[PID: 3996 / Admimistrators][D:\BitComet\BitComet.exe]  [www.BitComet.com, 0.88]
    [D:\360safe\safemon\safemon.dll]  [, 3, 6, 1, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.10.10 07May04]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\wddoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\55550.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\fydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3660 / Admimistrators][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360safe\safemon\safemon.dll]  [, 3, 6, 1, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.10.10 07May04]
    [C:\WINDOWS\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
    [D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [d:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [d:\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [d:\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Common Files\fjOs0r.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [D:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor0.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\55550.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\fydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\UltraEdit-32\ue32ctmn.dll]  [, 1, 0, 0, 2]
    [D:\Nero 7\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 0, 6, 1]
    [D:\Nero 7\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3864 / Admimistrators][D:\装机工具\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\360safe\safemon\safemon.dll]  [, 3, 6, 1, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.10.10 07May04]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\dh3oor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\55550.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\fydoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor0.dll]  [N/A, ]
    [D:\装机工具\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 400, D:\RINGZ STUDIO\STORM DOWNLOADER\STORMDOWNLOADER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 252, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 476, C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 496, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 776, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 776, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1356, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2456, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

1、用附件中的XDELBOX删除下列文件：

[C:\WINDOWS\system32\dh3oor0.dll] [N/A, ]
[C:\WINDOWS\system32\tldoor0.dll] [N/A, ]
[C:\WINDOWS\system32\wddoor0.dll] [N/A, ]
[C:\WINDOWS\system32\rxdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\zxdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\55550.dll] [N/A, ]
[C:\WINDOWS\system32\csdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\wodoor0.dll] [N/A, ]
[C:\WINDOWS\system32\mhdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\qjdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\wgdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\wldoor0.dll] [N/A, ]
[C:\WINDOWS\system32\dadoor0.dll] [N/A, ]
[C:\WINDOWS\system32\fydoor0.dll] [N/A, ]
[C:\WINDOWS\system32\cqdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\qhdoor0.dll] [N/A, ]
[C:\WINDOWS\system32\mydoor0.dll] [N/A, ]

2、重启后，用SRENG删除下列加载项：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{68F7767A-090C-4BBF-A015-720ACC6706E2}><C:\WINDOWS\system32\wddoor0.dll> []
<{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\system32\mhdoor0.dll> []
<{A3C95A74-638D-4C6B-A856-4B27664A7F47}><C:\WINDOWS\system32\wgdoor0.dll> []
<{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\system32\wodoor0.dll> []
<{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor0.dll> []
<{11DB88F9-409B-475E-8FD7-411653F6D367}><C:\WINDOWS\system32\55550.dll> []
<{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}><C:\WINDOWS\system32\qjdoor0.dll> []
<{BD9B003B-0BE6-4528-A9D9-B8DBACAC6B9B}><C:\WINDOWS\system32\fydoor0.dll> []
<{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}><C:\WINDOWS\system32\zxdoor0.dll> []
<{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor0.dll> []
<{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}><C:\WINDOWS\system32\wldoor0.dll> []
<{32C4BAF4-0411-4000-BDFB-A6F71E669F8C}><C:\WINDOWS\system32\csdoor0.dll> []
<{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}><C:\WINDOWS\system32\rxdoor0.dll> []
<{D8CC4845-441C-44F8-9053-28F2EF67655B}><C:\WINDOWS\system32\dadoor0.dll> []
<{08E909A4-B236-48DD-8BCC-90A604B93E68}><C:\WINDOWS\system32\tldoor0.dll> []
<{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}><C:\WINDOWS\system32\mydoor0.dll> []
<{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}><C:\WINDOWS\system32\cqdoor0.dll> []

【回复“baohe”的帖子】
建议收藏http://forum.ikaka.com/topic.asp?board=28&artid=8371486  是阳光斑竹的帖子  认真看下

参考http://forum.ikaka.com/topic.asp?board=28&artid=8375741

老子恨死删除的时候掉一个就前功尽弃的病毒了!!!!!表示强烈抗议!

谢谢大家的回复,特别要谢谢BZ大人辛勤的劳动~现在那些*door0.dll 文件都给我删除了.
  不过,还有个问题,就是我按照你们的提示顺序杀毒,就是把那些文件删除完之后到[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下把那些键删除,但是我用sreng找到[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks但是在这个键下没有找到那些*door0.dll 的东西哦!请问怎么回事?
  还有,虽然我把安全软件文件夹下的MFC42.DLL删除了,但是瑞星杀毒程序还是原来那样出错,但是360卫士就可以启动了,请问什么回事.
  补充一下,360卫士那的MFC42.DLL是个文件夹的样子,但是瑞星的那个不是.
谢谢

清除木马之后务必全盘杀毒 这个病毒感染exe

你看看瑞星文件夹里是否有\Rising\Rav\ws2_32.dll的畸形文件夹.如有删除它(删除前不要运行瑞星).
新建一个记事本文件
输入如下字符

DEL /F /A /Q \\?\%1
RD /S /Q \\?\%1

保存为1.bat文件
将要删除的文件夹，用鼠标左键拖放到1.bat的文件图标上（就像把文件拖到文件夹里的操作一样），一个CMD窗口闪烁之后伪"MFC42.DLL"文件夹就被删除了

谢谢LS的回复,就是那个东西在搞鬼~现在我的瑞星终于可以启动了~
不过又出现了一些问题,我想升级瑞星,但是老是有下图的提示~不过,防火墙又可以升级哦,请问怎么回事?是不是到了深夜,瑞星的服务器出现问题呢?谢谢