12   2  /  2  页   跳转

怎样彻底杀掉Trojan.DL.Agent.vp

收藏
kynavvvv
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-06-04
  • 来自:
发表于: 2006-06-10 14:39 | 只看楼主 短消息 资料
字号: 11楼

[&使用迷你迅雷下载]
  <D:\在用的软件\Maxthon\Thundermini\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ20042\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\在用的软件\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\在用的软件\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ20042\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ20042\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ20042\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4131>
    [C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll]  <Stardock><5, 0, 0, 1>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 764][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 776][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 952][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 1184][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1236][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\WINDOWS\system32\CNMLM6e.DLL]  <CANON INC.><1.80.2.50>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL]  <CANON INC.><1.80.2.50>
[PID: 1664][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.2.54.0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.2.54.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll]  <N/A><N/A>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\xunleibho_v4.dll]  <><4, 3, 2, 29>
[PID: 1880][D:\常用软件\RISING\RAV\RAVTIMER.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 39>
    [D:\常用软件\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [D:\常用软件\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\常用软件\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [D:\常用软件\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 1888][D:\常用软件\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 37>
    [D:\常用软件\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [D:\常用软件\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\常用软件\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [D:\常用软件\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\常用软件\RISING\RAV\PngDll.dll]  <Rising><17, 0, 0, 2>
    [D:\常用软件\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>
[PID: 1912][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 52>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
gototop
 
kynavvvv
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-06-04
  • 来自:
发表于: 2006-06-10 14:39 | 只看楼主 短消息 资料
字号: 12楼

[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 1928][D:\在用的软件\Maxthon\Thundermini\ThunderMini.exe]  <深圳市三代科技开发有限公司><1, 1, 0, 4>
    [D:\在用的软件\Maxthon\Thundermini\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
[PID: 2016][D:\在用的软件\Maxthon\Thundermini\TDUpdate.exe]  <N/A><N/A>
[PID: 204][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
[PID: 256][C:\Program Files\Stardock\ObjectDock\ObjectDock.exe]  <Stardock><v1.20.519u>
    [C:\Program Files\Stardock\ObjectDock\CrashRpt.dll]  <><3.0.2.2>
    [C:\Program Files\Stardock\ObjectDock\zlib.dll]  <N/A><1.1.3>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.2.54.0>
    [C:\Program Files\Common Files\Stardock\ODImg.dll]  <N/A><N/A>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>
    [C:\Program Files\Stardock\ObjectDock\Docklets\Search\SearchDocklet.dll]  <N/A><N/A>
    [C:\Program Files\Stardock\ObjectDock\Docklets\CPUMonitor\CPUMonitor.dll]  <N/A><N/A>
[PID: 504][D:\常用软件\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 528][D:\常用软件\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [D:\常用软件\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [D:\常用软件\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\常用软件\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\常用软件\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [D:\常用软件\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [D:\常用软件\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [D:\常用软件\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [D:\常用软件\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [D:\常用软件\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [D:\常用软件\Rising\Rav\engine.dll]  <rising><17, 0, 0, 40>
    [D:\常用软件\Rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 27>
    [D:\常用软件\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [D:\常用软件\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [D:\常用软件\Rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 33>
    [D:\常用软件\Rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [D:\常用软件\Rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [D:\常用软件\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [D:\常用软件\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [D:\常用软件\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [D:\常用软件\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [D:\常用软件\Rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 17>
    [D:\常用软件\Rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 30>
    [D:\常用软件\Rising\Rav\ScanExec.dll]  <><17, 0, 0, 21>
    [D:\常用软件\Rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
[PID: 560][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 568][D:\常用软件\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
    [D:\常用软件\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\常用软件\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 1848][C:\WINDOWS\system32\wscntfy.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>
[PID: 384][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2116][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
[PID: 2280][C:\Documents and Settings\fzf\桌面\XDeskShow_v1.2\XDeskShow.exe]  <鱼鱼软件><1.2.0.120>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>
    [C:\DOCUMENTS AND SETTINGS\FZF\桌面\XDESKSHOW_V1.2\Res\Dll\desktopicon100.dll]  <><1.1.0.0>
    [C:\DOCUMENTS AND SETTINGS\FZF\桌面\XDESKSHOW_V1.2\Res\Dll\desktopicon101.dll]  <><1.1.0.0>
    [C:\DOCUMENTS AND SETTINGS\FZF\桌面\XDESKSHOW_V1.2\Res\Dll\calendar101.dll]  <><1.0.0.0>
    [C:\DOCUMENTS AND SETTINGS\FZF\桌面\XDESKSHOW_V1.2\Res\Dll\world_clock101.dll]  <><1.0.0.0>
[PID: 2360][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\wbsys.dll]  <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 2584][C:\Documents and Settings\fzf\桌面\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll]  <Stardock.Net, Inc><5.0>
    [C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll]  <Stardock.Net, Inc><4.01>
    [C:\Program Files\Stardock\ObjectDock\DockShellHook.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["D:\在用的软件\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
worldkiller
头像
初生襁褓狮
  • 帖子:305
  • 注册: 2006-04-10
  • 来自:
发表于: 2006-06-10 15:04 | 短消息 资料
字号: 13楼

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><; Rundll32.exe C:\WINDOWS\system32\hookdll.dll,ExecFilter solo>
gototop
 
kynavvvv
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2006-06-04
  • 来自:
发表于: 2006-06-13 20:22 | 只看楼主 短消息 资料
字号: 14楼

没有人了吗?
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-06-29 22:57 | 短消息 资料
字号: 15楼

载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后,打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件。

卸载完后,重启。
请下载HijackThis.exe,扫描并保存报告帖上来。
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
以确认C:\WINDOWS\system32\wbsys.dll
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT