Firefox 成日弹广告

麻烦帮帮手THX~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:00, on 28/7/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Thunder Network\Program\ThunderMobilePlatform.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\HidFind.exe
D:\FlashGet\mxhelper.exe
C:\Program Files\PPStream\PPSKernel.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VMware\VMware Workstation\vmware.exe
C:\Program Files\VMware\VMware Workstation\vmware-unity-helper.exe
C:\Program Files\VMware\VMware Workstation\vmware-vmx.exe
C:\Program Files\VMware\VMware Workstation\vprintproxy.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Thunder Network\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: ssayfe savve - {371D1974-F43C-4E9F-14A1-BB88E8A3BA02} - C:\ProgramData\ssayfe savve\51e3d193becde.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Thunder Network\BHO\XunleiBHO7.2.13.3882.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: SearchNewTab - {B4B0BD91-425F-EDFA-C6D8-886377406FBF} - C:\ProgramData\SearchNewTab\51e3d1b7e93ec.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\9.0\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [IMDreyePlugin] "C:\Program Files\Inventec\Dreye\9.0\DreyeMT\DreyeIMplugin.exe" /h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [bdruninstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
O4 - HKCU\..\Run: [FlashGetBHO] "D:\FlashGet\mxhelper.exe"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'Default user')
O8 - Extra context menu item: &使用迅雷下载 - D:\Thunder Network\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Thunder Network\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷离线下载 - D:\Thunder Network\BHO\OfflineDownload.htm
O8 - Extra context menu item: &捃泞狟婥善忒侬 - http://static.u.155.com/shoulei/shouleidl.htm
O8 - Extra context menu item: Foxy 下载 - res://D:\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜寻 - res://D:\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 使用快车3下载全部链结 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: ??迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {8AFB38D0-67A4-49D3-8822-401755FC6573} (BFServiceX Control) - http://hk.beanfun.com/beanfun_block/embeds/BFService.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\safesa~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google更新 服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: vToolbarUpdater15.3.0 - AVG Secure Search - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

--
End of file - 11724 bytes

Step 1 : 开启 HijackThis 修复项目

开启 HijackThis，按一下 Do a system scan only在左方的小格，勾选以下项目： 接一下 Fix checked，然后再按是关闭 HijackThis
Step 2 : 重新启动电脑

重新启动电脑请进入安全模式
Step 3 : 删除档案

下载 OTM 至桌面，并执行 OTM复制下列文字，并贴上於 Paste Instructions for Items to be Moved 之框格内： 按一下 MoveIt!，再按 OK，并重新启动电脑
Step 4 : 简述情况及贴上报告

请简述一下阁下电脑的状况请上传下列报告至 Sendspace：
HijackThis