史萊姆論壇 - 電腦自動關機又自動開機

史萊姆論壇 (http://forum.slime.com.tw/)

- 一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)

- - 電腦自動關機又自動開機 (http://forum.slime.com.tw/thread200110.html)

電腦自動關機又自動開機

小弟電腦最近開機沒多久就會自動關機又自動開機
時間不一定有時開機一小時就會自動關機又自動開機
有時三四小時發作一次
煩都煩死了
請問各位大大
我電腦是怎樣了
快救救我

看起來像疾風病毒

執行 [工作管理員] 點選 [處理程序] 查看是否有下列程式正在執行
msblast.exe若有發現此檔名則是中了"疾風病毒"

引用:

作者: plunderer (文章 1678527)

看起來像疾風病毒

執行 [工作管理員] 點選 [處理程序] 查看是否有下列程式正在執行
msblast.exe若有發現此檔名則是中了"疾風病毒"

那要怎麼處理呢大大

引用:

作者: domingo1139 (文章 1678528)

那要怎麼處理呢大大

沒有發現呢那還是哪裡有問題呢

http://www.trendsecure.com/portal/en...ackThis_v2.exe
用這個程式掃瞄, 然後把 log 發上來看看

引用:

作者: plunderer (文章 1678532)

http://www.trendsecure.com/portal/en...ackThis_v2.exe
用這個程式掃瞄, 然後把 log 發上來看看

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 07:47:07, on 2007/3/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
D:\MyIE2 0.9.27 繁體中文正式版\MyIE.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Temp\temp.frDBE8\QQ\QQ.exe
C:\WINDOWS\Temp\temp.frDBE8\QQ\TIMPlatform.exe
D:\HiJackThis_v2.exe

R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet 0.77 多國語言免安裝版\tools\BitCometBHO.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\Temp\temp.frDBE8\QQ\QQIEHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FEDF637B-F631-4583-A210-33CC828D42DB} - (no file)
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: (no name) - {FEDF637B-F631-4583-A210-33CC828D42DB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\WINDOWS\Temp\temp.frDBE8\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - D:\DSLite 2.07.45\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - D:\DSLite 2.07.45\dl_url.html
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://D:\BitComet 0.77 多國語言免安裝版\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://D:\BitComet 0.77 多國語言免安裝版\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\WINDOWS\Temp\temp.frDBE8\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\WINDOWS\Temp\temp.frDBE8\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\WINDOWS\Temp\temp.frDBE8\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\WINDOWS\Temp\temp.frDBE8\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\WINDOWS\Temp\temp.frDBE8\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\WINDOWS\Temp\temp.frDBE8\QQ\SendMMS.htm
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換成簡體中文(&S) - res://C:\WINDOWS\system32\tcscconv.dll/tosimp
O8 - Extra context menu item: 轉換成繁體中文(&T) - res://C:\WINDOWS\system32\tcscconv.dll/totrad
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: 網頁 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\Temp\temp.frDBE8\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\Temp\temp.frDBE8\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\Temp\temp.frDBE8\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\Temp\temp.frDBE8\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\DSLite 2.07.45\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\DSLite 2.07.45\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{263CFA20-6A31-4507-B0A1-CDBFF0482492}: NameServer = 168.95.192.1 168.95.1.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - ALWIL Software - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Integrated Technology Express, Inc. - (no file)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12251 bytes

你裝兩套防毒軟體??? 卸載一套試試

若你保留 Mcafee, 把偵測 "溢出緩衝" 功能關掉試試

引用:

作者: plunderer (文章 1678543)

你裝兩套防毒軟體??? 卸載一套試試

建議卸哪一套呢
賣咖啡或AVAST

保留 mcafee 好一點, 不過 Mcafee 設定上有點麻煩
記得把偵測 "溢出緩衝" 功能關掉試試

還有, 記得把 XP 內建防火牆開著

引用:

作者: plunderer (文章 1678546)

保留 mcafee 好一點, 不過 Mcafee 設定上有點麻煩
記得把偵測 "溢出緩衝" 功能關掉試試

還有, 記得把 XP 內建防火牆開著

應該不是中毒或中木馬吧

還有:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
這兩項我不知道是什麼, 若你也不清楚那檔案的用途, 建議你勾選並按 Fix 修復, 然後刪除檔案

服務, 啟動項, 執行中的程序, 都沒有木馬的痕跡
有可能是某軟體與 Mcafee 的偵測溢出緩衝功能衝突

引用:

作者: plunderer (文章 1678554)

服務, 啟動項, 執行中的程序, 都沒有木馬的痕跡
有可能是某軟體與 Mcafee 的偵測溢出緩衝功能衝突

以上是在哪操作的不大懂

今晚到現在都還沒發作真奇怪

你自己打開 mcafee 主控台仔細找找,
我很久沒用 Mcafee, 無法具體告訴你詳細位置