帮我睇下~中左毒.唔该.

c:\users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\extensions\[email protected]\install.rdf
c:\users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\extensions\[email protected]\META-INF\manifest.mf
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\kindling.dll
c:\windows\system32\nsis_loader.dll
.
.
((((((((((((((((((((((((( 2013-10-28 至 2013-11-30 的新的档案 )))))))))))))))))))))))))))))))
.
.
2013-11-30 17:28 . 2013-11-30 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-30 17:28 . 2013-11-30 17:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-30 17:17 . 2013-11-30 17:28 -------- d-----w- c:\users\STEPHY L\AppData\Local\temp
2013-11-30 06:34 . 2013-11-30 06:34 -------- d-----w- C:\QvodPlayer
2013-11-29 07:46 . 2013-11-29 07:46 -------- d-----w- c:\users\STEPHY L\AppData\Roaming\360Safe
2013-11-28 15:36 . 2013-11-28 15:36 -------- d-----w- c:\users\STEPHY L\AppData\Roaming\SUPERAntiSpyware.com
2013-11-28 15:36 . 2013-11-28 15:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-28 15:36 . 2013-11-28 15:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-28 01:31 . 2013-11-28 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 01:31 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-27 11:27 . 2013-09-25 02:01 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-25 09:24 . 2013-11-25 09:24 5753376 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2013-11-24 06:19 . 2008-07-12 00:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-11-24 06:19 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-11-24 06:19 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-11-24 06:19 . 2013-11-24 06:19 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-11-24 06:19 . 2013-11-24 06:19 -------- d-----w- C:\Riot Games
2013-11-24 06:18 . 2013-11-28 01:32 -------- d-----w- c:\users\STEPHY L\AppData\Local\PMB Files
2013-11-24 06:18 . 2013-11-28 01:32 -------- d-----w- c:\programdata\PMB Files
2013-11-24 06:18 . 2013-11-24 06:18 -------- d-----w- c:\program files\Pando Networks
2013-11-24 06:18 . 2013-11-24 06:18 -------- d-----w- c:\users\STEPHY L\AppData\Roaming\Riot Games
2013-11-10 02:59 . 2013-07-23 06:39 14392 ----a-w- c:\windows\system32\drivers\360SysVid.sys
2013-11-10 02:59 . 2013-11-10 02:59 -------- d-----w- C:\$360RTLOG$
2013-11-09 17:33 . 2013-11-09 17:33 -------- d-----w- C:\_OTM
2013-11-09 16:48 . 2013-09-19 01:54 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-09 16:47 . 2013-09-12 02:02 986112 ----a-w- c:\windows\system32\sppobjs.dll
2013-11-09 16:47 . 2013-09-12 01:53 3858432 ----a-w- c:\windows\system32\sppsvc.exe
2013-11-09 16:47 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-09 16:47 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-09 16:47 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-09 16:47 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-09 16:47 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-09 16:47 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-11-03 12:40 . 2013-11-03 12:40 -------- d-----w- c:\program files\dumps
.
.
.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 05:32 . 2011-10-13 15:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-09 16:47 . 2013-09-18 18:19 159032 ----a-w- c:\windows\system32\atl90.dll
2013-11-09 16:47 . 2013-09-18 18:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-11-09 16:47 . 2013-09-18 18:19 568832 ----a-w- c:\windows\system32\msvcp90.dll
2013-10-15 10:01 . 2013-10-15 10:01 80512 ----a-w- c:\windows\xinstaller.dll
2013-10-15 10:01 . 2013-10-15 10:01 35456 ----a-w- c:\windows\xinstaller.exe
2013-10-12 11:00 . 2011-03-28 10:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-18 18:18 . 2013-09-18 18:19 503808 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-18 18:18 . 2013-09-18 18:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-04 01:15 . 2013-10-12 06:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14 . 2013-10-12 06:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14 . 2013-10-12 06:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14 . 2013-10-12 06:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14 . 2013-10-12 06:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14 . 2013-10-12 06:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14 . 2013-10-12 06:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2D9C9C1C-C58C-AC1F-EB7F-1F06FFBD6314}]
2013-09-16 03:21 1189296 ----a-w- c:\program files\QvodPlayer\AddIn\{2D9C9C1C-C58C-AC1F-EB7F-1F06FFBD6314}\QvodAddr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2013-10-15 10:01 264832 ----a-w- c:\users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(643).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2013-11-21 9890608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 5717272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-09 8505888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-07 175128]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-07 166936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 BaiduUpdater;Baidu Updater;c:\program files\Baidu\BaiduUpdate\bdupdate.exe [2013-05-16 552568]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-19 84248]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 GREGService;GREGService;c:\program files\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R3 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
R3 NAUpdate;NAUpdate;c:\program files\Nero\Update\NASvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-19 182680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows 启用技术服务;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 wlcommsvc;wlcommsvc;c:\program files\MSN\Service\wlcommsvc.exe [2012-12-24 203224]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 360SysVid;360SysVid;c:\windows\system32\drivers\360SysVid.sys [2013-07-23 14392]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [2013-03-29 121600]
S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvEx86.sys [2011-04-18 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘计划任务’ 文件夹 里的内容
.
2013-11-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 294070ed-3df3-4b78-b019-7302aba7a283.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2013-11-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c80ffac3-0710-48d4-9d4d-533794e86fd1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.

------- 而外的扫描 -------
.
uStart Page = hxxp://www.yahoo.com.hk/
mStart Page = hxxp://www.yahoo.com.hk/
IE: &妏蚚&捃泞烛盄狟婥 - c:\program files\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: &妏蚚&捃泞狟婥 - c:\program files\Thunder Network\Thunder\BHO\geturl.htm
IE: &妏蚚&捃泞狟婥窒蝈诿 - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: 使用快播按?找片 - c:\program files\QvodPlayer\AddIn\ImgSeed.htm
IE: 使用快车3下载 - c:\users\STEPHY L\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: 使用快车3下载全部链结 - c:\users\STEPHY L\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: 汇出至 Microsoft Office Excel(&X) - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {{807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - {FE69C007-C452-4d3e-86D2-1730DF8BC871} -
TCP: DhcpNameServer = 192.168.1.1
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\KuGou\KGMusic\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\KuGou\KGMusic\KUGOO3~1.OCX
DPF: {63BCF187-B6FC-478D-9CD3-0A416995A59C} - hxxp://wsm.wayi.com.tw/ClientATXCtrl.cab
DPF: {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} - hxxp://www.wayi.com.tw/gameup/ClientATXCtrl.CAB
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0F4BF955-A127-41B7-A998-369904AA2578} - c:\program files\360\360sd\360sdbho.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - c:\program files\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - c:\program files\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - c:\program files\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{A8502600-B272-4F68-A67B-A0305D46D297} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Internet Explorer\MenuExt\&*?Y?&*Cc喏甒竞腤eZ]
@="c:\\Program Files\\Thunder Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Internet Explorer\MenuExt\&*?Y?&*Cc喏腤eZ]
@="c:\\Program Files\\Thunder Network\\Thunder\\BHO\\geturl.htm"
"Name"="xl_geturl"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Internet Explorer\MenuExt\&*?Y?&*Cc喏腤eZ蘙?z??]
@="c:\\Program Files\\Thunder Network\\Thunder\\BHO\\GetAllUrl.htm"
"Name"="xl_getallurl"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u螒?3*N ?]
@="c:\\Users\\STEPHY L\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u螒?3*N ?hQ??P}]
@="c:\\Users\\STEPHY L\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="htmlfile"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2537133487-1696990454-4259169676-1000)
"Progid"="xmlfile"
.
[HKEY_USERS\S-1-5-21-2537133487-1696990454-4259169676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\b?v*gaR]
@DACL="Unknown ACL Revision 0x04"
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,46,06,00,00,01,00,00,00,0c,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,00,00,00,00,99,42,cd,53,20,00,46,61,63,65,62,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'Explorer.exe'(5760)
c:\users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(643).dll
.
完成时间: 2013-12-01 01:29:28
ComboFix-quarantined-files.txt 2013-11-30 17:29
.
Pre-Run: 391,206,060,032 bytes free
Post-Run: 391,108,472,832 位元组可用
.
- - End Of File - - 913303B188E93691C85FDD052F96F585
A36C5E4F47E84449FF07ED3517B43A31

对不起,大大. 关於快播. 我已经发现后删清.

# AdwCleaner v3.013 - Report created 01/12/2013 at 02:51:15
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : STEPHY L - STEPHYL-PC
# Running from : C:\Users\STEPHY L\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Users\STEPHY L\AppData\Local\Babylon
Folder Deleted : C:\Users\STEPHY L\AppData\Local\baidu
Folder Deleted : C:\Users\STEPHY L\AppData\LocalLow\baidu
Folder Deleted : C:\Users\STEPHY L\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\STEPHY L\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\STEPHY L\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\STEPHY L\AppData\Roaming\baidu
Folder Deleted : C:\Users\STEPHY L\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\STEPHY L\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841}
File Deleted : C:\Users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\searchplugins\funmoods.xml
File Deleted : C:\Users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\searchplugins\Web Search.xml
File Deleted : C:\Users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ File : C:\Users\STEPHY L\AppData\Roaming\Mozilla\Firefox\Profiles\n67d6zu4.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=HK&userid=2ecfd846-7ea3-404e-ad19-c8d176d3eed5&searchtype=nt&installDate=04/04/2013");
Line Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "Funmoods");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0D0BzztAzz0CyBtD0AtCtN0D0Tzu0CyEyCtDtN1L2XzutN1L1Czu&cr=1089245677&ir=");

Line Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) retur[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100996");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 3);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "449270a10000000000004487fcdb838c");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15404");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100996&babsrc=adbartrp&mntrId=449270a10000000000004487fcdb838c&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 3);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.173:02:17");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 103524318);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.173:02:17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100996");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "449270a10000000000004487fcdb838c");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "449270a10000000000004487fcdb838c");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15404");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.173:02:17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "{75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8,{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1,[email protected]:1.5.1,{E71B541F-5E72-5555-A47C-E47863195841}:1.0[...]
Line Deleted : user_pref("extensions.funmoods.aflt", "as1212y");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "HK");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.fmupdtFirst", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "B63129E38B4B5C3E29BBB6959A65AF99");
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0D0BzztAzz0CyBtD0AtCtN0D0Tzu0CtAyEzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=196451520[...]
Line Deleted : user_pref("extensions.funmoods.id", "4487FCDB838C70A1");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15688");
Line Deleted : user_pref("extensions.funmoods.instlRef", "as1212y");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:53:58");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", false);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0D0BzztAzz0CyBtD0AtCtN0D0Tzu0CtAyEzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1964515[...]
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0D0BzztAzz0CyBtD0AtCtN0D0Tzu0CtAyEzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=19645[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:53:58");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:53:58");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=HK&userid=2ecfd846-7ea3-404e-ad19-c8d176d3eed5&searchtype=ds&installDate=04/04/2013&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [23590 octets] - [01/12/2013 02:50:06]
AdwCleaner[S0].txt - [23788 octets] - [01/12/2013 02:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23849 octets] ##########

大神. 多谢你. 大至上,电脑该没事了. "
请你帮我最后过目一下, 没有你. 我也不知该怎辨.
还有, 可以删掉那些工具了吗 ?
还有,可以介绍一个大神你觉得可靠的防毒吗?
最后就是. 我好希望可以同你交个朋友
我觉得你好猛, 真心希望可以同你交个朋友
仲有. 就系愿好人有好报, 多谢恩公你