疑問 - 為何小弟電腦會跑出這畫面??是中毒嗎

lutunhsiang · 2015-04-25, 05:00 PM

--------------------
閱讀本主題的最佳解答
--------------------

小弟電腦系統為win7 sp1 x64,剛才瀏覽器明明是google chrome,在瀏覽FB時會跑出以下這畫面,不清楚是否為中毒還是程式錯誤,以下為Trend Micro-- HijackThis之log,麻煩大家看一下感激

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 04:58:24, on 2015/4/25
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe
C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\win7\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [TP-LINK USB Printer Controller] C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7683511A11F9B3159606D2B3C56061DA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [exexc6] C:\Users\win7\AppData\Local\Temp\RarSFX0\a.exe
O4 - HKCU\..\Run: [word6] C:\Users\win7\AppData\Local\Temp\RarSFX0\1\a.exe
O4 - HKCU\..\Run: [takmgr2] C:\Users\win7\AppData\Local\Temp\RarSFX0\takmgr.exe
O4 - HKCU\..\Run: [iexplore] C:\Users\win7\AppData\Local\Temp\RarSFX19\iexplore.exe
O4 - HKCU\..\Run: [acmon] C:\Users\win7\AppData\Local\Temp\RarSFX17\csrss.exe
O4 - HKCU\..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe -minimize
O4 - Global Startup: 掃描器偵測器.lnk = C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6308 bytes

getter · 2015-04-25, 05:16 PM

這一段 ... 應該是病毒 ...

O4 - HKCU\..\Run: [exexc6] C:\Users\win7\AppData\Local\Temp\RarSFX0\a.exe
O4 - HKCU\..\Run: [word6] C:\Users\win7\AppData\Local\Temp\RarSFX0\1\a.exe
O4 - HKCU\..\Run: [takmgr2] C:\Users\win7\AppData\Local\Temp\RarSFX0\takmgr.exe
O4 - HKCU\..\Run: [iexplore] C:\Users\win7\AppData\Local\Temp\RarSFX19\iexplore.exe
O4 - HKCU\..\Run: [acmon] C:\Users\win7\AppData\Local\Temp\RarSFX17\csrss.exe

跟那個視窗有沒有關？不知道 ...

建議使用多個手動掃毒軟體、後門檢測軟體掃描 ...

lutunhsiang · 2015-04-25, 05:19 PM

引用:

作者: getter

這一段 ... 應該是病毒 ...

O4 - HKCU\..\Run: [exexc6] C:\Users\win7\AppData\Local\Temp\RarSFX0\a.exe
O4 - HKCU\..\Run: [word6] C:\Users\win7\AppData\Local\Temp\RarSFX0\1\a.exe
O4 - HKCU\..\Run: [takmgr2] C:\Users\win7\AppData\Local\Temp\RarSFX0\takmgr.exe
O4 - HKCU\..\Run: [iexplore] C:\Users\win7\AppData\Local\Temp\RarSFX19\iexplore.exe
O4 - HKCU\..\Run: [acmon] C:\Users\win7\AppData\Local\Temp\RarSFX17\csrss.exe

跟那個視窗有沒有關？不知道 ...

我重開機還是會這樣,應該不是視窗沒有關的問題

getter · 2015-04-25, 05:26 PM

引用:

作者: tunhsiang

我重開機還是會這樣,應該不是視窗沒有關的問題

從 logo 看來好像沒有安裝防毒軟體 ...

不管怎樣 ... 免費或付費的最少要有一套 ... 減少風險 ...

那一段 ... 正常的常駐程式不會把某些執行檔放在 %temp% 裡面

會出現還有代 RARSFX 是病毒的狀況是跑不掉的 ...

狀況嚴重的話 ... 經過處治後，也無法改善系統的錯誤 ...

可以考慮系統還原或系統重新安裝 ...

lutunhsiang · 2015-04-25, 07:09 PM

引用:

作者: getter

從 logo 看來好像沒有安裝防毒軟體 ...

不管怎樣 ... 免費或付費的最少要有一套 ... 減少風險 ...

那一段 ... 正常的常駐程式不會把某些執行檔放在 %temp% 裡面

會出現還有代 RARSFX 是病毒的狀況是跑不掉的 ...

狀況嚴重的話 ... 經過處治後，也無法改善系統的錯誤 ...

可以考慮系統還原或系統重新安裝 ...

