疑問 - 可以幫我看看嗎

dennis7213 · 2007-07-09, 11:02 AM

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062
O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

剛重灌完就怪怪的不知道到底哪邊有問題
只是把廠商的賽門鐵克換成nod32電腦就跑出windows元件被更改叫我把開機片插入
已經在半年內重灌2-3次了
這是哪邊有問題嗎

tyc8008 · 2007-07-09, 11:22 AM

log looks normal!

"電腦跑出windows元件被更改叫我把開機片插入" 通常是因為軟體和 windows 不合所造成.

dennis7213 · 2007-07-09, 11:31 AM

不過還蠻奇怪的
偶而還是會跑出不能為read的問題
尤其之前可以玩的魔獸
更換防毒軟體後就沒辦法開啟
也是跑出read的訊息是哪邊有問題嗎
而且今天用escan線上掃過一次
說我的電腦裡有五隻病毒
可是電腦本身的nid32卻沒掃出來

tyc8008 · 2007-07-09, 01:21 PM

eScan 說電腦裡有五隻病毒? 還是惡意程式?

用其他線上掃毒資源交換掃瞄試試

dennis7213 · 2007-07-09, 07:53 PM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5723 bytes
真的沒什麼問題嗎還是想請前輩看一看
因為剛好housecall沒辦法使用
用卡巴也是只有一些登錄檔錯誤問題
用panda掃也是重複出現
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\user@overture[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt 刪了又出現
還有其他線上掃毒的好幫手嗎
實在不知道怎嚜讓電腦正常點
可以請各位幫幫忙嗎
read的訊號還是會出現

plunderer · 2007-07-09, 08:23 PM

沒有中毒的跡象...

電腦跑出windows元件被更改叫你把開機片插入: 應開是某些軟體的檔案取代了系統原有的檔案

記憶體不能為read的問題: 多半是軟體需用到的模組未登錄或被取代, 最常見的情況就是更換過防毒軟體後 jscript.dll 未重新登錄....當然也有其他原因: 記憶體有問題

escan線上掃到五隻病毒: 看位置在哪裡...不過應該都沒發作

panda掃到Spyware:Cookie: 這就見仁見智了, 很多網站的 cookie 本來就是儲存個人登入網站資料的, 這通常都會被防間諜軟體報有問題...除非停用 cookie, 不然無法避免...而停用了 cookie, 網站可能就無法登入甚至打不開

dennis7213 · 2007-07-09, 08:47 PM

那這樣還是要重灌嗎
因為有些可以用或可以玩的軟體又不能用了
感謝指導協助

plunderer · 2007-07-09, 09:17 PM

如果你認為重灌比較方便那就不妨重灌
不過你的問題應該是其他軟體所產生的, 並非中毒, 所以重灌後同樣的問題可能還是會發生

dennis7213 · 2007-07-09, 11:10 PM

後來用housecall檢查也沒問題
平常就是上網看網站
玩玩未連線的魔獸
文書處理跟看別台電腦下載的影片
看影片前也用nod32掃過
實在也想不出我使用的問題在哪
nod32是同學給我的軟體
安裝跟使用上沒什麼問題
前輩可以告訴我什麼樣的軟體容易讓電腦執行有限制

plunderer · 2007-07-09, 11:36 PM

引用:

作者: dennis7213

後來用housecall檢查也沒問題
平常就是上網看網站
玩玩未連線的魔獸
文書處理跟看別台電腦下載的影片
看影片前也用nod32掃過
實在也想不出我使用的問題在哪
nod32是同學給我的軟體
安裝跟使用上沒什麼問題
前輩可以告訴我什麼樣的軟體容易讓電腦執行有限制

這問題牽涉範圍太廣了, 只能說: 碰運氣吧....

dennis7213 · 2007-07-09, 11:44 PM

還是使用一些系統優化程式會好一點
前輩有好建議嗎
碰運氣
因為買這台比電才半年就重灌兩次以上了
比其他電腦還容易中獎的感覺

電腦商老跟我說你這個...重灌的
幫我裝好之後改了一下防毒軟體問題就來了
這個....因為裝賽門跟現用的nod32效果幾乎一樣
就是每次重灌完問題都會不一樣

卡巴掃完這樣說
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007070920070710\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\Free Download Manager\tic58C1.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_470.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_718.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_acc.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped

C:\Program Files\Eset\logs\virlog.dat Object is locked skipped

C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\autorun.inf Infected: Trojan.Win32.Agent.ad skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

說真的我是不懂

plunderer · 2007-07-10, 12:37 AM

Object is locked skipped 表示被系統鎖定, 無法掃描...這類檔案大概也不會感染病毒

F:\autorun.inf Infected: Trojan.Win32.Agent.ad skipped: autorun.inf 被感染了, 但那是在光碟上, 唯讀, 所以無法處裡, 只好跳過

系統優化程式? 少用為妙...

dennis7213 · 2007-07-10, 12:42 AM

autorun的部分已經砍掉了
不知道到底有什麼方式對系統淨化有幫助

dennis7213 · 2007-07-13, 12:02 PM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Downloads\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062
O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
像這樣的系統還有問題嗎

2007-07-09, 11:02 AM	#1
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	疑問 - 可以幫我看看嗎 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062 O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe 剛重灌完就怪怪的不知道到底哪邊有問題只是把廠商的賽門鐵克換成nod32電腦就跑出windows元件被更改叫我把開機片插入已經在半年內重灌2-3次了這是哪邊有問題嗎

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-09, 11:22 AM	#2 (permalink)
tyc8008 註冊會員榮譽勳章勳章總數1 UID - 263551 在線等級: 註冊日期: 2007-03-17 文章: 109 精華: 0 現金: 64 金幣資產: 4060 金幣	log looks normal! "電腦跑出windows元件被更改叫我把開機片插入" 通常是因為軟體和 windows 不合所造成.

