【求助】系统进程不见了？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】系统进程不见了？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

【求助】系统进程不见了？

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-26 23:08 \| 只看楼主短消息资料字号：小中大 1楼【求助】系统进程不见了？大大们，我打开任务管理器之后，发现在进程窗口的所有进程都看不见了！！下面的进程数显示只有19个进程！但是我可以正常使用系统！用其他的进程检测工具也能看见进程？？？请问这是怎么回事？ 2007-04-27 13:47:11
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	分享到：

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-26 23:09 \| 只看楼主短消息资料字号：小中大 2楼不能沉了！顶起来
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

紫墨蓝尘初生襁褓狮帖子:476 注册: 2006-10-12 来自:	发表于： 2007-04-26 23:10 \| 短消息资料字号：小中大 3楼使用SREng扫描工具点这里下载http://www.kztechs.com/sreng/download.html 1 解压缩sreng2.zip 2 运行SREng2.exe 3 按智能扫描，然后勾选检查进程模块的签名，然后再按扫描，最后保存结果 4 把结果SREngLOG.log里面的内容一字不漏的发上来，一次发不完的就分页发(卡卡帖多`日志的地址飞短给我）提示下： a.扫描前关闭所有正在使用的应用程序,例如QQ`浏览器等，然后再进行扫描 b.如果SREng.exe运行无反应或者不能运行又或者扫描出错你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或abc.exe然后放到c:\windows 下面再运行 c.如果因为各种原因，需要输入SREng授权号输入如下信息：用户名：teyqiu 授权号：26129027541185431409013556
紫墨蓝尘初生襁褓狮帖子:476 注册: 2006-10-12 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 10:28 \| 只看楼主短消息资料字号：小中大 4楼 [CODE] 2007-04-27,10:06:05 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <Apoint><C:\Program Files\Apoint2K\Apoint.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <Super Rabbit SafeEdit><D:\工具\系统清理\MagicSet\SRFC.EXE /Load> [Super Rabbit Soft] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SmartLinkService / SLService][Running/Auto Start] <slserv.exe><> [Windows Media at Servr / Windows Media at Servr][Stopped/Auto Start] <C:\Program Files\run1l32.exe><N/A> [Windows Accounts Driver / windows_0][Stopped/Auto Start] <><N/A>
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 10:28 \| 只看楼主短消息资料字号：小中大 5楼 ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start] <System32\Drivers\DKbFltr.sys><Dritek System Inc.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [ialm / ialm][Running/Manual Start] <system32\DRIVERS\ialmnt5.sys><Intel Corporation> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司> [mProcRs / mProcRs][Running/Auto Start] <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [Mtlmnt5 / Mtlmnt5][Running/Manual Start] <system32\DRIVERS\Mtlmnt5.sys><> [Mtlstrm / Mtlstrm][Stopped/Manual Start] <system32\DRIVERS\Mtlstrm.sys><> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [NtMtlFax / NtMtlFax][Stopped/Manual Start] <system32\DRIVERS\NtMtlFax.sys><> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsFwDrv / RsFwDrv][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SERIALOX / SERIALOX][Stopped/Manual Start] <system32\DRIVERS\SERIALOX.sys><OEM> [SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start] <system32\DRIVERS\slntamr.sys><> [SlNtHal / SlNtHal][Stopped/Manual Start] <system32\DRIVERS\Slnthal.sys><> [SlWdmSup / SlWdmSup][Running/Manual Start] <system32\DRIVERS\SlWdmSup.sys><Vireo Software> [SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start] <system32\DRIVERS\smcirda.sys><SMC> [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start] <system32\drivers\ialmsbw.sys><Intel Corporation> [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start] <system32\drivers\ialmkchw.sys><Intel Corporation>
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 10:29 \| 只看楼主短消息资料字号：小中大 6楼 ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [Thunder Browser Helper] {7369D359-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [超级兔子上网精灵] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\工具\系统清理\MagicSet\haokanbar.dll, Xiang Feng Technology> [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\其他\QQ\QQ.EXE, TENCENT> [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\工具\系统清理\MagicSet\haokanbar.dll, Xiang Feng Technology> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation> [AcPreview 