Trojan.DL.Agent.dym怎么杀，我是瑞星２００６版１８.０５.11版本，病毒名是c:\WINNT\system32\sortcnls.nls,杀后的状态是“重新启动计算机后删除文件”。但重起电脑毒依然还在，多次杀毒都这样，而在安全模式下却查不出这个病毒，甚至找不到这个病毒文件，我试过在DOS下把这个病毒文件删除，但重起电脑毒依然还在，请教杀毒办法,谢谢

还是那句话，扫个日志看看。

我也中了类似病毒，没有人高手指出点办法，郁闷

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

诸位dx: 请求帮我看一看!!!小弟不胜感激
HijackThis_815汉化版扫描日志 V1.99.1
保存于      18:29:31, 日期 2005-12-13
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星\RAV\RAV\CCENTER.EXE
D:\瑞星\rav\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
D:\瑞星防火墙\Rfw\rfwsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\瑞星\rav\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\瑞星\rav\Rav\Ravmon.exe
D:\瑞星防火墙\Rfw\RfwMain.exe
D:\瑞星\rav\Rav\RavStub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\fxzm\LOCALS~1\Temp\Rar$EX00.331\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} -

C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: (no name) - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1

\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq2005\安

装\QQIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1

\CnsHook.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} -

C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [MSPY2002] rem C:\WINDOWS\System32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002ASync] rem C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] rem C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SysExplr] rem C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [IMSCMig] rem C:\PROGRA~1\COMMON~1\MICROS~1

\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - 启动项HKLM\\Run: [TkBellExe] rem "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [YDTMain.exe] rem C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [CnsMin] rem Rundll32.exe C:\WINDOWS\downlo~1

\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [yassistse] rem "C:\PROGRA~1\Yahoo!

\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - 启动项HKLM\\Run: [RavTask] "D:\瑞星\rav\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\System32\server.exe
O4 - Startup: 腾讯QQ.lnk = ?
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINDOWS\downlo~1

\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\qq2005\安装

\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\fg165\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\fg165

\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\qq2005\安装\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\qq2005\安装\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\qq2005\安装\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!

\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} -

http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}

- http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} -

http://adtaobao.allyes.com/main/adfclick?

db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?

allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} -

http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-

a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} -

E:\qq2005\安装\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-

00aa003c157b} - E:\qq2005\安装\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} -

E:\qq2005\安装\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460

-4983E5A8AFE6} - E:\qq2005\安装\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?

http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-

8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-

A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: _{D27CDB6E-AE6D-11CF-96B8-444553540000} -

file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32

\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner -

C:\WINDOWS\csrss.exe (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising

Technology Corporation Limited - D:\瑞星防火墙\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing

Rising Technology Co., Ltd. - D:\瑞星\RAV\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co.,

Ltd. - D:\瑞星\rav\Rav\Ravmond.exe

O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner -

C:\WINDOWS\csrss.exe (file missing)
-------------------
灰鸽子，看置顶贴吧

谢谢　我试试看

ProcessPIDCPUDescriptionCompany Name
System Idle Process093.14
Interruptsn/aHardware Interrupts
DPCsn/a1.96Deferred Procedure Calls
System4
  SMSS.EXE416Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE472Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE496Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE5400.98Services and Controller appMicrosoft Corporation
    SVCHOST.EXE700Generic Host Process for Win32 ServicesMicrosoft Corporation
      AGENTSVR.EXE1552Microsoft Agent ServerMicrosoft Corporation
    SVCHOST.EXE744Generic Host Process for Win32 ServicesMicrosoft Corporation
    CCenter.exe808CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE828Generic Host Process for Win32 ServicesMicrosoft Corporation
      wuauclt.exe2880Automatic UpdatesMicrosoft Corporation
      remotesetup.exe3772remotesetupdudu
    SVCHOST.EXE872Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE924Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe956RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1428Rising RavStubBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1328Spooler SubSystem AppMicrosoft Corporation
    ALG.EXE2008Application Layer Gateway ServiceMicrosoft Corporation
    LSASS.EXE552LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE12360.98Windows ExplorerMicrosoft Corporation
RUNDLL32.EXE1612Run a DLL as an AppMicrosoft Corporation
RavTask.exe1648RavTimerBeijing Rising Technology Co., Ltd.
  RavMon.exe1672RavMonBeijing Rising Technology Co., Ltd.
realsched.exe1660RealNetworks SchedulerRealNetworks, Inc.
RUNDLL32.EXE1688Run a DLL as an AppMicrosoft Corporation
YLIVE.EXE1696YLive
SDOClient.exe1880SDO 2005上海盛大网络发展有限公司
CTFMON.EXE1912CTF LoaderMicrosoft Corporation
IEXPLORE.EXE3172Internet ExplorerMicrosoft Corporation
  Thunder.exe732Thunder Networking Technologies,LTD
Rav.exe1364Rising Antivirus Main exeBeijing Rising Technology Co., Ltd.
procexp.exe28522.94Sysinternals Process ExplorerSysinternals
RsAgent.exe4000RsAgent ApplicationBeijing Rising Technology Co., Ltd.

Process: System Idle Process Pid: 0

NameDescriptionCompany NameVersion