小弟剛才由於中毒太深,所以用再生龍還原當初我安裝時的狀態了,現在均已恢復正常,感謝您的幫忙

lutunhsiang · 2015-04-26, 10:57 AM

我平板防毒跟桌機都是採用系統內建的Defender,剛才我注意到在youtube影片我點選其他
影片時畫面不會自己跳過去反而還是在原地不動,且有時候會跳出清理cache這些畫面,但我browser是用google chrome不是用IE,以下為log請大家幫我看一下,感謝
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 上午 10:54:40, on 2015/4/26
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\InputMethod\CHT\ChtIME.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe
C:\Users\asus\AppData\Local\Temp\RarSFX10\iexplore.exe
C:\Users\asus\AppData\Local\Temp\RarSFX11\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\IME\SHARED\imebroker.exe
C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\asus\Desktop\HijackThis.exe

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\Root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [RtkNGUI] "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s
O4 - HKLM\..\Run: [TP-LINK USB Printer Controller] C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [exexc6] C:\Users\asus\AppData\Local\Temp\RarSFX4\a.exe
O4 - HKCU\..\Run: [word6] C:\Users\asus\AppData\Local\Temp\RarSFX4\1\a.exe
O4 - HKCU\..\Run: [takmgr2] C:\Users\asus\AppData\Local\Temp\RarSFX4\takmgr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASUS HID Access Service (AsHidService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @oem29.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\Windows\system32\BtwRSupportService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Intel Corporation - C:\Windows\system32\DptfParticipantProcessorService.exe
O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Intel Corporation - C:\Windows\system32\DptfPolicyCriticalService.exe
O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Intel Corporation - C:\Windows\system32\DptfPolicyLpmService.exe
O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 6558 bytes

getter · 2015-04-27, 10:21 AM

最好下次請在開一個主題 ...

C:\Users\asus\AppData\Local\Temp\RarSFX10\iexplore.exe
C:\Users\asus\AppData\Local\Temp\RarSFX11\iexplore.exe

O4 - HKCU\..\Run: [exexc6] C:\Users\asus\AppData\Local\Temp\RarSFX4\a.exe
O4 - HKCU\..\Run: [word6] C:\Users\asus\AppData\Local\Temp\RarSFX4\1\a.exe
O4 - HKCU\..\Run: [takmgr2] C:\Users\asus\AppData\Local\Temp\RarSFX4\takmgr.exe

以上應該是 ... 。平板應該是具有內建還系統的 ...

─────────────────────────────────────────────────────────

Defender 這東西相當於 MS-DOS MWAV.exe 掃毒工具，基本上並無主動偵測防禦機制 ...
並不是防毒軟體，而是掃毒工具。

Dr.Web CureIt! 基本上是跟 Defender 一樣是免費的掃毒工具。

掃毒工具不等於防毒軟體 ... 這點請先搞清楚

先前也提過了 ... 不管免費或付費一定要裝一套減少風險 ...

avast free、avira free、AVG、Microsoft Security Essentials

Microsoft Security Essentials ... 必須是要購買正牌 Microsoft Windows 後
要自己去下載 ...

2015-04-25, 05:00 PM	#1
lutunhsiang 列管會員榮譽勳章勳章總數17 UID - 278416 在線等級: 註冊日期: 2007-08-31 VIP期限: 2009-12 住址: Taichung 文章: 14124 精華: 0 現金: -3 金幣資產: -3 金幣	疑問 - 為何小弟電腦會跑出這畫面??是中毒嗎 -------------------- 閱讀本主題的最佳解答 -------------------- 小弟電腦系統為win7 sp1 x64,剛才瀏覽器明明是google chrome,在瀏覽FB時會跑出以下這畫面,不清楚是否為中毒還是程式錯誤,以下為Trend Micro-- HijackThis之log,麻煩大家看一下感激 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 下午 04:58:24, on 2015/4/25 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe C:\Program Files (x86)\Naver\LINE\Line.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\win7\Desktop\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [TP-LINK USB Printer Controller] C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7683511A11F9B3159606D2B3C56061DA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [exexc6] C:\Users\win7\AppData\Local\Temp\RarSFX0\a.exe O4 - HKCU\..\Run: [word6] C:\Users\win7\AppData\Local\Temp\RarSFX0\1\a.exe O4 - HKCU\..\Run: [takmgr2] C:\Users\win7\AppData\Local\Temp\RarSFX0\takmgr.exe O4 - HKCU\..\Run: [iexplore] C:\Users\win7\AppData\Local\Temp\RarSFX19\iexplore.exe O4 - HKCU\..\Run: [acmon] C:\Users\win7\AppData\Local\Temp\RarSFX17\csrss.exe O4 - HKCU\..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe -minimize O4 - Global Startup: 掃描器偵測器.lnk = C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://*.update.microsoft.com O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6308 bytes