控件] {F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk> [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation> [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\工具\系统清理\MagicSet\haokanbar.dll, Xiang Feng Technology> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Thunder Browser Helper] {7369D359-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [超级兔子上网精灵] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\工具\系统清理\MagicSet\haokanbar.dll, Xiang Feng Technology> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [上传到QQ网络硬盘] <D:\其他\QQ\AddToNetDisk.htm, N/A> [使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A> [使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A> [添加到QQ自定义面板] <D:\其他\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\其他\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\其他\QQ\SendMMS.htm, N/A> [用维棠下载视频] <D:\工具\下载工具\ViDown\vd_link.htm, N/A>
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 10:29 \| 只看楼主短消息资料字号：小中大 7楼 ================================== 正在运行的进程 [PID: 496][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 552][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1368][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.2285] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2285] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2285] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2285] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2285] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [PID: 2816][D:\Download\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [C:\WINDOWS\newdotnet3_21.dll] [New.net, Inc., 3, 0, 0, 21] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 New.net UDP Chain C:\WINDOWS\newdotnet3_21.dll(New.net, Inc., New.net Application) New.net UDP Filter C:\WINDOWS\newdotnet3_21.dll(New.net, Inc., New.net Application)
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 10:29 \| 只看楼主短消息资料字号：小中大 8楼 ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 www.130sf.com 127.0.0.1 www.17ez.com 127.0.0.1 www.7j4f.com 127.0.0.1 www.350w.com 127.0.0.1 www.921ok.com 127.0.0.1 www.123ggg.com 127.0.0.1 www.444mu.com 127.0.0.1 www.31mu.com 127.0.0.1 www.85mu.com 127.0.0.1 www.690mu.com 127.0.0.1 www.690mu.com 127.0.0.1 www.34mu.com 127.0.0.1 www.770mu.com 127.0.0.1 www.590mu.com 127.0.0.1 www.260mu.com 127.0.0.1 www.650mu.com 127.0.0.1 www.190mu.com 127.0.0.1 www.590mu.com 127.0.0.1 www.270mu.com 127.0.0.1 www.290mu.com 127.0.0.1 www.65mu.com 127.0.0.1 www.83mu.com 127.0.0.1 www.81mu.com 127.0.0.1 www.855mu.com 127.0.0.1 www.mu175.com 127.0.0.1 www.150mu.com 127.0.0.1 www.87mu.com 127.0.0.1 www.111mu.com 127.0.0.1 www.mu180.com 127.0.0.1 www.180mu.com ================================== API HOOK N/A ================================== 隐藏进程 [256] C:\WINDOWS\SOUNDMAN.EXE [268] C:\WINDOWS\system32\hkcmd.exe [348] C:\Program Files\Apoint2K\Apoint.exe [400] C:\Program Files\Rising\Rav\RavTask.exe [436] C:\Program Files\Rising\Rav\Ravmon.exe [664] C:\WINDOWS\system32\ctfmon.exe [668] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [980] C:\Program Files\Apoint2K\Apntex.exe [1236] C:\WINDOWS\system32\conime.exe [1300] C:\WINDOWS\System32\alg.exe [1888] C:\program files\internet explorer\IEXPLORE.EXE [1956] c:\program files\rising\rfw\RfwMain.exe [2152] C:\WINDOWS\system32\notepad.exe ================================== [/CODE]
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

网缘绝恋初生襁褓狮帖子:222 注册: 2007-04-25 来自:	发表于： 2007-04-27 10:35 \| 短消息资料字号：小中大 9楼删除C:\Program Files\run1l32.exe><N/A> 偶也是新手暂时只看出这个
网缘绝恋初生襁褓狮帖子:222 注册: 2007-04-25 来自:

愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:	发表于： 2007-04-27 13:07 \| 只看楼主短消息资料字号：小中大 10楼怎么删？？？问问，我也是新手！
愤怒的流星初生襁褓狮帖子:9 注册: 2007-04-26 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT