1   1  /  1  页   跳转

Trojan.DL.Agent.dtp怎么才能弄干净啊

Trojan.DL.Agent.dtp怎么才能弄干净啊

各位大虾们~帮小妹我一把.怎么才能把这个东西杀干净啊 .每次开机都会开一堆垃圾网站.然后这个病毒也是杀了又有.杀了又有~怎么办呢
最后编辑2005-12-02 18:26:56
分享到:
gototop
 

帮帮忙啊`
gototop
 

这是扫描的日志~8858

Logfile of HijackThis v1.99.1
Scan saved at 17:38:13, on 2005-12-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\program files\rising\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\kugou\KUGOO3\KUGOO.EXE
D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\svchost.exe
D:\qq\QQexternal.exe
D:\flashget\BitSpirit\BitSpirit.exe
D:\TT\TTraveler.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\program files\rising\rav\RAVMON.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [YLive.exe] ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KuGoo3] "D:\kugou\KUGOO3\KUGOO.EXE"
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - Startup: 腾讯QQ.lnk = D:\qq\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\kugou\KUGOO3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\flashget\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\flashget\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\flashget\BitSpirit\bsurl.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46D54152-F7C1-4903-B895-A35F593321D2}: NameServer = 202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{46D54152-F7C1-4903-B895-A35F593321D2}: NameServer = 202.106.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{46D54152-F7C1-4903-B895-A35F593321D2}: NameServer = 202.106.0.20
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - D:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - Service: File Replication Services (NtFrs32) - Unknown owner - C:\WINDOWS\System32\NtFrs32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

gototop
 

【回复“ella0514”的帖子】
C:\WINDOWS\System32\NtFrs32.exe
用WINRAR将此文件打包,发到:baohelin@yahoo.com.cn。帮你想办法搞掂它。
gototop
 

说是另一个程序正在使用不能打包.怎么弄?
gototop
 

引用:
【ella0514的贴子】说是另一个程序正在使用不能打包.怎么弄?
...........................

重启到安全模式下,找到这个文件,打包。
如果还不行,请先用SSM禁止此程序启动运行。在SSM的“选项”卡中勾选“自动启动”、“自动连接”。
然后重启系统,就能将此文件打包了。
gototop
 

....怎么弄呢~hoho~告诉我吧~
gototop
 

【回复“ella0514”的帖子】
看5楼回复内容
gototop
 

邮件发了.hoho~拜托你 了~
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT