具均查不到“震荡波”的踪影。

我是在下载并安装微软的安全漏洞补丁后消除这种现象的，但是，由于始终没有查到病毒载体并将其清除，所以心里始终不踏实。

望各位高手细加研究，并提出有效的解决办法。下面是在自动关机并重启后，在安全模式下的扫描日志：

Logfile of HijackThis v1.99.1
Scan saved at 20:48:20, on 2005-11-21
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hffsrv.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\explorer.exe
D:\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BDHlprObj Class - {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} - C:\WINDOWS\DOWNLO~1\BDHelper.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: 东方卫士 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EF} - C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BIE] Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [MINI_BFYY] D:\Storm Downloader\StormDownloader.exe
O4 - HKLM\..\Run: [BCMHal] rundll32.exe bcmhalnt.dll,BCInit
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: &使用暴风下载器下载 - D:\Storm Downloader\geturl.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll
O9 - Extra 'Tools' menuitem: 东方卫士工具条 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CE} - C:\PROGRA~1\DFVSIE~1\DFVSIEBR.dll
O9 - Extra button: 东方卫士2005下载版 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - e:\DFVSX\DFVSX.exe
O9 - Extra 'Tools' menuitem: 东方卫士 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9EE} - e:\DFVSX\DFVSX.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\QQ\QQ.EXE
O9 - Extra button: 易趣购物 - {DE607146-AC19-426e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607146-AC19-426e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\QQ\QQIEHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130709303800
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {E689D735-1487-420D-9049-16ED198FE411} (vc Control) - http://www.viruschina.com/free/vco.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD870DBD-3F1A-477C-A128-B738AD2610EE}: NameServer = 61.128.128.68 61.128.192.68
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\system32\hffsrv.exe
O23 - Service: MsnDaemon - Unknown owner - C:\WINDOWS\system32\dllcache\binary\S-1-5-21-746137067-1229272821-839522115-500\bin\smss.exe
O23 - Service: NetServices - Unknown owner - C:\WINDOWS\system32\dllcache\recycler\S-1-5-21-746137067-1229272821-839522115-500\etc\csrss.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\system32\hffsrv.exe

回复shengye:
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\system32\hffsrv.exe

hffsrv.exe是文件和文件夹隐藏软件的内存驻留程序，我用了很久了，以前没有问题的。

O23 - Service: MsnDaemon - Unknown owner - C:\WINDOWS\system32\dllcache\binary\S-1-5-21-746137067-1229272821-839522115-500\bin\smss.exe
O23 - Service: NetServices - Unknown owner - C:\WINDOWS\system32\dllcache\recycler\S-1-5-21-746137067-1229272821-839522115-500\etc\csrss.exe
这两个服务呢~~？？
总是感觉它们的路径很奇怪~~

你是不是装了两中杀软
  他们可能有冲突 卸载掉个看看

【回复“疯狂的驴”的帖子】

我只安装了瑞星实时监控和瑞星防火墙。

【回复“影子110”的帖子】
那两个路径的确很奇怪，但是，我虽然没有干掉它们，现在也没有感觉到系统有什么异常，就只好让它们多活几天了。