Re: [問題] EFIX掃完以後會無法正常關機的問題
我把LOG檔貼上來
檔案下載位置: http://www.badongo.com/file/11578158
這是其中一台的LOG,顯示是沒有刪除登錄值或檔案的,但一樣關機不正常
今天詢問的結果是:
關機至少需十五到三十分鐘,偶爾完全不會關機
控制台新增或移除程式完全無法顯示
進入安全模式則完全正常
今天測試使用WINDOWS光碟修復一台,上述問題則全部恢復正常,不知原因為何
希望能發現是什麼問題~
最近要修復十幾台電腦好累 @@~~~
==============================================================
2008-09-18 02:07:05 GMT+00:00
EFix 4.82 - Administrator 2008-09-18 10:08:30.17 - NTFS
Microsoft Windows XP [版本 5.1.2600] - Service Pack 2
=======================================================
EFix刪除的檔案列表:
沒有刪除任何檔案.
=======================================================
EFix刪除的登錄值列表:
沒有刪除任何登錄值.
=======================================================
****** Created 2008-08 to 2008-09 Files ******
2008-09-18 . 2008-09-18 10:08 d-------- C:\NEFix
2008-09-18 . 2008-09-18 10:07 d-------- C:\WINDOWS\efixunt
2008-09-03 . 2008-09-03 09:24 d-------- C:\Program Files\Java Plug-in 1.1
2008-09-03 . 2008-09-03 09:24 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-03 . 2008-09-03 09:24 d-------- C:\Documents and Settings\Administrator\.java
2008-09-02 . 2008-09-02 12:17 d-------- C:\Program Files\ekey ActiveX
2008-09-01 . 2008-09-05 11:01 d-------- C:\WINDOWS\network diagnostic
2008-09-01 . 2008-09-01 11:00 d-------- C:\WINDOWS\system32\zh-tw
2008-09-01 . 2008-09-01 10:56 d-------- C:\WINDOWS\WBEM
2008-09-01 . 2008-09-01 10:56 d-------- C:\WINDOWS\ie7updates
2008-08-27 . 2008-08-29 08:25 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-07 . 2008-08-12 16:52 d-------- C:\Program Files\Macromedia
2008-09-18 . 2000-08-31 08:00 --a------ C:\WINDOWS\vfind.com
2008-09-15 . 2008-09-15 09:38 --a------ C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
2008-09-03 . 2008-09-03 09:24 --a------ C:\JSetup.exe
2008-09-03 . 2000-08-18 23:47 --a------ C:\WINDOWS\system32\ActPanel.dll
2008-09-03 . 2000-08-12 04:18 --a------ C:\WINDOWS\system32\jrew.exe
2008-09-03 . 2000-08-12 04:18 --a------ C:\WINDOWS\system32\jre.exe
2008-09-03 . 1998-10-29 17:45 --a------ C:\WINDOWS\IsUninst.exe
2008-09-02 . 2008-09-02 11:30 --a------ C:\mega.exe
2008-09-01 . 2008-09-01 11:24 --a------ C:\YahooKeyKey-Windows-1.0b1-zh-TW.exe
2008-09-01 . 2008-09-01 09:56 --a------ C:\IE7-WindowsXP-x86-cht.exe
2008-09-01 . 2006-07-14 23:51 --------- C:\WINDOWS\system32\xmllite.dll
=======================================================
執行中的程序:
C:\WINDOWS\system32\cmd.exe ( Microsoft Corporation < Microsoft(R) Windows(R) Operating System > )
C:\WINDOWS\explorer.exe ( Microsoft Corporation < Microsoft(R) Windows(R) Operating System > )
C:\Program Files\惡意USB程式防護系統\Usb_Monitor.exe ( NPA < N/A > )
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe ( Trend Micro Inc. < Trend Micro Network Security Components 3.32 > )
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe ( Trend Micro Inc. < Trend Micro OfficeScan > )
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe ( Trend Micro Inc. < Trend Micro OfficeScan > )
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe ( Trend Micro Inc. < Trend Micro OfficeScan > )
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe ( Trend Micro Inc. < Trend Micro Plug-in Manager > )
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ( Cyberlink Corp. < PowerDVD > )
C:\Program Files\Common Files\Real\Update_OB\realsched.exe ( RealNetworks, Inc. < RealPlayer (32-bit) > )
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ( Microsoft Corporation < MicrosoftR Visual Studio .NET > )
C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe ( Acer Inc. < eRecovery 2.0 > )
=======================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" []
"RTHDCPL"=RTHDCPL.EXE [2006-05-18 14:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"=SkyTel.EXE [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"=ALCMTR.EXE [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54]
