瑞星 QQ医生打不开木马在线等 bbs.ikaka.com

樱泽 - 2007-10-3 22:56:00

注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
RsCCenter
[AM] 1. c:\program files\rising\rav\ccenter.exe

RsRavMon
[A ] 2. c:\program files\rising\rav\ravmond.exe

WMPNetworkSvc
[A ] 3. c:\program files\windows media player\wmpnetwk.exe

WudfSvc
[A ] 4. c:\windows\system32\wudfsvc.dll

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 5. c:\windows\system32\drivers\alcxsens.sys

ALCXWDM
[A ] 6. c:\windows\system32\drivers\alcxwdm.sys

AmdK8
[A ] 7. c:\windows\system32\drivers\amdk8.sys

BaseTDI
[A ] 8. c:\windows\system32\drivers\basetdi.sys

ExpScaner
[A ] 9. c:\program files\rising\rav\expscan.sys

HookCont
[A ] 10. c:\program files\rising\rav\hookcont.sys

HookReg
[A ] 11. c:\program files\rising\rav\hookreg.sys

HookSys
[A ] 12. c:\program files\rising\rav\hooksys.sys

MEMSCAN
[A ] 13. c:\program files\rising\rav\memscan.sys

NPF
[A ] 14. c:\windows\system32\drivers\npf.sys

npkcrypt
[A ] 15. f:\qq\npkcrypt.sys

RsAntiSpyware
[A ] 16. c:\windows\system32\drivers\rsboot.sys

RsNTGDI
[A ] 17. c:\windows\system32\drivers\rsntgdi.sys

RSPPSYS
[A ] 18. c:\program files\rising\rav\rsppsys.sys

Secdrv
[A ] 19. c:\windows\system32\drivers\secdrv.sys

WudfPf
[A ] 20. c:\windows\system32\drivers\wudfpf.sys

WudfRd
[A ] 21. c:\windows\system32\drivers\wudfrd.sys

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 22. e:\讯雷\comdlls\tdatonce_now.dll

{39F7E361-828A-4B5A-BCAF-5B79BFDFEA60}
[AM] 23. e:\讯雷\comdlls\xunleibho_now.dll

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[AM] 24. d:\downloads\新建文件夹\bitcomet\tools\bitcometbho_1.1.6.14.dll

{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}
[AM] 25. c:\program files\common files\fjos0r.dll

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 26. c:\windows\system32\hticons.dll

Portable Media Devices
[A ] 27. c:\windows\system32\audiodev.dll

Portable Devices
[A ] 28. c:\windows\system32\wpdshext.dll

Portable Devices Menu
[A ] 28. c:\windows\system32\wpdshext.dll

WinRAR shell extension
[A ] 29. c:\program files\winrar\rarext.dll

RISING
[AM] 30. c:\windows\system32\ravext.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 30. c:\windows\system32\ravext.dll

{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 31. c:\windows\system32\shlhook.dll

{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}
[AM] 32. c:\program files\internet explorer\onlo0r.dll

{32C4BAF4-0411-4000-BDFB-A6F71E669F8C}
[AM] 33. c:\windows\system32\csdoor1.dll

{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}
[AM] 34. c:\windows\system32\wldoor1.dll

{A3C95A74-638D-4C6B-A856-4B27664A7F47}
[AM] 35. c:\windows\system32\wgdoor1.dll

{D8CC4845-441C-44F8-9053-28F2EF67655B}
[AM] 36. c:\windows\system32\dadoor1.dll

{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}
[AM] 37. c:\windows\system32\dh3oor1.dll

{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}
[AM] 38. c:\windows\system32\rxdoor1.dll

{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}
[AM] 39. c:\windows\system32\qjdoor1.dll

{68F7767A-090C-4BBF-A015-720ACC6706E2}
[AM] 40. c:\windows\system32\wddoor1.dll

{08E909A4-B236-48DD-8BCC-90A604B93E68}
[AM] 41. c:\windows\system32\tldoor1.dll

{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}
[AM] 42. c:\windows\system32\zxdoor1.dll

{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}
[AM] 43. c:\windows\system32\cqdoor1.dll

{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}
[AM] 44. c:\windows\system32\qhdoor1.dll

{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}
[AM] 45. c:\windows\system32\mydoor1.dll

{3422FB0F-95EB-458A-8B56-39552017A4EF}
[AM] 46. c:\windows\system32\mhdoor1.dll

{E952B8F8-D91A-4EDD-851C-EE1A0F944469}
[AM] 47. c:\windows\system32\ztfree1.dll

{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}
[AM] 48. c:\windows\system32\wodoor1.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WPDShServiceObj
[AM] 49. c:\windows\system32\wpdshserviceobj.dll

+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[AM] 50. c:\program files\rising\rav\ravtask.exe

runeip
[AM] 51. c:\program files\rising\antispyware\runiep.exe

racer
[AM] 52. c:\program files\racer-han-cnc\racer.exe

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 53. c:\program files\rising\antispyware\runonce.exe

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 54. c:\windows\system32\bsmain.exe

[A ] 55. c:\windows\system32\kknative.exe

+ 映像劫持
+ HKCR\.bat
batfile\print\Command
[A ] 56. c:\p

+ HKCR\.log
txtfile\print\Command
[A ] 56. c:\p

+ HKCR\.txt
txtfile\print\Command
[A ] 56. c:\p

+ HKCR\.cmd
cmdfile\print\Command
[A ] 56. c:\p

+ HKCR\.reg
regfile\print\Command
[A ] 56. c:\p

+ HKCR\.vbs
VBSFile\Print\Command
[A ] 56. c:\p

+ HKCR\.js
JSFile\Print\Command
[A ] 56. c:\p

+ HKCR\.ini
inifile\print\Command
[A ] 56. c:\p

+ HKCR\.inf
inffile\print\Command
[A ] 56. c:\p

+ 正在运行的进程
+ 000001a4(420) smss.exe

+ 000001b8(440) racer.exe
00400000[00025000]
[AM] 52. c:\program files\racer-han-cnc\racer.exe

10000000[002F4000]
[ M] 57. c:\program files\racer-han-cnc\rwxre.dll

30000000[00027000]
[ M] 58. c:\program files\racer-han-cnc\nspr4.dll

00890000[00065000]
[ M] 59. c:\program files\racer-han-cnc\xpcom_core.dll

003F0000[00007000]
[ M] 60. c:\program files\racer-han-cnc\plc4.dll

00900000[00006000]
[ M] 61. c:\program files\racer-han-cnc\plds4.dll

00910000[00059000]
[ M] 62. c:\program files\racer-han-cnc\nss3.dll

00970000[0005A000]
[ M] 63. c:\program files\racer-han-cnc\softokn3.dll

009D0000[00069000]
[ M] 64. c:\program files\racer-han-cnc\js3250.dll

00A40000[00016000]
[ M] 65. c:\program files\racer-han-cnc\gkgfx.dll

00A60000[00014000]
[ M] 66. c:\program files\racer-han-cnc\xpcom_compat.dll

00A80000[0001A000]
[ M] 67. c:\program files\racer-han-cnc\smime3.dll

00AA0000[0001B000]
[ M] 68. c:\program files\racer-han-cnc\ssl3.dll

00F00000[00012000]
[ M] 69. c:\program files\racer-han-cnc\components\jar50.dll

00F20000[00021000]
[ M] 70. c:\program files\racer-han-cnc\components\racer_base_comp.dll

00F50000[00009000]
[ M] 71. c:\program files\racer-han-cnc\racer_base.dll

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CNCDialer)

樱泽 - 2007-10-3 22:56:00

00F60000[00006000]
[ M] 72. c:\program files\racer-han-cnc\kbdhook.dll

01300000[00235000]
[ M] 73. c:\program files\racer-han-cnc\components\gklayout.dll

01640000[0003A000]
[ M] 74. c:\program files\racer-han-cnc\nssckbi.dll

01290000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

02AC0000[00008000]
[ M] 76. c:\program files\racer-han-cnc\components\racer_ad_comp.dll

02FA0000[00006000]
[ M] 77. c:\program files\racer-han-cnc\components\racer_access_pppoe.dll

02FB0000[00034000]
[ M] 78. c:\program files\racer-han-cnc\pppoe.dll

03740000[00006000]
[ M] 79. c:\program files\racer-han-cnc\components\racer_nss4_comp.dll

03750000[00049000]
[ M] 80. c:\program files\racer-han-cnc\nss4.dll

037A0000[00041000]
[ M] 81. c:\program files\racer-han-cnc\wpcap.dll

037F0000[00015000]
[ M] 82. c:\program files\racer-han-cnc\packet.dll

03810000[00010000]
[ M] 83. c:\program files\racer-han-cnc\wanpacket.dll

02D90000[00009000]
[AM] 48. c:\windows\system32\wodoor1.dll

02DE0000[00006000]
[AM] 47. c:\windows\system32\ztfree1.dll

02DF0000[00006000]
[AM] 46. c:\windows\system32\mhdoor1.dll

02F00000[00007000]
[AM] 45. c:\windows\system32\mydoor1.dll

02F10000[00006000]
[AM] 44. c:\windows\system32\qhdoor1.dll

02F20000[00007000]
[AM] 43. c:\windows\system32\cqdoor1.dll

02F60000[00008000]
[AM] 42. c:\windows\system32\zxdoor1.dll

02F70000[00006000]
[AM] 41. c:\windows\system32\tldoor1.dll

02F80000[00006000]
[AM] 40. c:\windows\system32\wddoor1.dll

03C00000[00008000]
[AM] 39. c:\windows\system32\qjdoor1.dll

03DA0000[00006000]
[AM] 38. c:\windows\system32\rxdoor1.dll

03DB0000[00006000]
[AM] 37. c:\windows\system32\dh3oor1.dll

03DC0000[00006000]
[AM] 36. c:\windows\system32\dadoor1.dll

03DD0000[00008000]
[AM] 35. c:\windows\system32\wgdoor1.dll

03DE0000[00006000]
[AM] 34. c:\windows\system32\wldoor1.dll

03DF0000[00006000]
[AM] 33. c:\windows\system32\csdoor1.dll

+ 000001c8(456) ctfmon.exe
10000000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

+ 000001dc(476) csrss.exe

+ 000001f4(500) winlogon.exe
72C80000[00008000]
[ M] 84. c:\windows\system32\msacm32.drv

+ 00000220(544) services.exe
47260000[0000F000]
[ M] 85. c:\windows\apppatch\acadproc.dll

+ 0000022c(556) lsass.exe

+ 000002c8(712) svchost.exe

+ 00000300(768) svchost.exe

+ 00000344(836) CCenter.exe
00400000[0001E000]
[AM] 1. c:\program files\rising\rav\ccenter.exe

+ 00000354(852) svchost.exe
50E60000[0000C000]
[ M] 86. c:\windows\system32\wups2.dll

+ 00000380(896) svchost.exe

+ 000003a4(932) svchost.exe

+ 00000448(1096) alg.exe

+ 000004d8(1240) Explorer.EXE
011C0000[00006000]
[AM] 33. c:\windows\system32\csdoor1.dll

011B0000[00006000]
[AM] 34. c:\windows\system32\wldoor1.dll

01380000[00019000]
[AM] 32. c:\program files\internet explorer\onlo0r.dll

013E0000[00008000]
[AM] 35. c:\windows\system32\wgdoor1.dll

00C00000[00006000]
[AM] 36. c:\windows\system32\dadoor1.dll

00CB0000[00006000]
[AM] 37. c:\windows\system32\dh3oor1.dll

015D0000[00006000]
[AM] 38. c:\windows\system32\rxdoor1.dll

01A70000[00008000]
[AM] 39. c:\windows\system32\qjdoor1.dll

01C20000[00006000]
[AM] 40. c:\windows\system32\wddoor1.dll

024A0000[00006000]
[AM] 41. c:\windows\system32\tldoor1.dll

02620000[00008000]
[AM] 42. c:\windows\system32\zxdoor1.dll

025D0000[00007000]
[AM] 43. c:\windows\system32\cqdoor1.dll

164A0000[00023000]
[AM] 49. c:\windows\system32\wpdshserviceobj.dll

02BD0000[00006000]
[AM] 44. c:\windows\system32\qhdoor1.dll

02D40000[00007000]
[AM] 45. c:\windows\system32\mydoor1.dll

02EF0000[00006000]
[AM] 46. c:\windows\system32\mhdoor1.dll

03020000[00006000]
[AM] 47. c:\windows\system32\ztfree1.dll

03190000[00009000]
[AM] 48. c:\windows\system32\wodoor1.dll

72C80000[00008000]
[ M] 84. c:\windows\system32\msacm32.drv

109C0000[0002C000]
[ M] 87. c:\windows\system32\portabledevicetypes.dll

10930000[00049000]
[ M] 88. c:\windows\system32\portabledeviceapi.dll

032E0000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

10000000[0001B000]
[AM] 30. c:\windows\system32\ravext.dll

03490000[00011000]
[AM] 31. c:\windows\system32\shlhook.dll

+ 00000518(1304) spoolsv.exe

+ 00000544(1348) Ras.exe
00400000[00160000]
[ M] 89. c:\program files\rising\antispyware\ras.exe

10000000[00013000]
[ M] 90. c:\program files\rising\antispyware\topsoft.dll

7C140000[00103000]
[ M] 91. c:\program files\rising\antispyware\mfc71.dll

7C340000[00056000]
[ M] 92. c:\program files\rising\antispyware\msvcr71.dll

7C3A0000[0007B000]
[ M] 93. c:\program files\rising\antispyware\msvcp71.dll

00E10000[000BD000]
[ M] 94. c:\program files\rising\antispyware\rasgui.dll

01510000[0001B000]
[AM] 30. c:\windows\system32\ravext.dll

01540000[00011000]
[AM] 31. c:\windows\system32\shlhook.dll

015D0000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

019A0000[00009000]
[AM] 48. c:\windows\system32\wodoor1.dll

019C0000[00006000]
[AM] 47. c:\windows\system32\ztfree1.dll

019B0000[00006000]
[AM] 46. c:\windows\system32\mhdoor1.dll

019D0000[00007000]
[AM] 45. c:\windows\system32\mydoor1.dll

019F0000[00006000]
[AM] 44. c:\windows\system32\qhdoor1.dll

01A00000[00007000]
[AM] 43. c:\windows\system32\cqdoor1.dll

01A10000[00008000]
[AM] 42. c:\windows\system32\zxdoor1.dll

01A20000[00006000]
[AM] 41. c:\windows\system32\tldoor1.dll

01A40000[00006000]
[AM] 40. c:\windows\system32\wddoor1.dll

01A50000[00008000]
[AM] 39. c:\windows\system32\qjdoor1.dll

01A60000[00006000]
[AM] 38. c:\windows\system32\rxdoor1.dll

01A70000[00006000]
[AM] 37. c:\windows\system32\dh3oor1.dll

01A80000[00006000]
[AM] 36. c:\windows\system32\dadoor1.dll

023F0000[00008000]
[AM] 35. c:\windows\system32\wgdoor1.dll

02400000[00006000]
[AM] 34. c:\windows\system32\wldoor1.dll

02410000[00006000]
[AM] 33. c:\windows\system32\csdoor1.dll

+ 000005d8(1496) runiep.exe
00400000[00013000]
[AM] 51. c:\program files\rising\antispyware\runiep.exe

00C50000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

樱泽 - 2007-10-3 22:57:00

+ 00000984(2436) rundll32.exe
10000000[00034000]
[ M] 78. c:\program files\racer-han-cnc\pppoe.dll

00AF0000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

+ 00000ee4(3812) iexplore.exe
10000000[00022000]
[AM] 22. e:\讯雷\comdlls\tdatonce_now.dll

00ED0000[00019000]
[AM] 23. e:\讯雷\comdlls\xunleibho_now.dll

223F0000[00009000]
[ M] 99. e:\讯雷\components\resworker\dsbho_00.dll

223C0000[0000C000]
[ M] 100. e:\讯雷\components\resworker\dataprocessor_00.dll

00F40000[0006D000]
[AM] 24. d:\downloads\新建文件夹\bitcomet\tools\bitcometbho_1.1.6.14.dll

00FF0000[00019000]
[AM] 25. c:\program files\common files\fjos0r.dll

01D50000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

01FB0000[00009000]
[AM] 48. c:\windows\system32\wodoor1.dll

01FC0000[00006000]
[AM] 47. c:\windows\system32\ztfree1.dll

01FD0000[00006000]
[AM] 46. c:\windows\system32\mhdoor1.dll

01FE0000[00007000]
[AM] 45. c:\windows\system32\mydoor1.dll

01FF0000[00006000]
[AM] 44. c:\windows\system32\qhdoor1.dll

02000000[00007000]
[AM] 43. c:\windows\system32\cqdoor1.dll

02010000[00008000]
[AM] 42. c:\windows\system32\zxdoor1.dll

02020000[00006000]
[AM] 41. c:\windows\system32\tldoor1.dll

02030000[00006000]
[AM] 40. c:\windows\system32\wddoor1.dll

02040000[00008000]
[AM] 39. c:\windows\system32\qjdoor1.dll

02050000[00006000]
[AM] 38. c:\windows\system32\rxdoor1.dll

02060000[00006000]
[AM] 37. c:\windows\system32\dh3oor1.dll

02070000[00006000]
[AM] 36. c:\windows\system32\dadoor1.dll

02080000[00008000]
[AM] 35. c:\windows\system32\wgdoor1.dll

02090000[00006000]
[AM] 34. c:\windows\system32\wldoor1.dll

020A0000[00006000]
[AM] 33. c:\windows\system32\csdoor1.dll

02680000[00019000]
[ M] 101. c:\program files\rising\rav\ravscrch.dll

30000000[002EF000]
[ M] 102. c:\windows\system32\macromed\flash\flash9d.ocx

72C80000[00008000]
[ M] 84. c:\windows\system32\msacm32.drv

+ 00000f14(3860) Rsaupd.exe
00400000[00024000]
[ M] 103. c:\program files\rising\antispyware\update\rsaupd.exe

10000000[000BD000]
[ M] 104. c:\program files\rising\antispyware\temp\rasgui.dll

01390000[0001B000]
[ M] 75. c:\program files\rising\antispyware\ieprot.dll

01190000[00009000]
[AM] 48. c:\windows\system32\wodoor1.dll

011A0000[00006000]
[AM] 47. c:\windows\system32\ztfree1.dll

011B0000[00006000]
[AM] 46. c:\windows\system32\mhdoor1.dll

011D0000[00007000]
[AM] 45. c:\windows\system32\mydoor1.dll

011E0000[00006000]
[AM] 44. c:\windows\system32\qhdoor1.dll

011F0000[00007000]
[AM] 43. c:\windows\system32\cqdoor1.dll

01200000[00008000]
[AM] 42. c:\windows\system32\zxdoor1.dll

01210000[00006000]
[AM] 41. c:\windows\system32\tldoor1.dll

01220000[00006000]
[AM] 40. c:\windows\system32\wddoor1.dll

01230000[00008000]
[AM] 39. c:\windows\system32\qjdoor1.dll

01240000[00006000]
[AM] 38. c:\windows\system32\rxdoor1.dll

01250000[00006000]
[AM] 37. c:\windows\system32\dh3oor1.dll

01260000[00006000]
[AM] 36. c:\windows\system32\dadoor1.dll

01850000[00008000]
[AM] 35. c:\windows\system32\wgdoor1.dll

01860000[00006000]
[AM] 34. c:\windows\system32\wldoor1.dll

01870000[00006000]
[AM] 33. c:\windows\system32\csdoor1.dll

newcenturymoon - 2007-10-3 22:59:00

下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告以附件的形式传上来

terisa - 2007-10-3 23:35:00

我同样有这个问题

newcenturymoon - 2007-10-4 0:03:00

有类似问题的扫sreng日志

樱泽 - 2007-10-4 0:28:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<Storm2Set><C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv> [(Verified)Beijing Baofeng Inc.]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<racer><C:\Program Files\racer-han-cnc\racer.exe> [Putian Runway]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><APIHookDll.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}><C:\Program Files\Internet Explorer\OnlO0r.dll> [Microsoft Corporation]
<{32C4BAF4-0411-4000-BDFB-A6F71E669F8C}><C:\WINDOWS\system32\csdoor1.dll> []
<{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}><C:\WINDOWS\system32\wldoor1.dll> []
<{A3C95A74-638D-4C6B-A856-4B27664A7F47}><C:\WINDOWS\system32\wgdoor1.dll> []
<{D8CC4845-441C-44F8-9053-28F2EF67655B}><C:\WINDOWS\system32\dadoor1.dll> []
<{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor1.dll> []
<{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}><C:\WINDOWS\system32\rxdoor1.dll> []
<{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}><C:\WINDOWS\system32\qjdoor1.dll> []
<{68F7767A-090C-4BBF-A015-720ACC6706E2}><C:\WINDOWS\system32\wddoor1.dll> []
<{08E909A4-B236-48DD-8BCC-90A604B93E68}><C:\WINDOWS\system32\tldoor1.dll> []
<{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}><C:\WINDOWS\system32\zxdoor1.dll> []
<{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}><C:\WINDOWS\system32\cqdoor1.dll> []
<{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor1.dll> []
<{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}><C:\WINDOWS\system32\mydoor1.dll> []
<{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\system32\mhdoor1.dll> []
<{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztfree1.dll> []
<{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\system32\wodoor1.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]

樱泽 - 2007-10-4 0:28:00

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\F:\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>

樱泽 - 2007-10-4 0:32:00

[PID: 420 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 544 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 556 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240 / admin][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[C:\Program Files\Internet Explorer\OnlO0r.dll] [Microsoft Corporation, 1. 0. 0. 1]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\StormII\Codec\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[C:\Program Files\StormII\Codec\PmpSplt.ax] [cooleyes, 1, 0, 0, 8]
[C:\Program Files\StormII\Codec\AviSplitter.ax] [Gabest, 1, 0, 0, 7]
[C:\Program Files\StormII\Codec\MpaSplitter.ax] [Gabest, 1, 0, 0, 1]
[C:\Program Files\StormII\Codec\RadGtSplitter.ax] [Gabest, 1, 0, 0, 0]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\StormII\Codec\TTL2Dec.dll] [N/A, ]
[C:\Program Files\StormII\Codec\Vid1Dec.dll] [N/A, ]
[C:\Program Files\StormII\Codec\xvid.ax] [N/A, ]
[C:\WINDOWS\system32\LCodcCMP.dll] [LEAD Technologies, Inc., 1.0.0.009]
[C:\WINDOWS\system32\icmw_32.dll] [Aware Inc., 1.65.2.3]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1056 / admin][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1108 / admin][C:\Program Files\racer-han-cnc\racer.exe] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\rwxre.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\nspr4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-han-cnc\xpcom_core.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-han-cnc\plc4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-han-cnc\plds4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\racer-han-cnc\nss3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-han-cnc\softokn3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-han-cnc\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\racer-han-cnc\gkgfx.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-han-cnc\xpcom_compat.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-han-cnc\smime3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-han-cnc\ssl3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\racer-han-cnc\components\jar50.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-han-cnc\components\racer_base_comp.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\racer_base.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\kbdhook.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\components\gklayout.dll] [Mozilla Foundation, Personal]
[C:\Program Files\racer-han-cnc\nssckbi.dll] [Netscape Communications Corporation, 1.53]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\racer-han-cnc\components\racer_ad_comp.dll] [Putian Runway, 3,3,130,306]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[C:\Program Files\racer-han-cnc\components\racer_access_pppoe.dll] [Putian Runway, 3,3,130,325]
[C:\Program Files\racer-han-cnc\pppoe.dll] [北京润汇科技有限公司, 9, 0, 22, 50]
[C:\Program Files\racer-han-cnc\components\racer_nss4_comp.dll] [Putian Runway, 3,3,130,306]
[C:\Program Files\racer-han-cnc\nss4.dll] [北京润汇科技有限公司, 1, 0, 0, 4]
[C:\Program Files\racer-han-cnc\wpcap.dll] [CACE Technologies, 3, 2, 0, 29]
[C:\Program Files\racer-han-cnc\packet.dll] [CACE Technologies, 3, 2, 0, 29]
[C:\Program Files\racer-han-cnc\WanPacket.dll] [CACE Technologies, 3, 2, 0, 29]
[PID: 1136 / admin][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]

