» 遊客:  加入 | 登入 (帳號有問題請連絡TWed2k@gmail.com)


 


 TWed2k » 軟體求助討論區 » 電腦速度明顯降低 RSS   



  可打印版本 | 推薦給朋友 | 訂閱主題 | 收藏主題 | 純文字版  


 

 
主題: [求助] 電腦速度明顯降低   字型大小:||| 
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#1 : 2008-7-24 09:32 PM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
最近上了幾個下載網站之後, 電腦速度明顯降低,
而且每次開 Explorer都會出現訊息說 System Error,
然後自動開啟一個掃毒軟網站.
我的電腦是XP SP3加 KIS2008, 全機掃瞄和光碟開機掃描都沒發現問題. 連絡他們的客服也回答的牛頭不對馬嘴, 只好放棄.
後來用Spybot S&D 和UnHackme 發現被植入BHO Trojan, 清除後開 Explorer 不再有問題, 將Spybot 和 UnHackme移除.
但是電腦速度依然明顯降低,連平常操做的音效都會出現很嚴重的 Lag 和 斷音, 解壓和複製文件更是龜速. 估計是還有東西沒清乾淨, 請有經驗的和高手們指點, 多謝!


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#2 : 2008-7-25 03:42 AM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
這是用 Hijackthis 讀出來的東西:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\0Util\Hard\Mouse\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\nwtray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\0Apps\Firefox\firefox.exe
C:\Program Files\KIS\avp.exe
C:\Program Files\KIS\avp.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\0Media\Real Alternative\Media Player Classic\mplayerc.exe
D:\Download\hijackthis.1.991\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\0Apps\Flashget\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\0Apps\Flashget\getflash.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [OPT Drive Power Saving] "C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"  /Stationary
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [AVP] "C:\Program Files\KIS\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nwtray.lnk = C:\WINDOWS\system32\nwtray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\0Apps\Flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\0Apps\Flashget\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\KIS\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\KIS\SCIEPlgn.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\0Apps\Flashget\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\0Apps\Flashget\FlashGet.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FORMOSA
O17 - HKLM\Software\..\Telephony: DomainName = FORMOSA
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C45B39-5BD5-4418-B5FB-823AE550D126}: Domain = FORMOSA
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C45B39-5BD5-4418-B5FB-823AE550D126}: NameServer = 192.168.0.2,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FORMOSA
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FORMOSA
O20 - AppInit_DLLs: C:\PROGRA~1\KIS\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\KIS\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

請版主建議


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#3 : 2008-7-25 04:10 AM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
這是Spybot 讀出來的東西:


2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-24 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2007-11-07 Includes\Revision.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
   file: C:\WINDOWS\ALCMTR.EXE
   size: 69632
    MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
   file: C:\Program Files\Apoint\Apoint.exe
   size: 118784
    MD5: 6FC8ECA367679C2AEBBA09A416B4C18D

Located: HK_LM:Run, AVP
command: "C:\Program Files\KIS\avp.exe"
   file: C:\Program Files\KIS\avp.exe
   size: 227856
    MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
   file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
   size: 53248
    MD5: EAF4EE7C73FB0784F2C128029C1ACE1C

Located: HK_LM:Run, Bluetooth Connection Assistant
command: LBTWIZ.EXE -silent
   file: LBTWIZ.EXE
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
   file: C:\WINDOWS\system32\hkcmd.exe
   size: 162328
    MD5: 1C930A2C9A0A268F772126F33FF346F1

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
   file: C:\WINDOWS\system32\igfxtray.exe
   size: 141848
    MD5: B680B44AFD06C6E1982F04BEFAF5CBDB

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
   file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
   size: 208952
    MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
   file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
   size: 974848
    MD5: 287C76D06B7FBAD32FA064B007F17AC1

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
   file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
   size: 823296
    MD5: 8EB1CB906CA03ECCFBBE0217113C154A

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
   file: C:\WINDOWS\KHALMNPR.EXE
   size: 56080
    MD5: F2F64E6B1A67623E5B6C0195816B1644

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
   file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
   size: 59392
    MD5: 1B17E09C1223F6D17336D2DD7A1AF4F4

Located: HK_LM:Run, OPT Drive Power Saving
command: "C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE"
   file: C:\Program Files\Sony\VAIO Power Management\OPT Drive Power Saving.EXE
   size: 1486848
    MD5: F79A4EAF1DC2F0ECD08265D7AD142984

