12   2  /  2  页   跳转

我的电脑有点问题...

[c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1692][c:\program files\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1712][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4115]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
[PID: 1740][C:\WINDOWS\system32\userinit.exe]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\Fonts\swrcgzc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\avzxnmn.dll]  [N/A, ]
[PID: 1840][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\drivers\ntfs.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\Fonts\swrcgzc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\avzxnmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
[PID: 1960][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 388][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 576][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1536][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 680][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\Fonts\avzxnmn.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swrcgzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
    [C:\WINDOWS\Fonts\avwgjmn.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\avwlkmn.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [C:\Program Files\GlobalSCAPE\CuteFTP ZH\Cuteshell.dll]  [GlobalSCAPE, Inc., 50, 6, 3, 2]
[PID: 2164][C:\Program Files\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.48]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 2176][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2184][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
    [C:\WINDOWS\Fonts\avwgjmn.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\avwlkmn.dll]  [N/A, ]
[PID: 2236][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.05]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2992][C:\WINDOWS\system32\drivers\0.exe]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 3264][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
[PID: 4080][C:\Documents and Settings\Administrator\My Documents\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\ludjsygzyzj.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\mtyfnsywow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys]  [N/A, ]
    [C:\Documents and Settings\Administrator\My Documents\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\Fonts\swrcgzc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\avzxnmn.dll]  [N/A, ]
gototop
 

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1740, C:\WINDOWS\SYSTEM32\USERINIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1740, C:\WINDOWS\SYSTEM32\USERINIT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2184, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2992, C:\WINDOWS\SYSTEM32\DRIVERS\0.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2992, C:\WINDOWS\SYSTEM32\DRIVERS\0.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 

中了“ 机器狗 ” 类病毒(替换系统文件),建议重装系统 。如果必须手动清除,可参考下述方法。
A 下载IceSword(http://mail.ustc.edu.cn/~jfpan/download/IceSword122cn.zip)解压缩到桌面,以便后面的操作。
B 下载xDelbox 1.6删除以下文件(下载地址http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0)(XdelBox的使用说明请参阅此帖http://forum.ikaka.com/topic.asp?board=28&artid=8381032)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里(大框)点击右键选择“从剪贴板导入不检查路径”,导入后在要删除文件上点击右键,选择“立刻重启删除”,电脑会重启自动进入DOS界面进行删除操作(不需要你的参与)。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
  特别提醒:1.下载xdelbox压缩包后将所有的文件解压到一个文件夹,再运行xdelbox。2.确认在xdelbox的界面上已经勾选“备份文件”。
c:\windows\system32\drivers\0.exe
c:\windows\fonts\avzxnmn.dll
c:\windows\fonts\swrcgzc.dll
c:\program files\internet explorer\plugins\wn_sys8x.sys
c:\windows\system32\drivers\ntfs.dll
c:\windows\fonts\avwgjmn.dll
c:\windows\fonts\avwlkmn.dll
c:\windows\system32\ludjsygzyzj.dll
c:\windows\system32\mtyfnsywow.dll
重起后打开SREng-在"启动项目->注册表->删除以下启动项目
[{E859245F-345D-BC13-AC4F-145D47DA34FE}]    <C:\WINDOWS\Fonts\avzxnmn.dll>
[{878A7521-FA87-34AB-34C2-4893F3AD34C8}]    <C:\WINDOWS\Fonts\swrcgzc.dll>

C.解决此病毒的关键是关键是把被感染的userinit.exe替换回来,至于替换userinit.exe替换成正常系统文件的方法可参阅此帖3楼的方法:http://forum.ikaka.com/topic.asp?board=28&artid=8405744

以下是引用该帖中的关键内容
-------------------------------------------------
机器狗病毒清理的关键是把被感染的userinit.exe替换回来。
注意:清理该病毒一定不要使用杀毒软件,因为杀毒软件会盲目的将userinit.exe删除而导致重启计算机后登陆就注销,所以一旦杀毒软件报警userinit.exe是病毒,一定要选择忽略!
请按照下面步骤操作将userinit.exe替换回来

1.首先打开任务管理器(也可以通过IceSword)查看是否有userinit.exe进程,有则结束该进程,如果任务管理器不能使用,可通过IceSword结束userinit.exe进程。

2.从其他相同系统的机器中找一个userinit.exe分别复制到c:\windows\system32\dllcache和c:\windows\system32替换原先的文件(注意,先覆盖c:\windows\system32\dllcache中的)
如果出现文件保护的对话框,点击是即可。

3.附件是我机器中导出的系统文件userinit.exe。

附件附件:

下载次数:159
文件类型:application/octet-stream
文件大小:
上传时间:2008-1-17 9:12:26
描述:

gototop
 

还想问下~
名字vyzegtujw
值vyzegtujw.exe
路径HKEY_LOCAL_MACHINE\Software\Microsofe\Windows\CurrentVersin\policies\Explorer\Run
又是什么玩意啊?
gototop
 

引用:
【无奈啊老中病毒的贴子】还想问下~
名字vyzegtujw
值vyzegtujw.exe
路径HKEY_LOCAL_MACHINE\Software\Microsofe\Windows\CurrentVersin\policies\Explorer\Run
又是什么玩意啊?
………………

你上面的日志未看到此项,但是C:\WINDOWS\system32\userinit.exe是一个木马下载器,只要你联网,楼主的电脑随时都可能出现新增加的木马。不知道现在的日志如何了。
gototop
 
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT