win2000有若干异常症状，具体如下：
1、开机弹出脱机工作的窗口，如图所示
2、不能进行复制、粘贴操作
3、无法打开IE新窗口
4、无法浏览win nt和program file 文件夹内容
5、在添加、删除程序中出现fssq theme和usn nkay 无法卸载
6、在C盘根目录下出现system A和system B两个隐藏文件夹，内有svhost和ghook.dll 文件
7、system32中有1.exe。。。。。
初步怀疑中了冲击波，但是用瑞星专杀工具检查没有该病毒
AVG未扫描出异常

希望高手给指点一下！！！急！！！(为什么还要限制帖子的长度呢？那日志文件怎么能够随症状一起贴？）

你做成txt 文件上传啊。

估计主要是中的灰鸽子变种！

【回复“蕊芯怎么啦？”的帖子】
灰鸽子是这样的症状吗？

2007-03-23,10:02:25
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 3 (Build 2195)
- 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<winform><C:\WINNT\SMSS.EXE> [N/A]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINNT\system32\ctfnom.exe> [Microsoft Corporation]
<usrinit><C:\WINNT\system32\usrinit.exe> []
<WinAutoUp><C:\WINNT\AutoUp.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
<{A172A3DC-945E-5618-AD6E-F3D542D55C22}><C:\WINNT\system32\respri.dll> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[86DDCAF9 / 86DDCAF9][Stopped/Auto Start]
<C:\WINNT\system32\86DDCAF9.EXE -service><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Std ebus Service / ebus][Running/Auto Start]
<C:\WINNT\system32\rundll32.exe C:\PROGRA~1\COMMON~1\swmk\jgwx.dll,Service -s><Microsoft Corporation>
[fismopd / fismopd][Running/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\COMMON~1\lismupd\lismupd.dll>< >
[Microsoft Search / MSSEARCH][Running/Auto Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MySql / MySql][Running/Auto Start]
<C:/mysql/bin/mysqld-nt.exe><N/A>
[Vsn nkay Service / nkay][Running/Auto Start]
<C:\WINNT\system32\rundll32.exe C:\PROGRA~1\COMMON~1\aqge\axnl.dll,Service><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[WDelMgr20 / WDelMgr20][Running/Auto Start]
<C:\WINNT\system32\drivers\WDelMgr20.exe><N/A>
浏览器加载项
[khxv]
{11AE42BA-6A9C-4C0A-9F26-B1EAEE45A299} <C:\PROGRA~1\COMMON~1\aqge\xuki.dll, >
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.5382]
[PID: 196][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.5265]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 244][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.3940]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.3649.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 440][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 504][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.4299]
[PID: 812][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.3649]
[PID: 856][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\COMMON~1\swmk\jgwx.dll] [ , 4, 1, 0, 4]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\olbs.dll] [ , 1, 0, 0, 6]
[PID: 884][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[c:\progra~1\common~1\lismupd\lismupd.dll] [ , 2, 8, 0, 1]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 900][C:\WINNT\System32\ismserv.exe] [Microsoft Corporation, 5.00.2195.4827]
[PID: 936][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.4907]
[PID: 1008][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[PID: 1080][C:\mysql\bin\mysqld-nt.exe] [N/A, N/A]
[PID: 1104][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\COMMON~1\aqge\axnl.dll] [, 1, 2, 0, 8]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 1120][C:\WINNT\system32\ntfrs.exe] [Microsoft Corporation, 5.00.2195.5429]
[PID: 1180][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.3649]
[PID: 1192][C:\WINNT\System32\locator.exe] [Microsoft Corporation, 5.00.2195.3761]
[PID: 1204][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.1]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 1244][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 1336][C:\WINNT\system32\drivers\WDelMgr20.exe] [N/A, N/A]
[PID: 1380][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0070]
[PID: 1348][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1404][C:\WINNT\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984]
[C:\php\sapi\php4isapi.dll] [N/A, N/A]
[C:\WINNT\system32\php4ts.dll] [N/A, N/A]
[PID: 1440][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[PID: 1872][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3502.5321]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[C:\WINNT\system32\respri.dll] [N/A, N/A]
[C:\WINNT\system32\mdkzn.dll] [N/A, N/A]
[C:\Program Files\eyrp\fssq.nls] [N/A, N/A]
[C:\WINNT\system32\winform.dll] [N/A, N/A]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for File Servers 5\scr_ch_pg.dll] [N/A, N/A]
[PID: 2048][C:\WINNT\system32\usrinit.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 2052][C:\WINNT\AutoUp.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[PID: 568][D:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\PROGRA~1\COMMON~1\swmk\mjsx.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\swmk\roec.dll] [ , 1, 0, 0, 6]
[D:\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]
==================================

驱动程序
[2930U2 / 2930U2][Stopped/Disabled]
<\SystemRoot\system32\drivers\2930U2.sys><Adaptec, Inc.>
[adf6u160 / adf6u160][Stopped/Disabled]
<\SystemRoot\system32\drivers\adf6u160.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\drivers\adpu160m.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\drivers\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\drivers\aic78xx.sys><Microsoft Corporation>
[AIDA32Driver / AIDA32Driver][Stopped/Manual Start]
<\??\D:\OW_Share\[公司交流区]\checkpc\aida32.sys><N/A>
[atirage3 / atirage3][Running/Manual Start]
<System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dlcr / dlcre][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dlcre.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[dpti2o / dpti2o][Stopped/Disabled]
<\SystemRoot\system32\drivers\dpti2o.sys><Adaptec, Inc.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Stopped/Manual Start]
<System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100bnt5.sys><Intel Corporation>
[Fasttrak / Fasttrak][Running/Boot Start]
<\SystemRoot\system32\drivers\Fasttrak.sys><Promise Technology, Inc.>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[KLIF / KLIF][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\klif.sys><N/A>
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[raidsrc / raidsrc][Stopped/Disabled]
<\SystemRoot\system32\drivers\raidsrc.sys><Intel>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
[sym_u3 / sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\klif.sys><N/A>
[SyGate for NT, Wg1n / Wg1n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg1n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wg2n / Wg2n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg2n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg8n / wg8n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg8n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg9n / wg9n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg9n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start]
<\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================

[86DDCAF9 / 86DDCAF9][Stopped/Auto Start]
<C:\WINNT\system32\86DDCAF9.EXE -service><Microsoft Corporation
[Std ebus Service / ebus][Running/Auto Start]
<C:\WINNT\system32\rundll32.exe C:\PROGRA~1\COMMON~1\swmk\jgwx.dll,Service -s><Microsoft Corporation>??????????
[fismopd / fismopd][Running/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\COMMON~1\lismupd\lismupd.dll>< >??????????????????
<WinAutoUp><C:\WINNT\AutoUp.exe> []
[dlcr / dlcre][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dlcre.sys><N/A>????

.JS Error. []
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\System32\new.sys><N/A>
[SyGate for NT, Wg1n / Wg1n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg1n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wg2n / Wg2n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\Wg2n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg8n / wg8n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg8n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg9n / wg9n][Running/Auto Start]
<\SystemRoot\SYSTEM32\Drivers\wg9n.sys><Sygate Technologies, Inc.>
[SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start]
上面不是病毒也变态.
见义重装.