|
|
|||||||
| 論壇說明 |
|
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
 |
|
|
主題工具 | 顯示模式 |
2009-05-08, 11:12 AM
|
#1 |
|
註冊會員
|
求助 - 電腦無法更新,防毒無法安裝視窗出現一閃的程式畫面。
電腦無法更新,小紅傘防毒無法安裝視窗出現一閃的程式畫面。 每次開個視窗或叫出工作管理員都會閃一下視窗。好像有中木馬。 原本使用officescan,,也被停止! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 上午 11:08:25, on 2009/5/8 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\TEMP\QPFA66.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\drivers\CIR.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BenQ\QMusic2\QMAgent.exe C:\Program Files\BenQ\Common\Bin\iviRCService.exe C:\Program Files\BenQ\IMCSvr\IMCSvr.exe C:\Program Files\BenQ\Q-MediaBar\QBar.exe C:\Program Files\BenQ\QPower\QPower.exe C:\Program Files\BenQ\QPresentation\QPresentation.exe C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\skype.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Documents and Settings\All Users\桌面\vnc\WinVNC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\stella.sy.chen\桌面\HiJackThis.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CIR] C:\WINDOWS\system32\drivers\CIR.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe" O4 - HKLM\..\Run: [IviRCService] "C:\Program Files\BenQ\Common\Bin\iviRCService.exe" O4 - HKLM\..\Run: [IMCServerAutoStart] "C:\Program Files\BenQ\IMCSvr\IMCSvr.exe" O4 - HKLM\..\Run: [Q-MediaBar] "C:\Program Files\BenQ\Q-MediaBar\QBar.exe" /stop O4 - HKLM\..\Run: [QPower] C:\Program Files\BenQ\QPower\QPower.exe /s O4 - HKLM\..\Run: [QPresentation] C:\Program Files\BenQ\QPresentation\QPresentation.exe /s O4 - HKLM\..\Run: [Q-HotkeyMgr] "C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/ O15 - Trusted Zone: http://*.microsoft.com O15 - Trusted Zone: http://owa.qisda.com O15 - Trusted Zone: http://roh.qisda.com O15 - Trusted Zone: http://*.qisda.com O15 - Trusted Zone: http://deep.qisda.com.tw O15 - Trusted Zone: http://owa.qisda.com.tw O15 - Trusted Zone: http://qisdaacademy.qisda.com.tw O15 - Trusted Zone: http://roh.qisda.com.tw O15 - Trusted Zone: http://vpn.qisda.com.tw O15 - Trusted Zone: http://*.qisda.com.tw O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.microsoft.com (HKLM) O15 - Trusted Zone: http://owa.qisda.com (HKLM) O15 - Trusted Zone: http://roh.qisda.com (HKLM) O15 - Trusted Zone: http://*.qisda.com (HKLM) O15 - Trusted Zone: http://deep.qisda.com.tw (HKLM) O15 - Trusted Zone: http://owa.qisda.com.tw (HKLM) O15 - Trusted Zone: http://qisdaacademy.qisda.com.tw (HKLM) O15 - Trusted Zone: http://roh.qisda.com.tw (HKLM) O15 - Trusted Zone: http://vpn.qisda.com.tw (HKLM) O15 - Trusted Zone: http://*.qisda.com.tw (HKLM) O15 - Trusted Zone: http://*.windowsupdate.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1240983143877 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Qisda.Qcorp.com O17 - HKLM\Software\..\Telephony: DomainName = Qisda.qcorp.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Qisda.Qcorp.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Qisda.Qcorp.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8994 bytes 多謝各位 |
|
送花文章: 4,
|
|
向 0931071111 送花的會員:
|
|
2009-05-08, 11:24 AM
|
#2 (permalink) |
|
列管會員
 
|
您要不要先去下載卡巴的免費掃毒工具,安裝到桌面之後,重新開機就按下f8選擇安全模式,到那卡巴資料夾找到主程式點選,用卡巴掃描一次所有的磁碟槽,發現病毒會問說要怎麼處理,都是英文介面
http://downloads2.kaspersky-labs.com/devbuilds/AVPTool/ http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ |
|
|
送花文章: 56979,
|
平板模式