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
   file: C:\WINDOWS\system32\igfxpers.exe
   size: 137752
    MD5: 8553A8EFB0E9FF953065029A64D747B9

Located: HK_LM:Run, PHIMETIPSYNC
command: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
   file: C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE
   size: 95296
    MD5: B37D80E04823496C8E3B6067B9952C7D

Located: HK_LM:Run, PSQLLauncher
command: "C:\Program Files\Protector Suite QL\launcher.exe" /startup
   file: C:\Program Files\Protector Suite QL\launcher.exe
   size: 49168
    MD5: 612997BF385273BFA1219A399E2BA986

Located: HK_LM:Run, SonyPowerCfg
command: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
   file: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
   size: 217088
    MD5: 2467ED3DF40CA82D9359E215DCD57E31

Located: HK_LM:Run, UnlockerAssistant
command: "C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe" -H
   file: C:\Program Files\0Util\Gadget\Unlocker\UnlockerAssistant.exe
   size: 15360
    MD5: D0B7944F881639ACC626BDB13A436C55

Located: HK_LM:Run, VAIO Update 3
command: "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"  /Stationary
   file: C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
   size: 546936
    MD5: E55101F6657381FFAD01EDB6BBAD465A

Located: HK_LM:RunOnceEx, Title
command: UnHackMe Rootkit Check
   file: UnHackMe Rootkit Check
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
  where: .DEFAULT...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-21-1867029185-3722341773-3004090105-1008...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-18...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Bluetooth.lnk
  where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
   file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
   size: 572008
    MD5: 75A5A8115AE7D14BC08A17D0FB3DBEE5

Located: Startup (user), Nwtray.lnk
  where: C:\Documents and Settings\Chun - Yi Wu\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\nwtray.exe
   file: C:\WINDOWS\system32\nwtray.exe
   size: 28672
    MD5: 8EA25DB3B87BF8837F8799CDA811F719

Located: WinLogon, crypt32chain
command: crypt32.dll
   file: crypt32.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
   file: cryptnet.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
   file: cscdll.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
   file: igfxdev.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, klogon
command: C:\WINDOWS\system32\klogon.dll
   file: C:\WINDOWS\system32\klogon.dll
   size: 219664
    MD5: AC07C2075EC8AB38592782BAE884494C

Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
   file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
   size: 72208
    MD5: 8AC3AB3F57922ED620C468EB62D88838

Located: WinLogon, psfus
command: C:\WINDOWS\system32\psqlpwd.dll
   file: C:\WINDOWS\system32\psqlpwd.dll
   size: 90112
    MD5: 5885CDA5A2614A917A42A38BC422131C

Located: WinLogon, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
   file: WlNotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, VESWinlogon
command: VESWinlogon.dll
   file: VESWinlogon.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

可否看出可疑之處?


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#4 : 2008-7-25 08:05 PM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
多謝指點! 我試試看!


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#5 : 2008-7-26 10:27 PM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
應該不是硬碟壞掉, 我用XPE開機硬碟讀寫速度就相當正常. 就按版主所說,砍掉一些常駐看看吧.
不過我認為問題的根本還是有沒清乾淨的東西. 因為症狀是中毒之後才出現的


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記
katsudon
銅驢友〔高級〕
等級: 10等級: 10等級: 10


十週年紀念徽章(四級)  

 . 積分: 193
 . 文章: 246
 . 收花: 1702 支
 . 送花: 35 支
 . 比例: 0.02
 . 在線: 1770 小時
 . 瀏覽: 13077 頁
 . 註冊: 7262
 . 失蹤: 61
#6 : 2008-7-29 08:10 PM     全部回覆 送鮮花給本文章,以表示喜愛之意,點花數可看送花者名單送花 (0) 引言回覆
All attempt failed.  Format and Re-install Windows   . . . .


[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記

   

快速回覆
表情符號

更多 Smilies

字型大小 : |||      [完成後可按 Ctrl+Enter 發佈]        

溫馨提示:本區開放遊客瀏覽。
選項:
關閉 URL 識別    關閉 表情符號    關閉 Discuz! 代碼    使用個人簽名    接收新回覆信件通知
發表時自動複製內容   [立即複製] (IE only)


 



所在時區為 GMT+8, 現在時間是 2024-11-26 04:52 AM		 清除 Cookies - 連絡我們 - TWed2k © 2001-2046 - 純文字版 - 說明
Discuz! 0.1 | Processed in 0.030457 second(s), 7 queries , Qzip disabled