瑞星卡卡安全论坛

现在我的电脑每次开机出现：[1.exe][2.exe].....[10.exe]，是一种小黑框，一个一个的，像是命令行。并且确定这几个在sys32里，可每次删除之后，瑞星还是卡在0个文件无法查杀。后来发现还有一个cmd的程序，删除之后瑞星终于可以杀了，高兴之余用2007.4.6升级的瑞星全面查杀，0个病毒！！！木马助手查杀，0个木马！！！关键是我关机之后居然又出来了！看来没删除完全，可我又不知道怎么办，10个exe占用内存大约50-75%，并且这些命令中的“_”光标在不断闪烁变幻位置，我怕有问题，赶快关了，结果关的时候时间居然6秒一个！用了我校一分钟才关上。

我真的晕了，最新正版瑞星都杀不了。。。。。。

无语，3字：SOS！

补充：阻止瑞星杀毒的程序叫做：什么什么.cmd

高手救命！

去下载sreng2,关闭qq，下载软件等一切不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改
http://www.kztechs.com/sreng/sreng2.zip

高手来啊

http://forum.ikaka.com/topic.asp?board=28&artid=8290293

kan kan 这里

引用:

【songjiguo的贴子】去下载sreng2,关闭qq，下载软件等一切不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改 http://www.kztechs.com/sreng/sreng2.zip ………………

怎么弄日志阿？我菜鸟

引用:

【songjiguo的贴子】去下载sreng2,关闭qq，下载软件等一切不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改 http://www.kztechs.com/sreng/sreng2.zip ………………

怎么弄日志？我菜鸟

起动sreng2点扫描，扫描完保存。

复制，粘贴上来

引用:

【菜鸟也有帅哥的贴子】 怎么弄日志？我菜鸟 ………………

SRENG的官方下载地址:
http://www.kztechs.com/sreng/download.html
打不开的话,到我网盘
http://gudugengkekao.ys168.com
(其他工具-sreng2.zip 0.6MB )


先暂时关闭QQ、播放之类的东西,选第四选项-智能扫描-勾选上检查进程模块的数字签名-扫描后保存报告~把内容粘上来,一次粘不完分几次粘,中间不要修改..


嘿嘿

[CODE]

2007-04-06,20:41:30

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"realsched.exe"  -osboot>  [N/A]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ImpsSensor]
    <WinlogonNotify: ImpsSensor><ImpsSensor.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Lifeview HID Remote Controller Service / lvhidsvc][Running/Auto Start]
  <C:\WINDOWS\system32\lvhidsvc.exe><Animation Technologies Inc.>
[NBService / NBService][Stopped/Manual Start]
  <D:\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <D:\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows FileExe / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\J:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[TV Card WDM Video Capture / LVCap138][Running/Manual Start]
  <system32\DRIVERS\lvcap138.sys><Animation Technologies Inc.>
[TV Card TV Tuner / lvtuner][Running/Manual Start]
  <system32\DRIVERS\lvtuner.sys><Animation Technologies Inc.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\H:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/System Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[Sunplus Serial port driver / SPCP825K][Stopped/Manual Start]
  <system32\DRIVERS\SPCP825K.sys><SUNPLUS TECHNOLOGY Co., LTD.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

浏览器加载项
[Thunder Browser Helper]
  {00000000-0000-0000-0000-C3CA9A05F1E2} <I:\迅雷5\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <i:\acrobat reader 5.05\Reader\ActiveX\AcroIEHelper.ocx, >
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <I:\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <I:\超级解霸3000\MPLAYER.EXE, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2}? <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <H:\qq\QQ.EXE, TENCENT>
[易趣购物]
  {DE607145-AC19-425e-860A-0D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683}? <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[番茄工具条 3.0]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[同花顺]
  {39852EFE-325B-45ef-9A60-3DBECD2DDDD5} <C:\WINDOWS\system32\thsbar.dll, 同花顺>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
  {00000000-0000-0000-0000-C3CA9A05F1E2} <I:\迅雷5\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <i:\acrobat reader 5.05\Reader\ActiveX\AcroIEHelper.ocx, >
[同花顺]
  {39852EFE-325B-45EF-9A60-3DBECD2DDDD5} <C:\WINDOWS\system32\thsbar.dll, 同花顺>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[番茄工具条 3.0]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <I:\迅雷5\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <I:\迅雷5\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <H:\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <H:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <H:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <H:\QQ\SendMMS.htm, N/A>
[解霸实时播放]
  <I:\超级解霸3000\MPURLGET.HTM, N/A>

正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]
[PID: 724][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]
[PID: 884][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]
[PID: 1540][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 1, 1004]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [D:\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 2, 7, 0]
    [D:\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [I:\winrar3.6\rarext.dll]  [N/A, ]
    [I:\ske\contmenu.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll]  [Nero AG, 1, 2, 0, 13]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\Program Files\HighMAT CD Writing Wizard\HMTCD.dll]  [, 1.1.1905.1]
[PID: 1740][D:\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [D:\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
[PID: 344][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 1, 1004]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]
[PID: 480][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
[PID: 844][C:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]
[PID: 3044][I:\winrar3.6\WinRAR.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 3096][C:\DOCUME~1\anboqi\LOCALS~1\Temp\Rar$EX00.953\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\TcpIpDog0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\TcpIpDog0.dll(, N/A)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\TcpIpDog0.dll(, N/A)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\TcpIpDog0.dll(, N/A)
RSVP UDP Service Provider
    C:\WINDOWS\system32\TcpIpDogR0.dll(, N/A)
RSVP TCP Service Provider
    C:\WINDOWS\system32\TcpIpDogR0.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

高手看一下

快来看看那阿！~！！！~~！~！~！~！~！~！~

TcpIpDog0.dll不确定啊。

没人帮忙么？瑞星论坛怎么都这样啊

删除服务：[Windows FileExe / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS\system32\servet.exe><N/A>

删除驱动服务：[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\J:\INSTALL\GMSIPCI.SYS><N/A>

删除文件：
C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
C:\WINDOWS\system32\nvshell.dll

运行SRENG，使用，如图

删除服务：[Windows FileExe / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS\system32\servet.exe><N/A>

删除驱动服务：[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\J:\INSTALL\GMSIPCI.SYS><N/A>

删除文件：
C:\WINDOWS\system32\servet.exe
J:\INSTALL\GMSIPCI.SYS
C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
C:\WINDOWS\system32\nvshell.dll
安全模式下清空临时文件夹

运行SRENG，使用，如下图

然后删除文件：C:\WINDOWS\system32\TcpIpDog0.dll


附件: 711891200741100119.jpg

引用:

【菜鸟也有帅哥的贴子】没人帮忙么？瑞星论坛怎么都这样啊 ………………

已经回复你了
不要有什么抱怨，这里都是免费提供服务的，现在都0点了，大多数人都睡了
再说还有那么多人的贴子，不可能只看你一个人的吧

先帮你顶起～～～

C:\WINDOWS\system32\TcpIpDog0.dll是一个上网客户端程序的组件。某些机关学校经常使用这个程序，一般非病毒。
并不是所有更改winsock供应者的项目都需处理，有些更改是正常的，如
IDM会更改这winsock供应者项目，是为了接管系统的所有下载。
NOD32也会更改这些项目，也是为了网络监控。
还有像这样的上网客户端程序，就更需要接管这一项了。