	送花文章: 56979, 收花文章: 12813 篇, 收花: 50123 次

2015-04-25, 05:16 PM	#2 (permalink)
getter 管理員榮譽勳章勳章總數19 UID - 6433 在線等級: 註冊日期: 2002-12-08 住址: 天線星球文章: 8157 精華: 0 現金: 19955 金幣資產: 765391 金幣	這一段 ... 應該是病毒 ... O4 - HKCU\..\Run: [exexc6] C:\Users\win7\AppData\Local\Temp\RarSFX0\a.exe O4 - HKCU\..\Run: [word6] C:\Users\win7\AppData\Local\Temp\RarSFX0\1\a.exe O4 - HKCU\..\Run: [takmgr2] C:\Users\win7\AppData\Local\Temp\RarSFX0\takmgr.exe O4 - HKCU\..\Run: [iexplore] C:\Users\win7\AppData\Local\Temp\RarSFX19\iexplore.exe O4 - HKCU\..\Run: [acmon] C:\Users\win7\AppData\Local\Temp\RarSFX17\csrss.exe 跟那個視窗有沒有關？不知道 ... 建議使用多個手動掃毒軟體、後門檢測軟體掃描 ...
	__________________ 在「專業主討論區」中的問題解決後，要記得按一下按鈕喔，這是一種禮貌動作。一樣是在「專業主討論區」中發問，不管問題解決與否，都要回應別人的回答文喔。不然搞 [斷頭文]，只看不回應，下次被別人列入黑名單就不要怪人喔。天線寶寶說再見啦~ ... 天線寶寶說再見啦~ 迪西：「再見~ 再見~」『 Otaku Culture Party 』關心您 ...
	送花文章: 37855, 收花文章: 6441 篇, 收花: 26052 次

2015-04-26, 10:57 AM	#6 (permalink)
lutunhsiang 列管會員榮譽勳章勳章總數17 UID - 278416 在線等級: 註冊日期: 2007-08-31 VIP期限: 2009-12 住址: Taichung 文章: 14124 精華: 0 現金: -3 金幣資產: -3 金幣	請問一下我平板也中毒了嗎我平板防毒跟桌機都是採用系統內建的Defender,剛才我注意到在youtube影片我點選其他影片時畫面不會自己跳過去反而還是在原地不動,且有時候會跳出清理cache這些畫面,但我browser是用google chrome不是用IE,以下為log請大家幫我看一下,感謝 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 上午 10:54:40, on 2015/4/26 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16384) Boot mode: Normal Running processes: C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Windows\System32\InputMethod\CHT\ChtIME.exe C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\DptfPolicyLpmServiceHelper.exe C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe C:\Users\asus\AppData\Local\Temp\RarSFX10\iexplore.exe C:\Users\asus\AppData\Local\Temp\RarSFX11\iexplore.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\System32\IME\SHARED\imebroker.exe C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\asus\Desktop\HijackThis.exe O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\Root\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe O4 - HKLM\..\Run: [RtkNGUI] "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s O4 - HKLM\..\Run: [TP-LINK USB Printer Controller] C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [exexc6] C:\Users\asus\AppData\Local\Temp\RarSFX4\a.exe O4 - HKCU\..\Run: [word6] C:\Users\asus\AppData\Local\Temp\RarSFX4\1\a.exe O4 - HKCU\..\Run: [takmgr2] C:\Users\asus\AppData\Local\Temp\RarSFX4\takmgr.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://*.update.microsoft.com O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: ASUS HID Access Service (AsHidService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: @oem29.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\Windows\system32\BtwRSupportService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Intel Corporation - C:\Windows\system32\DptfParticipantProcessorService.exe O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Intel Corporation - C:\Windows\system32\DptfPolicyCriticalService.exe O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Intel Corporation - C:\Windows\system32\DptfPolicyLpmService.exe O23 - Service: Google更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google更新服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe -- End of file - 6558 bytes

	送花文章: 56979, 收花文章: 12813 篇, 收花: 50123 次

2015-04-27, 10:21 AM	#7 (permalink)
getter 管理員榮譽勳章勳章總數19 UID - 6433 在線等級: 註冊日期: 2002-12-08 住址: 天線星球文章: 8157 精華: 0 現金: 19955 金幣資產: 765391 金幣	最好下次請在開一個主題 ... 最好下次請在開一個主題 ... C:\Users\asus\AppData\Local\Temp\RarSFX10\iexplore.exe C:\Users\asus\AppData\Local\Temp\RarSFX11\iexplore.exe O4 - HKCU\..\Run: [exexc6] C:\Users\asus\AppData\Local\Temp\RarSFX4\a.exe O4 - HKCU\..\Run: [word6] C:\Users\asus\AppData\Local\Temp\RarSFX4\1\a.exe O4 - HKCU\..\Run: [takmgr2] C:\Users\asus\AppData\Local\Temp\RarSFX4\takmgr.exe 以上應該是 ... 。平板應該是具有內建還系統的 ... ───────────────────────────────────────────────────────── Defender 這東西相當於 MS-DOS MWAV.exe 掃毒工具，基本上並無主動偵測防禦機制 ... 並不是防毒軟體，而是掃毒工具。 Dr.Web CureIt! 基本上是跟 Defender 一樣是免費的掃毒工具。掃毒工具不等於防毒軟體 ... 這點請先搞清楚先前也提過了 ... 不管免費或付費一定要裝一套減少風險 ... avast free、avira free、AVG、Microsoft Security Essentials Microsoft Security Essentials ... 必須是要購買正牌 Microsoft Windows 後要自己去下載 ... 此帖於 2015-04-27 11:23 AM 被 getter 編輯.

	送花文章: 37855, 收花文章: 6441 篇, 收花: 26052 次

Google 提供的廣告