帮我看看电脑上的木马怎么清除(有日志) - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛帮我看看电脑上的木马怎么清除(有日志)

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

帮我看看电脑上的木马怎么清除(有日志)

dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:	发表于： 2006-08-19 19:02 \| 只看楼主短消息资料字号：小中大 1楼帮我看看电脑上的木马怎么清除(有日志) 本人受木马的困惑已经几个月了,一直无法彻底清除,电脑上同时开启了,天网防火墙,木马清道夫2006,木马清道夫防火墙,木马杀客,恶劣软件清楚,瑞星正版.......依然无法把木马正法,高手帮小弟看看到底该怎么解决,万分感谢~~!!!! 启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <SoundMan><SOUNDMAN.EXE> [Avance Logic, Inc.] <SKYNET Personal FireWall><D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [广州众达天网技术有限公司] <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <Knight V><> [] <Windows木马防火墙><D:\Program Files\ftc\Trojanwall.exe> [风云谷] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <alsmt.exe><D:\WINDOWS\system32\alsmt.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 启动文件夹服务 [JMediaService / JMediaService] <D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A> ================================== 浏览器加载项 [Vision] {6671A431-5C3D-463d-A7CF-5587F9B7E191} <D:\PROGRA~1\MMSASS~1\mmsass~1.dll, > [MMSAssistMenu] {6671A433-5C3D-463d-A7CF-5587F9B7E191} <D:\PROGRA~1\MMSASS~1\mmsass~1.dll, > [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [易趣购物] {DE607141-AC19-421e-867A-7D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [Vision] {6671A431-5C3D-463D-A7CF-5587F9B7E191} <D:\PROGRA~1\MMSASS~1\mmsass~1.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.> [>>彩信发送<<] <res://D:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A> [上传到QQ网络硬盘] <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [添加到QQ自定义面板] <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 504][\??\D:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 528][\??\D:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 572][D:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 584][D:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 728][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 776][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 844][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 900][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 952][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1252][D:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [D:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 6> [PID: 1284][D:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1544][D:\WINDOWS\SOUNDMAN.EXE] <Avance Logic, Inc.><5.0.07> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1584][D:\Program Files\ftc\Trojanwall.exe] <风云谷><5.4.0.1912> [D:\Program Files\ftc\ftcapi.dll] <fygsoft><1.1.0.0> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1596][D:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1760][D:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\PROGRA~1\MMSASS~1\MMSSVER.DLL] <><1, 2, 0, 6> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 760][D:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 964][D:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 1808][D:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 2256][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [PID: 2372][D:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [D:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 6> [D:\WINDOWS\system32\Macromed\Flash\Flash.ocx] <Macromedia, Inc.><6,0,84,0> [PID: 2940][D:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> [D:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 6> [D:\WINDOWS\system32\Macromed\Flash\Flash.ocx] <Macromedia, Inc.><6,0,84,0> [PID: 3312][D:\Documents and Settings\zhujing\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [D:\Program Files\ftc\SocketMon.dll] <Fygsoft and Microsoft><1.1.1.0> ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] 2006-08-19 19:41:59
dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:	分享到：

dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:	发表于： 2006-08-19 19:06 \| 只看楼主短消息资料字号：小中大 2楼 HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 18:56:49, on 2006-8-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ftc\Trojanwall.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\conime.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\zhujing\LOCALS~1\Temp\Rar$EX00.468\HijackThis.exe O2 - BHO: (no name) - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - (no file) O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file) O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - D:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file) O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [Windows木马防火墙] D:\Program Files\ftc\Trojanwall.exe O4 - HKLM\..\RunOnce: [alsmt.exe] D:\WINDOWS\system32\alsmt.exe O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: >>彩信发送<< - res://D:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: QQ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:

deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:	发表于： 2006-08-19 19:27 \| 短消息资料字号：小中大 3楼打开SREng，在启动项目注册表下，删除[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <alsmt.exe><D:\WINDOWS\system32\alsmt.exe> []这项，再删除相应文件D:\WINDOWS\system32\alsmt.exe
deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:

deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:	发表于： 2006-08-19 19:28 \| 短消息资料字号：小中大 4楼建议别用木马杀客，木马清道夫等工具
deadmanzj 特邀体验者帖子:2592 注册: 2006-07-24 来自:

dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:	发表于： 2006-08-19 19:30 \| 只看楼主短消息资料字号：小中大 5楼回楼上,无法用SREng删除[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <alsmt.exe><D:\WINDOWS\system32\alsmt.exe> 这项
dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:

dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:	发表于： 2006-08-19 19:49 \| 只看楼主短消息资料字号：小中大 6楼来人啊?没人知道怎么解决吗?
dy20001 初生襁褓狮帖子:8 注册: 2006-08-19 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT