12   2  /  2  页   跳转

求助!高手来看!

收藏
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 16:33 | 只看楼主 短消息 资料
字号: 11楼

[C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
[PID: 2840 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2856 / Administrator][C:\Program Files\SuperData\速达3000Pro服务器\SdProServer.exe]  [, 1.2.0.0]
    [C:\WINDOWS\system32\vcl60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\rtl60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\dbrtl60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\adortl60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\vcldb60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\bdertl60.bpl]  [Borland Software Corporation, 6.0.6.163]
    [C:\WINDOWS\system32\dsnap60.bpl]  [Borland Software Corporation, 6.0.6.240]
    [C:\WINDOWS\system32\bcbsmp60.bpl]  [Borland Software Corporation, 6.0.0.0]
    [C:\WINDOWS\system32\vclx60.bpl]  [Borland Software Corporation, 6.0.6.163]
    [C:\WINDOWS\system32\BORLNDMM.DLL]  [Borland Software Corporation, 6.0.10.157]
    [C:\WINDOWS\system32\CC3260MT.DLL]  [Borland Corporation, 0.0.0.0 (informal build)]
    [C:\Program Files\SuperData\速达3000Pro服务器\SDComp6.bpl]  [, 1.0.0.0]
    [C:\WINDOWS\system32\designide60.bpl]  [Borland Software Corporation, 6.0.10.157]
    [C:\WINDOWS\system32\STLPMT45.DLL]  [N/A, ]
    [C:\Program Files\SuperData\速达3000Pro服务器\PK_Upgrade.bpl]  [, 1.0.0.0]
    [C:\Program Files\SuperData\速达3000Pro服务器\dclDBGrid6.bpl]  [, 1.0.0.0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Common Files\system\ole db\SQLOLEDB.DLL]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DBnmpNTw.dll]  [Microsoft Corporation, 2000.085.1117 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\system\ole db\SQLOLEDB.RLL]  [Microsoft Corporation, 2000.085.1117.00 built by: (_sqlbld)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor0.dll]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL]  [N/A, ]
[PID: 2636 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5232 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash.ocx]  [Macromedia, Inc., 6,0,84,0]
    [C:\WINDOWS\system32\javacypt.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\WINDOWS\system32\msjava.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\WINDOWS\system32\VMHELPER.DLL]  [Microsoft Corporation, 5.00.3810]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\DOWNLO~1\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.2877 (xpsp.060329-1554)]
    [C:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\RavWeb\RsVM.dll]  [, 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 59]
    [C:\Program Files\Rising\RavWeb\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\RavWeb\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 16:34 | 只看楼主 短消息 资料
字号: 12楼

[PID: 4692 / Administrator][C:\WINDOWS\system32\mdm.exe]  [Microsoft Corporation, 6.00.8149]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\MSDBG.DLL]  [Microsoft Corporation, 6.00.8146]
[PID: 5868 / Administrator][C:\Program Files\Rising\Rav\ravlite.exe]  [, 20, 0, 0, 14]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 76]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5104 / Administrator][C:\Program Files\Thunder Network\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 5.1.5.189]
    [C:\Program Files\Thunder Network\Thunder\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 74]
    [C:\Program Files\Thunder Network\Thunder\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Program Files\Thunder Network\Thunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder Network\Thunder\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [C:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Thunder Network\Thunder\iEmbed.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 22]
    [C:\Program Files\Thunder Network\Thunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
    [C:\Program Files\Thunder Network\Thunder\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\WINDOWS\system32\PDM.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINDOWS\system32\MSDBG.DLL]  [Microsoft Corporation, 6.00.8146]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Thunder Network\Thunder\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 59]
    [C:\WINDOWS\system32\Macromed\Flash\Flash.ocx]  [Macromedia, Inc., 6,0,84,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 4192 / Administrator][E:\本机驱动\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.2]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [E:\本机驱动\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [E:\本机驱动\sreng2\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 16:34 | 只看楼主 短消息 资料
字号: 13楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2740, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2740, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2840, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2840, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2856, C:\PROGRAM FILES\SUPERDATA\速达3000PRO服务器\SDPROSERVER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2856, C:\PROGRAM FILES\SUPERDATA\速达3000PRO服务器\SDPROSERVER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 5104, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\THUNDER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5104, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\THUNDER.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00E8212D)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00E82215)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2007-09-26 16:35 | 短消息 资料
字号: 14楼

http://forum.ikaka.com/topic.asp?board=28&artid=8371486

参考5楼6楼
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 17:59 | 只看楼主 短消息 资料
字号: 15楼

日不懂啊,我按了你的方法去做,还是不行啊,现在瑞星不行了,连卡巴也按不了了啊.
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2007-09-26 18:04 | 短消息 资料
字号: 16楼

你日志中没有注册表的部分,补上来
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 18:11 | 只看楼主 短消息 资料
字号: 17楼

日不懂啊,我来了,



启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTrayp><VTtrayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <load><; >  [N/A]
    <PPHIDPAD><; C:\Wentech\Win32\pphidpad.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztfree0.dll>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 18:13 | 只看楼主 短消息 资料
字号: 18楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTrayp><VTtrayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <load><; >  [N/A]
    <PPHIDPAD><; C:\Wentech\Win32\pphidpad.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztfree0.dll>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 18:14 | 只看楼主 短消息 资料
字号: 19楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTrayp><VTtrayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <load><; >  [N/A]
    <PPHIDPAD><; C:\Wentech\Win32\pphidpad.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztfree0.dll>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
gototop
 
哇哇哈哈
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2007-09-26
  • 来自:
发表于: 2007-09-26 18:15 | 只看楼主 短消息 资料
字号: 20楼

日不懂啊,帮帮忙了,谢谢了
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT