当前位置：首页 → 问答吧 → 成日弹广告及其他问题求助!

成日弹广告及其他问题求助!

时间：2014-01-09

来源：互联网

上网时，有时一click就弹广告出黎试过人手BLOCK左个网都系仲弹，有时上上下网 (eg. youtube)，部份英文字转左绿色及底下间左双直线，只mouse一拉到去个字到又弹广告出黎帮你禁入去，试左好多扫毒都未能清除，求助!

作者: yapwinsonho 发布时间: 2014-01-09

CAP左图但唔识UP上黎

作者: yapwinsonho 发布时间: 2014-01-09

http://upload.lsforum.net/
上载图片

作者: GoodestEngilsh 发布时间: 2014-01-09

作者: yapwinsonho 发布时间: 2014-01-09

1) click入去个广告到
比条link嚟睇睇2) 做Hijackthishttp://computer.discuss.com.hk/viewthread.php?tid=1741311
将HJT log贴上在此

[ 本帖最后由 GoodestEngilsh 於 2013-12-23 06:27 PM 编辑 ]

作者: GoodestEngilsh 发布时间: 2014-01-09

广告唔系次次一样连结去既网站都有好多

作者: yapwinsonho 发布时间: 2014-01-09

Logfile of HijackThis v1.99.1
Scan saved at 上午 12:10:20, on 2013/12/24
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
D:\PPS.tv\PPStream\PPSProtect.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Garena Plus\bbtalk\BBtalk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\User\AppData\Local\Temp\Rar$EX04.009\HijackThis.exe

O1 - Hosts: 94.102.51.71 sc.userporn.com
O1 - Hosts: 94.102.51.71 www.userporn.com
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll (file missing)
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(729).dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: YoutubeAdblocker - {3BFA3A49-8F41-08BF-E291-589083E9B611} - C:\Program Files\YoutubeAdblocker\f3cuKjTtYM.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SSurf aunDD keep - {B1F5D6E2-3207-EC08-F4FE-AA8A4F6137DE} - C:\Program Files\SSurf aunDD keep\KPB.dll
O2 - BHO: SearchNewTab - {D1073238-BDD7-4756-0062-FBF551B7645E} - C:\Program Files\SearchNewTab\E8nQek.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [RaidCall] C:\Program Files\RC语音\raidcall.exe
O4 - HKLM\..\Run: [IME14 CHT Uninstall] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ynote] "C:\Program Files\Youdao\YoudaoNote\RunYNote.exe" hide
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [XLDaQuan] "C:\Program Files\Thunder Network\XLDaQuan\Program\XLDaQuan.exe" -minimize:1 -starttype:autorun
O4 - HKCU\..\Run: [Pando Media Booster] null\Pando Networks\Media Booster\PMB.exe
O9 - Extra button: (no name) - {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {00BC5049-C7F3-4AC9-92AE-1991C76608B0} (TRLauncher Control) -

作者: yapwinsonho 发布时间: 2014-01-09

http://weblogin.talesrunner.com.hk/TRLauncher.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Me ... /MJSS.cab109791.cab
O16 - DPF: {A99C5366-DB29-42C8-9372-632F0005B74D} (p2plsocx Control) - http://2012.i-cable.com/olympic/players/astri/ie/p2plsocx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirement ... ct_cyri_4.5.1.0.cab
O16 - DPF: {E758BC30-C8C3-4379-B27B-B50E146460A9} - http://update.tv.sina.com.cn/live/p2p/install_service_v4.cab.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google 更新服务 (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsService (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

作者: yapwinsonho 发布时间: 2014-01-09

你好 ~

开机按F8,入安全模式做Fix checked & OTM 删除。

1.执行Hijackthis > Do a system scan only > 勾选下列项目 > 按Fix Checked (fix checked时关闭所有browsers/程式) > 按"是"。

引用:O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll (file missing)
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(729).dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
O2 - BHO: SSurf aunDD keep - {B1F5D6E2-3207-EC08-F4FE-AA8A4F6137DE} - C:\Program Files\SSurf aunDD keep\KPB.dll
O2 - BHO: SearchNewTab - {D1073238-BDD7-4756-0062-FBF551B7645E} - C:\Program Files\SearchNewTab\E8nQek.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [XLDaQuan] "C:\Program Files\Thunder Network\XLDaQuan\Program\XLDaQuan.exe" -minimize:1 -starttype:autorun
O9 - Extra button: (no name) - {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (file missing)

2. 下载/执行 OTM做删除。
http://oldtimer.geekstogo.com/OTM.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。

引用::filesC:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(729).dll
C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
C:\Program Files\SSurf aunDD keep\KPB.dll
C:\Program Files\SearchNewTab\E8nQek.dll
C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Thunder Network\XLDaQuan\Program\XLDaQuan.exe
C:\Program Files\Windows Live\Companion\companioncore.dll

3. 下载/执行Junkware Removal Tool扫毒。
http://thisisudax.org/downloads/JRT.exe
执行扫毒前请关闭所有浏览器同程式
(JRT会自动删除附於浏览器的恶意程式/档案/登录档)

4. 关闭所有防毒软件(包括Windows Defender),下载ComboFix至桌面 ,执行ComboFix扫毒。
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
扫瞄时不要执行其他程式或点击 ComboFix视窗。
(ComboFix扫毒约10 -20分钟,唔使装"修复主控台程式") 完成扫瞄后,ComboFix 报告会自动弹出。

请贴上以下报告:
a. JRT扫毒报告。
b. ComboFix扫毒报告。
c. 新1份Hijackthis扫瞄报告。

[ 本帖最后由 GoodestEngilsh 於 2013-12-25 08:00 PM 编辑 ]

作者: GoodestEngilsh 发布时间: 2014-01-09

有咩网页可以上传档案?

作者: yapwinsonho 发布时间: 2014-01-09

http://www.sendspace.com/

作者: GoodestEngilsh 发布时间: 2014-01-09

http://www.sendspace.com

http://www.sendspace.com/file/33aex3

http://www.sendspace.com/file/95hdb8

作者: yapwinsonho 发布时间: 2014-01-09

http://www.sendspace.com/file/q89nst

作者: yapwinsonho 发布时间: 2014-01-09

唔好意思第二步嗰度排位有啲错
恶意档案仲未删除请做多次

1. 下载/执行 OTM做删除。
http://oldtimer.geekstogo.com/OTM.exe
copy & paste 以下项目於Paste Instructions for Items to be Moved的框格内。
按MoveIt > OK > 重启电脑。

引用::files
C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.2.0.131.(729).dll
C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
C:\Program Files\SSurf aunDD keep\KPB.dll
C:\Program Files\SearchNewTab\E8nQek.dll
C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Thunder Network\XLDaQuan\Program\XLDaQuan.exe
C:\Program Files\Windows Live\Companion\companioncore.dll

2. 执行AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
将档案储存於桌面>双击执行AdwCleaner.exe>按下Scan>扫描完成后按下Clean>重启电脑>完成后会产生log 另存於桌面>稍后上传

3. 下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面
>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按下一步勾选我同意后再按下一步
>然后全部都按下一步，不需要更改任何设定
>按安装后等候安装
>按完成完成安装，并进行更新
>勾选完整扫描，然后按扫描
>等待扫瞄完成，按显示结果，按下右键按检查所有项目
>再按清除已选择的项目进行清理
>完成清理后会弹出扫描纪录，请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后会产生log 另存於桌面>稍后上传

4. 报告情况
>仲有冇广告弹出？

[ 本帖最后由 GoodestEngilsh 於 2013-12-25 11:37 PM 编辑 ]

作者: GoodestEngilsh 发布时间: 2014-01-09