查看完整版本 : 鼠標漏斗經常轉,svchost.exe吃記憶體

asdflkjhg 2013-4-25 10:20 PM

鼠標漏斗經常轉,svchost.exe吃記憶體

鼠標漏斗隔10幾秒就轉幾轉
開工作管理員
發現svchost.exe無啦啦食緊20萬KB記憶體想問係咪中左毒

[[i] 本帖最後由 asdflkjhg 於 2013-4-26 03:46 PM 編輯 [/i]]

anlth2010 2013-4-26 12:12 AM

[u][color=red]Step 1 : 下載及使用 HijackThis 掃瞄電腦[/color][/u]

[list][*]下載 [url=http://www.hijackthis.de/downloads/HJTInstall.exe]HijackThis[/url] 至桌面,並安裝 [color=blue]HijackThis[/color][*]按 [color=darkgreen]Install[/color] 進行安裝,然後按一下 [color=darkgreen]Accept[/color][*]按一下 [color=darkgreen]Do a system scan and save a logfile[/color][*][color=blue]HijackThis[/color] 會掃瞄電腦,然後會彈出一份報告[*]儲存該報告於桌面[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請貼上下列報告:[/list]
[list=1][*][color=blue]HijackThis[/color][/list]

asdflkjhg 2013-4-26 12:21 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:20:52, on 26/4/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PPStream\PPSAP.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\RC語音\raidcall.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\vLan\vLan.exe
C:\Users\Chan\Downloads\HijackThis.exe

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
O2 - BHO: Download and Sa - {18688ABB-5E5E-4EBA-A848-36803365D848} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: 881F6BBC-8CAA-5F1D-2DFB-F5F2130CDC9D Class - {881F6BBC-8CAA-5F1D-2DFB-F5F2130CDC9D} - (no file)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\ppsap.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BI672WY05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-21-1453450797-3681024675-4200745835-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1453450797-3681024675-4200745835-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: 監視墨水警示 - HP Deskjet 3070 B611 series (網路).lnk = ?ProgramFiles%\HP\HP Deskjet 3070 B611 series\bin\HPStatusUI.dll
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F078ADF-0815-4CA5-B738-7D2EF2F26962}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

asdflkjhg 2013-4-26 12:22 AM

O17 - HKLM\System\CCS\Services\Tcpip\..\{D77B8011-D15A-4CF1-9282-1B3B1DCD9780}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\easylife\sprote~1.dll  c:\progra~2\simple~1\sprote~1.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15865 bytes

anlth2010 2013-4-26 12:24 AM

[u][color=red]Step 1 : 下載及安裝 Malwarebytes' Anti-Malware[/color][/u]

[list][*]下載 [color=blue]Malwarebytes' Anti-Malware
[/color][url=http://www.malwarebytes.org/mbam-download.php]http://www.malwarebytes.org/mbam-download.php[/url][*]儲存 [color=red]mbam-setup.exe[/color] 至桌面[*]執行 [color=red]mbam-setup.exe[/color] 開始進行安裝,安裝時請選擇 [color=darkgreen]English[/color] 作為安裝語言[*]按 [color=darkgreen]Next[/color],勾選 [color=darkgreen]I accept the agreement[/color] 後再按 [color=darkgreen]Next[/color][*]然後全部都按 [color=darkgreen]Next[/color],不需要更改任何設定[*]按 [color=darkgreen]Install[/color] 後等候安裝[*]按 [color=darkgreen]Finish[/color] 完成安裝,並進行更新[/list]
[u][color=red]Step 2 : 使用 Malwarebytes' Anti-Malware[/color][/u]

[list][*]勾選 [color=darkgreen]Perform full scan[/color],然後按 [color=darkgreen]Scan[/color][*]再按 [color=darkgreen]Scan[/color],進行掃瞄[*]等待掃瞄完成,按 [color=darkgreen]Show Results[/color],再按 [color=darkgreen]Remove Selected[/color] 進行清理[*]完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面[*]關閉 [color=blue]Malwarebytes' Anti-Malware[/color][/list]
[u][color=red]Step 3 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]Malwarebytes' Anti-Malware[/color][/list]

asdflkjhg 2013-4-26 02:06 AM

Malwarebytes Anti-Malware 1.75.0.1300
[url]www.malwarebytes.org[/url]

Database version: v2013.04.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chan :: CHAN-PC [limited]

26/4/2013 1:04:14
mbam-log-2013-04-26 (01-04-14).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490642
Time elapsed: 47 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}

(PUP.Funshion) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}

(PUP.Funshion) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
HKCR\CLSID\{241D7F03-9232-4024-8373-149860BE27C0} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\QMDispatch.QMVBSRoutine (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Chan\Desktop\1\partition magic setup.exe (PUP.AdBundle) -> No action taken.
C:\Users\Chan\AppData\Roaming\qmacro\qdisp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chan\Downloads\真三國無雙6\Shin.Sangokumusou.6.with.Moushouden.JPN.PC.DVD1-ALI213\蚔狨厙