樱泽 - 2007-10-4 0:37:00

[PID: 1512 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2520 / admin][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\RACER-~1\pppoe.dll] [北京润汇科技有限公司, 9, 0, 22, 50]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[PID: 348 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 2312 / admin][D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\vagaa.exe] [Vagaa Development Team, 2.6.5.6]
[D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\TouDll.dll] [Vagaa Development Team, 2.6.4.4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\UPnPDll.dll] [Vagaa.com, 2, 6, 4, 0]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[PID: 2368 / admin][D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\VExplorer.exe] [www.vagaa.com, 2.6.4.0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[PID: 2952 / admin][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3464 / admin][D:\Vagaa\Downloads\MPlayer_Windows\MPlayer.exe] [KeyJ, 1.1.903.37]
[D:\Vagaa\Downloads\MPlayer_Windows\unrar.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]

樱泽 - 2007-10-4 0:38:00

[PID: 3596 / admin][F:\qq\QQ.exe] [TENCENT, 7,0,431,1723]
[F:\qq\QQBaseClassInDll.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQHelperDll.dll] [TENCENT, 7,0,431,1723]
[F:\qq\BasicCtrlDll.dll] [TENCENT, 7, 0, 431, 1723]
[F:\qq\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[F:\qq\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[F:\qq\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[F:\qq\QQAPI.dll] [TENCENT, 7,0,431,1723]
[F:\qq\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[F:\qq\LoginCtrl.dll] [TENCENT, 7,0,431,1723]
[F:\qq\LoginCtrlRes.dll] [TENCENT, 7,0,431,1723]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[F:\qq\QQRes.dll] [TENCENT, 7,0,431,1723]
[F:\qq\WizardCtrl.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQMainFrame.dll] [N/A, ]
[F:\qq\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[F:\qq\CQQApplication.dll] [N/A, ]
[F:\qq\UnReadMsgMgr.dll] [N/A, ]
[F:\qq\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[F:\qq\NewSkin.dll] [TENCENT, 7,0,431,1723]
[F:\qq\MailSummary.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQKnowledgeSearch.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQAllInOne.dll] [TENCENT, 7,0,431,1723]
[F:\qq\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[F:\qq\CameraDll.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQSpace.dll] [TENCENT, 7,0,431,1723]
[F:\qq\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[F:\qq\QQGroupMng.dll] [TENCENT, 7,0,431,1723]
[F:\qq\UserDefinedHead.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQPlugin.dll] [N/A, ]
[F:\qq\LongConnection.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQConfigPlugin.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQCustomFace.dll] [N/A, ]
[F:\qq\QQAvatar.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[F:\qq\ImageOle.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQLiveQMng.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QRingMng.dll] [N/A, ]
[F:\qq\QQSceneMng.dll] [N/A, ]
[F:\qq\QQPet.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQSysMsgMng.dll] [N/A, ]
[F:\qq\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
[F:\qq\QQFileTransfer.dll] [TENCENT, 7,0,431,1723]
[F:\qq\PhoneAPI.dll] [TENCENT, 7,0,431,1723]
[F:\qq\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[F:\qq\GroupConnection.dll] [TENCENT, 7,0,431,1723]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[F:\qq\BQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[F:\qq\QQMagicFace.dll] [TENCENT, 7,0,431,1723]
[F:\qq\QQSettingCtrl.dll] [TENCENT, 7,0,431,1723]
[F:\qq\CommercesMng.dll] [TENCENT, 7,0,431,1723]
[F:\qq\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[F:\qq\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
[PID: 3508 / admin][F:\qq\TIMPlatform.exe] [TENCENT, 7,0,431,1723]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[F:\qq\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2016 / admin][D:\木马客星\Iparmor\Iparmor.exe] [luosoft.com, 2007]
[D:\木马客星\Iparmor\getportlistxp.dll] [, 1, 0, 0, 1]
[D:\木马客星\Iparmor\hookhookdll.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[PID: 2920 / admin][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 1440 / admin][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\wldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor1.dll] [N/A, ]
[C:\WINDOWS\system32\ztfree1.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor1.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor1.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor1.dll] [N/A, ]
[C:\WINDOWS\system32\dh3oor1.dll] [N/A, ]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1056, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\RACER-HAN-CNC\RACER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2312, D:\VAGAA\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\VAGAA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2368, D:\VAGAA\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\VEXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2952, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3464, D:\VAGAA\DOWNLOADS\MPLAYER_WINDOWS\MPLAYER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2016, D:\木马客星\IPARMOR\IPARMOR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