	送花文章: 1, 收花文章: 42 篇, 收花: 56 次

2007-07-09, 11:31 AM	#3 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	不過還蠻奇怪的偶而還是會跑出不能為read的問題尤其之前可以玩的魔獸更換防毒軟體後就沒辦法開啟也是跑出read的訊息是哪邊有問題嗎而且今天用escan線上掃過一次說我的電腦裡有五隻病毒可是電腦本身的nid32卻沒掃出來此帖於 2007-07-09 12:57 PM 被 dennis7213 編輯.

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-09, 01:21 PM	#4 (permalink)
tyc8008 註冊會員榮譽勳章勳章總數1 UID - 263551 在線等級: 註冊日期: 2007-03-17 文章: 109 精華: 0 現金: 64 金幣資產: 4060 金幣	eScan 說電腦裡有五隻病毒? 還是惡意程式? 用其他線上掃毒資源交換掃瞄試試

	送花文章: 1, 收花文章: 42 篇, 收花: 56 次

2007-07-09, 07:53 PM	#5 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Downloads\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 5723 bytes 真的沒什麼問題嗎還是想請前輩看一看因為剛好housecall沒辦法使用用卡巴也是只有一些登錄檔錯誤問題用panda掃也是重複出現 Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\user@overture[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt 刪了又出現還有其他線上掃毒的好幫手嗎實在不知道怎嚜讓電腦正常點可以請各位幫幫忙嗎 read的訊號還是會出現

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-09, 08:23 PM	#6 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	沒有中毒的跡象... 電腦跑出windows元件被更改叫你把開機片插入: 應開是某些軟體的檔案取代了系統原有的檔案記憶體不能為read的問題: 多半是軟體需用到的模組未登錄或被取代, 最常見的情況就是更換過防毒軟體後 jscript.dll 未重新登錄....當然也有其他原因: 記憶體有問題 escan線上掃到五隻病毒: 看位置在哪裡...不過應該都沒發作 panda掃到Spyware:Cookie: 這就見仁見智了, 很多網站的 cookie 本來就是儲存個人登入網站資料的, 這通常都會被防間諜軟體報有問題...除非停用 cookie, 不然無法避免...而停用了 cookie, 網站可能就無法登入甚至打不開
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-07-09, 08:47 PM	#7 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	那這樣還是要重灌嗎因為有些可以用或可以玩的軟體又不能用了感謝指導協助

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-09, 09:17 PM	#8 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	如果你認為重灌比較方便那就不妨重灌不過你的問題應該是其他軟體所產生的, 並非中毒, 所以重灌後同樣的問題可能還是會發生

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-07-09, 11:10 PM	#9 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	後來用housecall檢查也沒問題平常就是上網看網站玩玩未連線的魔獸文書處理跟看別台電腦下載的影片看影片前也用nod32掃過實在也想不出我使用的問題在哪 nod32是同學給我的軟體安裝跟使用上沒什麼問題前輩可以告訴我什麼樣的軟體容易讓電腦執行有限制

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-09, 11:44 PM	#11 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	還是使用一些系統優化程式會好一點前輩有好建議嗎碰運氣因為買這台比電才半年就重灌兩次以上了比其他電腦還容易中獎的感覺電腦商老跟我說你這個...重灌的幫我裝好之後改了一下防毒軟體問題就來了這個....因為裝賽門跟現用的nod32效果幾乎一樣就是每次重灌完問題都會不一樣卡巴掃完這樣說 C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007070920070710\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temp\Free Download Manager\tic58C1.tmp Object is locked skipped C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_470.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_718.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_acc.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped C:\Program Files\Eset\logs\virlog.dat Object is locked skipped C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\autorun.inf Infected: Trojan.Win32.Agent.ad skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped 說真的我是不懂此帖於 2007-07-10 12:19 AM 被 dennis7213 編輯.

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-10, 12:37 AM	#12 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	Object is locked skipped 表示被系統鎖定, 無法掃描...這類檔案大概也不會感染病毒 F:\autorun.inf Infected: Trojan.Win32.Agent.ad skipped: autorun.inf 被感染了, 但那是在光碟上, 唯讀, 所以無法處裡, 只好跳過系統優化程式? 少用為妙...

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-07-10, 12:42 AM	#13 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	autorun的部分已經砍掉了不知道到底有什麼方式對系統淨化有幫助此帖於 2007-07-10 12:54 AM 被 dennis7213 編輯.

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

2007-07-13, 12:02 PM	#14 (permalink)
dennis7213 長老會員榮譽勳章勳章總數10 UID - 273019 在線等級: 註冊日期: 2007-07-09 住址: ...... 文章: 3948 精華: 0 現金: 56400 金幣資產: 70552 金幣	Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\explorer.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE D:\Downloads\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAudPropShortcut.exe O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: 使用 FDM 下載 - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: 使用 FDM 下載全部項目 - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: 使用 FDM 下載網站 - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181134356062 O17 - HKLM\System\CCS\Services\Tcpip\..\{21EF184B-015D-4A92-8149-45778658B512}: NameServer = 168.95.192.1,168.95.1.1 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe 像這樣的系統還有問題嗎

	送花文章: 8900, 收花文章: 4110 篇, 收花: 14695 次

Google 提供的廣告