|  | 
| 
 | |||||||
| 論壇說明 | 標記討論區已讀 | 
| 歡迎您來到『史萊姆論壇』  ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 | 
|    | 
|  | 主題工具 | 顯示模式 | 
|  2007-09-16, 10:33 PM | #1 | 
| 註冊會員 |  求助 - 關機問題.. 請問一下!!我的電腦開機後!!要關機!!就關不了!!就當機了!!另外!!今天還發現....控制台的新增移除也不能開啟!!但是電腦卻是很正常!!就是關機不了!!只能用軟開機.. Scan saved at 下午 10:33:03, on 2007/9/16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\nvsvc32.exe D:\All games\影片製作\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\桌面\HiJackThis.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "D:\All games\影片製作\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [KKBOX Tray Icon] D:\program files\KKBOX_Tray.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Foxy 下載 - res://D:\All games\MP3\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://D:\All games\MP3\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://d:\all games\office\office11\excel.exe/3000 O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\ALLGAM~1\office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ALLGAM~1\office\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Audio Adapter (VGADown) - Unknown owner - C:\WINDOWS\avp.exe (file missing) -- End of file - 5332 bytes 這是我的電腦資料...麻煩各位大大的腦細胞了^^" 感謝 | 
|   | 
		送花文章: 8,
		
			
		   | 
|  2007-09-16, 11:36 PM | #2 (permalink) | 
| 長老會員  |   F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe 勾選並修復上述項目 O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll 這一項也有問題, 但不能直接用 hijackthis 修復, 必須用其他工具修復, 請參照 http://forum.slime.com.tw/thread202733.html 9 樓的回帖 上述兩項都修復後, 重新開機, 刪除下列檔案: C:\WINDOWS\system\svchost.exe (正常的svchost.exe應該在c:\windows\system32\內) c:\windows\system32\od3mdi.dll | 
| __________________ 刑天舞干戚 | |
|   | 
		送花文章: 6,
		
			
		   | 
| 向 plunderer 送花的會員: | 
|  2007-09-17, 09:24 PM | #3 (permalink) | |
| 註冊會員 |   引用: 
 大大!我已經按照你說的做了!!現在電腦出現新的問題~電腦變的會LAG!!另外!!我的電腦還是無法關機!!但是可以顯示關機的視窗了!!我原本以為是硬碟不夠所以造成LAG~但是我C還有7G! D也還有8G 另外電腦已經做了重新整理磁碟的動作!!記憶體是768的!!大致上的情形是這樣 這是我電腦刪除後的結果@@~ 感謝大大的費勞費心^^" Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\goods.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\桌面\HiJackThis.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "D:\All games\影片製作\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [KKBOX Tray Icon] D:\program files\KKBOX_Tray.exe O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Foxy 下載 - res://D:\All games\MP3\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://D:\All games\MP3\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://d:\all games\office\office11\excel.exe/3000 O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\ALLGAM~1\office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmestw.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ALLGAM~1\office\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Audio Adapter (VGADown) - Unknown owner - C:\WINDOWS\avp.exe (file missing) -- End of file - 5298 bytes | |
|   | 
		送花文章: 8,
		
			
		   | 
|  2007-09-17, 11:00 PM | #4 (permalink) | 
| 長老會員  |   怎麼多了 autorun 病毒..... O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe 勾選並修復這一項, 重新開機, 以安全模式登入 windows, 搜尋所有硬碟分區並刪除下列檔案: kavo.exe autorun.inf ntdelect.com (注意別刪錯: NTDETECT.COM 是系統檔, ntdelect.com 是木馬) 還有, 之前的 Winsock 被劫持也還沒修復 O10 - Unknown file in Winsock LSP: c:\windows\system32\od3mdi.dll 注意, 這一項一定要照 http://forum.slime.com.tw/thread202733.html 裡面的方法修復 | 
|   | 
		送花文章: 6,
		
			
		   | 
|  2007-09-18, 01:35 AM | #5 (permalink) | |
| 註冊會員 |   引用: 
 因為我重新開機後有兩個選項!!一個是P開頭的!!另外一個是SS- 蝦米挖膏的!!我該選擇哪一項??還有!!搜尋硬碟分區是指說從開始>>搜尋>>檔案或資料夾>>打上大大說的那三個 這樣對嗎??那我搜尋了以後只找到autorun.com 另外O10的部份!!我一直找不到因為他已經正常在system32內了 C:\WINDOWS\system\svchost.exe (正常的svchost.exe應該在c:\windows\system32\內) 我個人是覺得!!會不會是因為我的電腦都無法重新開機所以O10才沒辦法刪除= = | |
|   | 
		送花文章: 8,
		
			
		   | 
|  2007-09-18, 09:30 PM | #7 (permalink) | |
| 註冊會員 |   引用: 
 2.那如果搜尋完沒有kavo.exe autorun.inf ntdelect.com 這三個檔案!!該怎麼半= =? | |
|   | 
		送花文章: 8,
		
			
		   | 
|    | 
| 主題工具 | |
| 顯示模式 | |
| 
 |  | 
|  相似的主題 | ||||
| 主題 | 主題作者 | 討論區 | 回覆 | 最後發表 | 
| 討論 - 提問的智慧 | oldgod.tw | 硬體疑難使用問題討論區 | 20 | 2007-05-21 08:51 PM |