求助 - 有大大可以幫忙看一下嗎

bryand · 2007-12-02, 07:05 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 07:02:24, on 2007/12/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Avast4\aswUpdSv.exe
d:\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
d:\Avast4\ashMaiSv.exe
d:\Avast4\ashWebSv.exe
D:\Foxy\Foxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - d:\Inventec\Dreye\DreyeMT\DREYEI~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC60\ChangJie\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [CJAppletSync] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC60\ChangJie\CINTLCFG.EXE /AppletSync
O4 - HKLM\..\Run: [TkBellExe] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddVideo.htm
O8 - Extra context menu item: Foxy 下載 - res://D:\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://D:\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddLink.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://rappelz.omg.com.tw/activex/macrowell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF2DE17-FABC-4EF5-9797-2A3C72C3982C}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5462 bytes

plunderer · 2007-12-02, 07:39 PM

O4 - HKLM\..\Run: [TkBellExe] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe" -osboot

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

勾選並修復上述項目, 重新開機, 清空 C:\Documents and Settings\Administrator\Local Settings\Temp 目錄

P.S
貼上 log 外, 最好再告知問題的具體狀況, 以便判讀

2007-12-02, 07:05 AM	#1
bryand 註冊會員榮譽勳章勳章總數2 UID - 22730 在線等級: 註冊日期: 2003-01-06 VIP期限: 2011-01 住址: 高雄市文章: 143 精華: 0 現金: 5614 金幣資產: 5614 金幣	求助 - 有大大可以幫忙看一下嗎 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 上午 07:02:24, on 2007/12/2 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe d:\Avast4\aswUpdSv.exe d:\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe d:\Avast4\ashMaiSv.exe d:\Avast4\ashWebSv.exe D:\Foxy\Foxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Xi\NetTransport 2\NetTransport.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - d:\Inventec\Dreye\DreyeMT\DREYEI~1.DLL O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC60\ChangJie\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [CJAppletSync] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC60\ChangJie\CINTLCFG.EXE /AppletSync O4 - HKLM\..\Run: [TkBellExe] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddVideo.htm O8 - Extra context menu item: Foxy 下載 - res://D:\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://D:\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Documents and Settings\Administrator\桌面\BitComet_0.89\BitComet_Win9x.exe/AddLink.htm O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://rappelz.omg.com.tw/activex/macrowell.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF2DE17-FABC-4EF5-9797-2A3C72C3982C}: NameServer = 168.95.192.1 168.95.1.1 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - d:\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5462 bytes

	送花文章: 41, 收花文章: 21 篇, 收花: 30 次

2007-12-02, 07:39 PM	#2 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	O4 - HKLM\..\Run: [TkBellExe] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\realsched.exe" -osboot O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe 勾選並修復上述項目, 重新開機, 清空 C:\Documents and Settings\Administrator\Local Settings\Temp 目錄 P.S 貼上 log 外, 最好再告知問題的具體狀況, 以便判讀
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

相似的主題
主題	主題作者	討論區	回覆	最後發表
組電腦幫忙看一下哪裡不妥	仙貝	硬體疑難使用問題討論區	13	2003-08-06 05:27 PM
有大大可以推薦幾ㄍ記憶體管理程式ㄇ	戰神2001	一般電腦疑難討論區	3	2003-07-21 08:34 PM
哪位大大可以幫我找av vcs3.0的破解檔	八辣777	一般電腦疑難討論區	0	2003-06-20 04:58 PM

Google 提供的廣告