"eRecoveryService"="C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-16 21:59]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2007-03-22 19:17]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2007-03-22 19:17]
"NPAUsbMon"="C:\Program Files\惡意USB程式防護系統\Usb_Monitor.exe" [2007-11-07 02:18]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-04-27 15:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-16 16:42]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" => 2006-10-18 21:47 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings]
"DLLName"="wlnotify.dll" --a------ 2004-08-04 20:00 C:\WINDOWS\system32\wlnotify.dll
MD5: F7054A7191EE1E403020649AA40A23E0 2007-06-13 21:22 977920 C:\WINDOWS\explorer.exe
MD5: 50D8DB3BF83670339A8616EB5A75BF06 2007-06-13 21:10 977920 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
MD5: 453888766DA789F18FBBF5B20E4BC17F 2004-08-04 20:00 976896 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
MD5: F7A2245D8BD832D1E7A01C26D5E6EFD0 2008-04-15 00:30 978432 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\explorer.exe
MD5: F7054A7191EE1E403020649AA40A23E0 2007-06-13 21:22 977920 C:\WINDOWS\system32\dllcache\explorer.exe
MD5: 613D7C29C9E3E2375971DA7E42E4E330 2008-04-15 00:31 25088 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\userinit.exe
MD5: F3A20A3C6A4DF7FE038F4CCA70080B10 2004-08-04 20:00 23552 C:\WINDOWS\system32\userinit.exe
MD5: F3A20A3C6A4DF7FE038F4CCA70080B10 2004-08-04 20:00 23552 C:\WINDOWS\system32\dllcache\userinit.exe
MD5: 82FE81C7F30172A315AD70327B868436 2008-04-15 00:30 108544 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\services.exe
MD5: 90463A559A0D57B5D4B3E698E1BDDE92 2004-08-04 20:00 108032 C:\WINDOWS\system32\services.exe
MD5: 90463A559A0D57B5D4B3E698E1BDDE92 2004-08-04 20:00 108032 C:\WINDOWS\system32\dllcache\services.exe
C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760]
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual Start S4 = Disable S9 = Unknow
S3 EZUSB;EZUSB PC/SC Smart Card Reader;C:\WINDOWS\system32\DRIVERS\ezusb.sys [2004-09-23 20:06]
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-06-03 17:51]
S3 int15.sys;int15.sys;C:\Program Files\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 NPA 208Client Monitor;NPA 208Client Monitor;C:\NPA94_208Client_Online\bin\wrapper.exe -s C:\NPA94_208Client_Online\bin\..\conf\wrapper.conf []
S2 NPA Upload Monitor;NPA Upload Monitor;C:\NPA94_208Client\bin\wrapper.exe -s C:\NPA94_208Client\bin\..\conf\wrapper.conf []
=======================================================
winsock file list:
=======================================================
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
scanning hidden files ...
scanning hidden processes ...
scanning hidden autostart entries ...
=======================================================
=======================================================
可使用空間 : 61,499,187,200 位元組可用
掃描結束時間: 2008-09-18 10:09:06.95
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 218.168.129.15
推
10/02 17:51, , 1F
10/02 17:51, 1F
→
10/02 17:52, , 2F
10/02 17:52, 2F
→
10/03 17:45, , 3F
10/03 17:45, 3F
→
10/03 17:45, , 4F
10/03 17:45, 4F
推
10/03 17:56, , 5F
10/03 17:56, 5F
→
10/03 17:56, , 6F
10/03 17:56, 6F
推
10/03 17:58, , 7F
10/03 17:58, 7F
推
10/03 17:59, , 8F
10/03 17:59, 8F
→
10/03 19:10, , 9F
10/03 19:10, 9F
→
10/03 19:10, , 10F
10/03 19:10, 10F
→
10/03 19:10, , 11F
10/03 19:10, 11F
→
10/03 19:12, , 12F
10/03 19:12, 12F
推
10/03 19:17, , 13F
10/03 19:17, 13F
→
10/03 19:17, , 14F
10/03 19:17, 14F
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):
13
30
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