NETSHOW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chan\Downloads\真三國無雙6\Shin.Sangokumusou.6.with.Moushouden.JPN.PC.DVD2-ALI213\蚔狨厙

NETSHOW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Chan\Downloads\真三國無雙6\Shin.Sangokumusou.6.with.Moushouden.JPN.PC.DVD3-ALI213\蚔狨厙

NETSHOW.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

anlth2010 2013-4-26 10:51 PM

現在情況如何?

asdflkjhg 2013-4-27 03:59 PM

都係一樣,
個漏斗KEEP住10幾秒轉幾轉,
svchost照舊食memory

anlth2010 2013-4-28 12:36 AM

[u][color=red]Step 1 : 下載及執行 SREng[/color][/u]

[list][*]下載 [url=http://www.kztechs.com/sreng/download.html]SREng[/url] 至桌面,並解壓縮檔案[*]執行 [color=blue]SREng[/color],並按一下[color=darkgreen]智慧掃瞄[/color][*]按一下[color=darkgreen]掃瞄[/color],[color=blue]SREng[/color] 會進行掃瞄,請耐心等待[*]按[color=darkgreen]保存報告[/color],並儲存它[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]HijackThis[/color][*][color=blue]SREng[/color][/list]

asdflkjhg 2013-4-28 02:58 PM

[url]http://www.sendspace.com/file/pq5xdt[/url]

anlth2010 2013-4-28 10:50 PM

[u][color=red]Step 1 : 下載及執行 SystemLook[/color][/u]

[list][*]下載 [url=http://jpshortstuff.247fixes.com/SystemLook.exe][color=#000000]SystemLook[/color][/url] 至桌面,並執行 [color=blue]SystemLook[/color][*]於視窗內貼上以下內容,然後按 [color=darkgreen]Look[/color]
[quote]
:regfind
sprote[/quote][*]然後會彈出 [color=blue]SystemLook[/color] 報告,把它儲存[/list]
[u][color=red]Step 2 : 簡述情況及貼上報告[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[*]請上傳下列報告至 [url=http://www.sendspace.com/]Sendspace[/url]:[/list]
[list=1][*][color=blue]SystemLook[/color][/list]

asdflkjhg 2013-4-29 01:33 PM

[url]http://www.sendspace.com/file/5mmpkm[/url]

anlth2010 2013-5-2 12:49 AM

[u][color=red]Step 1 : 刪除檔案[/color][/u]

[list][*]下載 [url=http://oldtimer.geekstogo.com/OTM.exe]OTM[/url] 至桌面,並執行 [color=blue]OTM[/color][*]複製下列文字,並貼上於 [color=darkgreen]Paste Instructions for Items to be Moved[/color] 之框格內:
[quote]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SP Global]
"0e20a748"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SP Global]
"9af560c4"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SP Global]
"4e24a328"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SP Global]
"cefa7852"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\SProtector]
[-HKEY_USERS\S-1-5-21-1453450797-3681024675-4200745835-1000\Software\AppDataLow\SProtector]
[-HKEY_USERS\S-1-5-21-1453450797-3681024675-4200745835-1001\Software\AppDataLow\SProtector]

:files
C:\Program Files (x86)\EasyLife\sprotector.dll
c:\progra~2\simple~1\sprote~1.dll
C:\Program Files (x86)\BrowseToSave\sprotector.dll
c:\progra~2\mocaflix\sprote~1.dll
[/quote][*]按一下 [color=darkgreen]MoveIt![/color],再按 [color=darkgreen]OK[/color],並重新啟動電腦[/list]
[u][color=red]Step 2 : 簡述情況[/color][/u]

[list][*]請簡述一下閣下電腦的狀況[/list]

asdflkjhg 2013-5-3 03:08 AM

問題仍然存在,
好似轉得仲密左

anlth2010 2013-5-4 01:06 AM

請貼上新的 HijackThis 紀錄。

asdflkjhg 2013-5-4 10:58 PM

[url]http://www.sendspace.com/file/ucrov2[/url]

anlth2010 2013-5-8 02:32 PM

[u][color=red]Step 1 : 使用 F-Secure Online Scanner 掃瞄電腦[/color][/u]

[list][*]使用 [color=blue]F-Secure Online Scanner[/color] 掃瞄電腦[*][color=blue]F-Secure Online Scanner[/color] 使用教學:[url=http://computer.discuss.com.hk/viewthread.php?tid=944141]http://computer.discuss.com.hk/viewthread.php?tid=944141[/url][/list]
頁: [1]
查看完整版本: 鼠標漏斗經常轉,svchost.exe吃記憶體