瑞星卡卡安全论坛

Trojan.DL.Agent.dlo 　 这个是什么病毒 怎么杀啊 杀完了怎么过一段时间好有啊

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ e-Border Credentiale-Border Credential Cache ManagerPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5credmgr.exe

+ HotKeysCmdshkcmd ModuleIntel Corporationc:\winnt\system32\hkcmd.exe

+ IgfxTrayigfxTray ModuleIntel Corporationc:\winnt\system32\igfxtray.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ SoundManAvance Sound ManagerAvance Logic, Inc.C:\WINNT\soundman.exe

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ SysTraysc:\winnt\system32\dlmain.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Classyangling.dllYahoo.c:\program files\yahoo!\assistant\assist\yangling.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ @shdoclc.dll,-864c:\winnt\web\related.htm

+ 易趣购物File not found: http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn

HKLM\System\CurrentControlSet\Services

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

HKLM\System\CurrentControlSet\Services

+ ALCXWDMAvance AC'97 Audio Driver (WDM)Avance Logic, Inc.c:\winnt\system32\drivers\alcxwdm.sys

+ BaseTDIbasetdiRisingc:\winnt\system32\drivers\basetdi.sys

+ DCN530DigitalChina DCN-530TX Fast Ethernet Adapter NDIS5 DriverDigitalchina Networks Limited.c:\winnt\system32\drivers\dcn530n5.sys

+ dmioNT Disk Manager I/O DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverVERITAS Software Corp.c:\winnt\system32\drivers\dmload.sys

+ ialmController Hub for Intel Graphics DriverIntel Corporationc:\winnt\system32\drivers\ialmnt5.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\lineage\lineage\npkcrypt.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\winnt\system32\drivers\ptilink.sys

+ {6080A529-897E-4629-A488-ABA0C29B635E}Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM)Intel Corporationc:\winnt\system32\drivers\ialmsbw.sys

+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM)Intel Corporationc:\winnt\system32\drivers\ialmkchw.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ igfxcuiigfxsrvc ModuleIntel Corporationc:\winnt\system32\igfxsrvc.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ Permeo e-Border Layered Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5spi.dll

+ Permeo e-Border MSAFD Tcpip [TCP/IP]e-Border DRiver LSP hooksPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5spi.dll

+ Permeo e-Border MSAFD Tcpip [UDP/IP]e-Border DRiver LSP hooksPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5spi.dll

+ Permeo e-Border RSVP TCP Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5spi.dll

+ Permeo e-Border RSVP UDP Service Providere-Border DRiver LSP hooksPermeo Technologies Inc.c:\program files\permeo\e-border driver\s5spi.dll

高手们  我按照你们的方法做了啊  下面怎么弄啊

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ SysTraysc:\winnt\system32\dlmain.dll

删除启动项
重启
删除c:\winnt\system32\dlmain.dll试试

怎么没有人回复我啊  帮帮我啊  55555555~~~~~~~~~~~~~~~~~~~~~~~~~

引用:

【wo一窍不通的贴子】怎么没有人回复我啊  帮帮我啊  55555555~~~~~~~~~~~~~~~~~~~~~~~~~ ...........................

不能解决？

哦  解决了 我的另一天电脑上也显示这种病毒 可以也是删除这个文件吗？

试试吧，不行就扫描一个日志上来

无法定位程序输入点?SetCheck@CGButton@@QAEXH@Z于动态链接库RsGuiLib.dll上。    这个是什么意思啊  一起机就有啊 ！！

无法定位程序输入点?SetCheck@CGButton@@QAEXH@Z于动态链接库RsGuiLib.dll上。 这个是什么意思啊 一起机就有啊 ！！

我一从起机器就提示这个啊  这个是什么啊  那位告诉我怎么解决啊 无法定位程序输入点?SetCheck@CGButton@@QAEXH@Z于动态链接库RsGuiLib.dll上。 这个是什么意思啊 一起机就有啊 ！！