win2000（sp4）操作系统，监控中心不能打开，不能打开搜索页面，不能拷贝粘贴，无法双击打开系统日志看详细信息，一些服务没有启动，无法查看服务属性设置对话框，瑞星查不出任何病毒，这是什么木马或病毒？瑞星重新装好后系统托盘可以看到红色的小伞，再次启动就什么也没有了。

【回复“长空一长箭”的帖子】
HijackThis_815汉化版扫描日志 V1.99.1
保存于      17:08:07, 日期 2006-10-17
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
E:\rising\Rising\Rfw\rfwsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
f:\Tornado2.2\host\x86-win32\bin\wtxregds.exe
C:\WINNT\Explorer.EXE
E:\rising\Rising\Rfw\RfwMain.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\RunDll32.exe
E:\daemon\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
E:\rising\Rav\RavTask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\ctfmon.exe
E:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
E:\rising\Rav\Ravmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\HijackThis1991zww.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "E:\daemon\daemon.exe"  -lang 1033
O4 - 启动项HKLM\\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - 启动项HKLM\\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [RfwMain] "E:\rising\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "E:\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = E:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Microsoft Office\Office\2052\OLFSNT40.EXE
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\visio\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - e:\Kingsoft\POWERW~1\XDictExB.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149324777015
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F8C756-AD4A-4C4A-A56E-1250E13DA265}: NameServer = 172.16.66.1

【回复“长空一长箭”的帖子】
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: bw+0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw+0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw-0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw-0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw00 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw00s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw10 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw10s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw20 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw20s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw30 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw30s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw40 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw40s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw50 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw50s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw60 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw60s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw70 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw70s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw80 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw80s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw90 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bw90s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwa0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwa0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwb0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwb0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwc0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwc0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwd0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwd0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwe0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwe0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwf0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwf0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwg0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwg0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwh0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwh0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwi0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwi0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwj0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwj0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwk0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

【回复“长空一长箭”的帖子】
O18 - 列举现有的协议: bwk0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwl0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwl0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwm0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwm0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwn0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwn0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwo0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwo0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwp0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwp0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwq0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwq0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwr0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwr0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bws0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bws0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwt0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwt0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwu0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwu0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwv0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwv0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bww0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bww0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwx0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwx0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwy0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwy0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwz0 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: bwz0s - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - e:\Kingsoft\POWERW~1\XDictExB.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: offline-8876480 - {3BC3FD13-C59B-465E-AE6B-C357D1268653} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\rising\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - E:\rising\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\rising\Rav\Ravmond.exe
O23 - NT 服务: Tornado Registry - Unknown owner - f:\Tornado2.2\host\x86-win32\bin\wtxregds.exe

【回复“长空一长箭”的帖子】
2006-10-17,17:04:52

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
N/A

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINNT\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> E:\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Logitech Desktop Messenger]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> E:\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[Symantec Fax Starter Edition Port]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Symantec Fax Starter Edition Port.lnk --> E:\MICROS~1\Office\2052\OLFSNT40.EXE [Microsoft Corporation]><N>
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Visual Studio Debugger Proxy Service / DbgProxy]
  <F:\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Machine Debug Manager / MDM]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Microsoft Search / MSSEARCH]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
  <f:\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <e:\rising\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <E:\rising\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Rising Process Communication Center / RsCCenter]
  <"E:\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"E:\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT]
  <f:\MICROS~2\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Tornado Registry / Tornado Registry]
  <f:\Tornado2.2\host\x86-win32\bin\wtxregds.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[25095578 / 25095578]
  <\SystemRoot\System32\drivers\25095578.sys><N/A>
[atssse / atssse]
  <C:\WINNT\system32\sosdrp.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Equator Technologies MAP Series reference driver  / CCI]
  <system32\DRIVERS\cci.sys><N/A>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[drpkiont / drpkiont]
  <\SystemRoot\System32\drivers\drpkiont.sys><N/A>
[C6xxx EVM PCI Driver / evm6x]
  <\SystemRoot\System32\drivers\evm6x.sys><Texas Instruments Incoporated>
[ExpScaner / ExpScaner]
  <\??\E:\rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI]
  <E:\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont]
  <\??\E:\rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\E:\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\rising\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Logitech USB Microphone / lusbaudio]
  <system32\drivers\lvsound2.sys><Logitech Inc.>
[LVBulk Service / LVBulk]
  <system32\DRIVERS\LVBulk.sys><Logitech Inc.>
[LVVI500A Service / LVVI500A]
  <system32\DRIVERS\lvvi500a.sys><Tekom Technologies, Inc.>
[MEMSCAN / MEMSCAN]
  <\??\E:\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\E:\rising\Rising\Rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NetGroup Packet Filter Driver / NPF]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <E:\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Logitech QuickCam Pro 3000(PID_08B1) / PhilCam8116_2K]
  <system32\DRIVERS\CamDrL20.sys><Logitech Inc.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Logitech QuickCam Express(PID_0840) / QCDonner]
  <system32\DRIVERS\LVCD.sys><Logitech Inc.>
[RsFwDrv / RsFwDrv]
  <\??\E:\rising\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[Sense3 / Sense3]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[St320hg / St320hg]
  <\SystemRoot\system32\DRIVERS\st320hg.sys><Generic>
[Virtual PC Application Services / VPCAppSv]
  <system32\DRIVERS\VPCAppSv.sys><Connectix Corporation>
[World Standard Teletext Codec / WSTCODEC]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xds560 / xds560]
  <C:\WINNT\SYSTEM32\DRIVERS\xds560.SYS><Texas Instruments Incorporated>
[XDSFast1 ISA Bus Driver / xdsfast1]
  <\SystemRoot\System32\drivers\xdsfast1.sys><Texas Instruments Incorporated>
[R2A / R2A]
  <\??\C:\WINNT\system32a2.sys><N/A>

【回复“长空一长箭”的帖子】
==================================
浏览器加载项
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\FlashGet\jccatch.dll, Amaze Soft>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\MICROS~1\visio\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <e:\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[转换为 Adobe PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 428][E:\rising\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [E:\rising\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [E:\rising\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [E:\rising\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [E:\rising\Rising\Rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [E:\rising\Rising\Rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [E:\rising\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 504][C:\WINNT\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
[PID: 528][C:\WINNT\System32\tcpsvcs.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 536][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
[PID: 580][f:\Tornado2.2\host\x86-win32\bin\wtxregds.exe]  [N/A, N/A]
    [f:\Tornado2.2\host\x86-win32\bin\libwpwr.dll]  [N/A, N/A]
    [f:\Tornado2.2\host\x86-win32\bin\wtxapi.dll]  [N/A, N/A]
    [f:\Tornado2.2\host\x86-win32\bin\WINRPC32.dll]  [NobleNet, Inc, 3.00D]
[PID: 940][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [E:\WinRAR\rarext.dll]  [N/A, N/A]
    [E:\Beyond Compare 2\BCShellEx.dll]  [Scooter Software, 2.0.0.0]
    [C:\WINNT\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 2, 4]
    [E:\FlashGet\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINNT\downlo~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 4]
    [C:\WINNT\downlo~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 5]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
    [E:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]

【回复“yukepgp”的帖子】
[PID: 952][E:\rising\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [E:\rising\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [E:\rising\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\rising\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
[PID: 1128][C:\WINNT\system32\Rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\WINNT\downlo~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 4]
    [C:\WINNT\downlo~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 5]
    [C:\WINNT\downlo~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 1, 0, 3, 1]
[PID: 1120][C:\WINNT\system32\RunDll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 0, 17]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
[PID: 908][E:\daemon\daemon.exe]  [VeNoM386 and SwENSkE, 3.20.0.0]
    [C:\WINNT\daemon.dll]  [Generic, 3.20.0.0]
    [E:\daemon\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 848][C:\Program Files\Logitech\Video\LogiTray.exe]  [Logitech Inc., 8.0.3.1112]
    [C:\Program Files\Logitech\Video\QCUI2.dll]  [Logitech Inc., 8.0.3.1112]
    [C:\Program Files\Logitech\Video\LTWVC12n.dll]  [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LQCUI2.dll]  [Logitech Inc., 8.0.3.1112]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\Program Files\Logitech\Video\LLogTray.dll]  [Logitech Inc., 8.0.3.1112]
    [C:\WINNT\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 2, 4]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
[PID: 780][E:\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 968][C:\WINNT\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\NVMCTRAY.DLL]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 964][C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe]  [Logitech, 2.1.2.0]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\backWeb.dll]  [BackWeb Technologies Inc., Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwsec.dll]  [BackWeb, Version 4.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll]  [N/A, N/A]
    [C:\PROGRA~1\Logitech\DESKTO~1\8876480\720~1.137\program\EN\ClientRC.dll]  [BackWeb Technologies Inc., Version 7.2.0 (Build 137R)]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll]  [BackWeb Technologies Inc.                        , Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll]  [, Version 7.2.0 (Build 137R)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll]  [BackWeb Technologies Inc.                        , Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll]  [, Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll]  [BackWeb Technologies Inc.                        , Version 7.2.0 (Build 137R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll]  [, Version 7.2.0 (Build 137R)]
    [E:\rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll]  [Logitech, 2.01.02]
[PID: 728][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 664][E:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 292][E:\Adobe\Acrobat 7.0\Reader\reader_sl.exe]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 856][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
[PID: 1116][E:\rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [E:\rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [E:\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [E:\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
[PID: 280][E:\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
[PID: 1240][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 137R)]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.JS  Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

【回复“长空一长箭”的帖子】
IadHide5.dll应该是罗技自带的一个dll吧？
发现问题的前一天瑞星有一个wdfmgr32.exe想修改注册表的提示，拒绝了，当时没有注意，第2天开机就出问题了。请问下2000下面的日志程序保存在什么地方的？用什么工具可以打开？因为在系统日志里可以看到许多错误，但是不能看详细信息，点属性的时候感觉上属性对话框是打开了，但是没有显示出来

【回复“长空一长箭”的帖子】
还有就是outlook Express里面的邮件帐号密码全部变成和帐号名一模一样了