发表于: 2007-04-15 14:59 | 只看楼主 短消息 资料
字号: 1楼

999小妹我吧~Trojan.Clicker.Agent.bam我删不掉


我知道版主很忙~~不过实在没办法。我被的被搞晕了。。开始的时候只有Trojan.Clicker.Agent.bam后来又多了个Trojan.Clicker.Agent.bdk。用瑞星杀毒软件杀不掉。说要手动清楚。可我找不到这个文件。电脑只中Trojan.Clicker.Agent.bam是本来在桌面还会有一个网站的快捷方式。。删了又会自动生成。不过我乱弄了一通后就没了(可能是我清理IE临时文件夹起的作用)。
下面是刚扫描的HJ日志:
Logfile of HijackThis v1.99.1
Scan saved at 13:31:33, on 2007-4-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\工具\vvv\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\工具\vvv\Rising\Rav\Ravmond.exe
e:\工具\fhq\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
E:\工具\vvv\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
e:\工具\fhq\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
E:\工具\vvv\Rising\Rav\RavTask.exe
E:\工具\vvv\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\pubinfo\Client\USERCL~1.EXE
C:\WINDOWS\explorer.exe
E:\工具\QQ\QQ.exe
E:\工具\QQ\TIMPlatform.exe
E:\工具\vvv\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\工具\扫描\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: ThunderBHO - {0CB66BA7-5E1F-4963-93D1-E1D6B78FE9A2} - E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 电影搜索 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\SpOrder.Dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "E:\工具\vvv\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "E:\工具\fhq\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [mhsa] C:\DOCUME~1\Admin\LOCALS~1\Temp\mhso.exe
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\Admin\LOCALS~1\Temp\TIMPLATF0RM.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\工具\莫非专杀\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] E:\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [ravshell] C:\WINDOWS\system32\SVCH0ST.exe
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: UserClient.lnk = ?
O8 - Extra context menu item: &使用迅雷下载 - E:\工具\迅雷\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\工具\迅雷\Program\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\工具\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\工具\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\工具\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\工具\QQ\SendMMS.htm
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 电影搜索 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\SpOrder.Dll (file missing)
O9 - Extra 'Tools' menuitem: 电影搜索 - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\SpOrder.Dll (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\工具\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\工具\QQ\QQ.EXE
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://5151c.wz16300.com/plugin/PowerPlr3200.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\工具\fhq\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\工具\fhq\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\工具\vvv\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\工具\vvv\Rising\Rav\Ravmond.exe





另外我瑞星好象有很多木马查不出。。我用木马清除大师查了下 说有以下:

FileName      FilePath          VirusName            Delete

UpdatePack.exe C:\Documents and Settings\Admin\Local Settings\Temp\ Backdoor.Win32.Drop.rao

zsdn.exe  C:\Documents and Settings\Admin\Local Settings\Temp\ Backdoor.Win32.Drop.rao

System.dll C:\Documents and Settings\Admin\Local Settings\Temp\nsm1ED.tmp\ Trojan.Win32.VB.sc

System.dll C:\Documents and Settings\Admin\Local Settings\Temp\nss81.tmp\ Trojan.Win32.VB.sc

System.dll C:\Documents and Settings\Admin\Local Settings\Temp\nsd8E.tmp\ Trojan.Win32.VB.sc

Setup_QQ.exe C:\Documents and Settings\Admin\Local Settings\Temp\nsd8E.tmp\ Backdoor.Adware.Soso.d

Update.exe C:\Documents and Settings\Admin\Application Data\PPLive\Update\ Backdoor.Win32.Drop.rao

Default.SFX C:\Program Files\WinRAR\ Trojan.Win32.Qhost.cl

A0012993.exe C:\System Volume Information\_restore{B0366734-C0C6-4F47-B222-C602C03838E3}\RP116\ Backdoor.Win32.Drop.rao

A0024531.dll C:\System Volume Information\_restore{B0366734-C0C6-4F47-B222-C602C03838E3}\RP131\ Backdoor.Adware.XuBho.a

mmvem.exe C:\VP-EYE\record\ Backdoor.Adware.mem.b

uninst.exe D:\PPLive\      Backdoor.Win32.Drop.rao

A0017952.exe E:\System Volume Information\_restore{B0366734-C0C6-4F47-B222-C602C03838E3}\RP120\ Backdoor.Win32.Multi.Drop

A0019654.exe E:\System Volume Information\_restore{B0366734-C0C6-4F47-B222-C602C03838E3}\RP123\ Backdoor.Win32.Drop.rao

wzbd.exe  E:\传奇\        Password.QQPass.Rob.16.m

jsy780.exe E:\新建文件夹\  Backdoor.Win32.Multi.Drop

Vp_eye30\RECORD\MMVEM.EXE F:\Vp_eye40.rar  Backdoor.Adware.mem.b

Vp_eye30\SYSTEM\MMVEM.EXE F:\Vp_eye40.rar  Backdoor.Adware.mem.b


大虾们~~~~让你们受累了。。99小妹吧。。。。。
谢谢了。等待你们的指点。。
最后编辑2007-04-15 14:59:22.233000000