IE同Firefox都中左广告毒HELP PLX~ (附hijackthis report)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:31, on 30/11/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
D:\PPS.tv\PPStream\PPSProtect.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Users\ALViN\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe
D:\PPS.tv\PPStream\PPSKernel.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe
C:\Program Files (x86)\Filseclab\Twister\twister.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\ALViN\AppData\Roaming\881903\update\hkUpdate.exe
C:\Users\ALViN\AppData\Roaming\881903\update\hkUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YoutubeAdblocker - {19604A10-7101-A5A8-37E1-0F002FD460C1} - C:\Program Files (x86)\YoutubeAdblocker\pZ.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: SearchNewTab - {4AB09F72-55A3-A611-E21A-C169A5A05AA3} - C:\Program Files (x86)\SearchNewTab\L.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: seUrff aaNd Keep - {C3F7C0C5-2448-DB32-839D-02ECEFD5DA4C} - C:\Program Files (x86)\seUrff aaNd Keep\SfzAe.dll (file missing)
O2 - BHO: DA0E66BD-935A-D9BB-334C-B84DCC2FECB3 Class - {DA0E66BD-935A-D9BB-334C-B84DCC2FECB3} - C:\Program Files (x86)\QvodPlayer\AddIn\{DA0E66BD-935A-D9BB-334C-B84DCC2FECB3}\QvodAddr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: 肮祭珨莹假蚾盓厥 - {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [HKToolbarManager] "C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Twister] "C:\Program Files (x86)\Filseclab\Twister\twister.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [SDP] C:\Users\ALViN\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [HKToolbarManager] "C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe"
O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (User 'Default user')
O4 - Global Startup: GIGABYTE OC_GURU.lnk = C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
O8 - Extra context menu item: &妏蚚&捃泞烛盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃泞狟婥窒蝈诿 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O20 - AppInit_DLLs: c:\progra~2\skc4df~1.enh\psupport.dll c:\progra~2\websea~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Twister Services (twssrv) - Filseclab Corporation - C:\Program Files (x86)\Filseclab\Twister\twssrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13285 bytes

重新开机 狂按FB进入安全模式
做多次hijackthis
点选以下物件 然后按fix checked
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O2 - BHO: SearchNewTab - {4AB09F72-55A3-A611-E21A-C169A5A05AA3} - C:\Program Files (x86)\SearchNewTab\L.dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.95.0\QvodExtend.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: seUrff aaNd Keep - {C3F7C0C5-2448-DB32-839D-02ECEFD5DA4C} - C:\Program Files (x86)\seUrff aaNd Keep\SfzAe.dll (file missing)
O2 - BHO: DA0E66BD-935A-D9BB-334C-B84DCC2FECB3 Class - {DA0E66BD-935A-D9BB-334C-B84DCC2FECB3} - C:\Program Files (x86)\QvodPlayer\AddIn\{DA0E66BD-935A-D9BB-334C-B84DCC2FECB3}\QvodAddr.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files (x86)\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [HKToolbarManager] "C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HKToolbarManager] "C:\Program Files (x86)\881903\IETOOLBAR\hkmgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O8 - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &妏蚚&捃濘狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &妏蚚&捃濘狟婥窒蟈&#3552 9; - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷看看播放器播 放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm

1. 执行Rkill
下载连结 http://www.bleepingcomputer.com/download/rkill/dl/11/
将档案储存於桌面>双击执行iExplore.exe>完成后会产生log (如果桌面无显示档案 另存於桌面)>稍后上传

2. 执行AdwCleaner
下载连结 http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
将档案储存於桌面>双击执行AdwCleaner.exe>按下Scan>扫描完成后 按下Clean>重启电脑>完成后会产生log 另存於桌面>稍后上传

3. 执行Junkware Removal Tool
下载连结 goo.gl/Pua07
将档案储存於桌面>双击执行JRT.exe>按下任意键>扫描完成后 重启电脑>完成后会产生log (如果桌面无显示档案 另存於桌面)>稍后上传

4. 下载及安装Malwarebytes
下载连结 goo.gl/D1RRY
>将档案储存於桌面>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按 下一步 勾选 我同意 后再按 下一步
>然后全部都按 下一步，不需要更改任何设定
>按 安装 后等候安装
>按 完成 完成安装，并进行更新
>勾选 完整扫描，然后按 扫描
>等待扫瞄完成，按 显示结果，按下右键 按检查所有项目
>再按 清除已选择的项目 进行清理
>完成清理后会弹出扫描纪录，请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后 会产生log 另存於桌面>稍后上传

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/30/2013 07:09:26 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\ALViN\Desktop\rkill\rkill-11-30-2013-07-09-27.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO 传统 TDI 支援驱动程式 (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/30/2013 07:09:56 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

# AdwCleaner v3.013 - Report created 30/11/2013 at 19:11:25
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : ALViN - ALVIN-PC
# Running from : C:\Users\ALViN\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (zh-TW)

[ File : C:\Users\ALViN\AppData\Roaming\Mozilla\Firefox\Profiles\bhn23k67.default\prefs.js ]

Line Deleted : user_pref("extensions.DM2.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wind[...]
Line Deleted : user_pref("extensions.Zsg2Ugjt.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top [...]
Line Deleted : user_pref("extensions.tck3.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\ALViN\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8973 octets] - [30/11/2013 19:03:09]
AdwCleaner[R1].txt - [1680 octets] - [30/11/2013 19:11:09]
AdwCleaner[S0].txt - [8573 octets] - [30/11/2013 19:03:26]
AdwCleaner[S1].txt - [1607 octets] - [30/11/2013 19:11:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1667 octets] ##########

3同4我搵唔到LINK~~

3. 执行Junkware Removal Tool
下载连结 goo.gl/Pua07

4. 下载及安装Malwarebytes
下载连结 goo.gl/D1RRY

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by ALViN on 30/11/2013 周六 at 20:38:54.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\livesupport



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1797096024-271662868-2403403061-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\ALViN\AppData\Roaming\mozilla\firefox\profiles\bhn23k67.default\prefs.js

user_pref("extensions.DM2.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{
user_pref("extensions.Zsg2Ugjt.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 &&
user_pref("extensions.tck3.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n
user_pref("extensions.tck3.url", "hxxp://getjpinet.info/sync2/?q=hfZ9ofV9CShEAen0rHnMg708BNmGWj8siGhGheDUojwHrjwGpjaGrTUEpchIC7n0rjrFrjrErjwFrHa5tNhVCT94tMVKhd9Fqjn7rjCGrTgHrT
Emptied folder: C:\Users\ALViN\AppData\Roaming\mozilla\firefox\profiles\bhn23k67.default\minidumps [133 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2013 周六 at 20:40:25.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.30.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16736
ALViN :: ALVIN-PC [administrator]

Protection: Disabled

30/11/2013 20:48:46
mbam-log-2013-11-30 (20-48-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232012
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 17
C:\Program Files (x86)\QvodPlayer\AddIn\{DA0E66BD-935A-D9BB-334C-B84DCC2FECB3}\ASBarBroker.exe (PUP.Funshion) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\BabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\E09BD8B5-BAB0-7891-891C-2D747CD0580F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\ibtmpe0c3674\component_600 (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\ibtmpe0c3674\component_613 (PUP.Optional.SpeedAnalysis.A) -> No action taken.
C:\Users\ALViN\AppData\Local\Temp\ibtmpe0c3674\component_652 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\Users\ALViN\Downloads\com.sega.chainchronicle-v1.11.apk(1).exe (PUP.Optional.InstalleRex) -> No action taken.
C:\Users\ALViN\Downloads\com.sega.chainchronicle-v1.11.apk.exe (PUP.Optional.InstalleRex) -> No action taken.
C:\Users\ALViN\Downloads\FreeMediaPlayerSetup.exe (PUP.Optional.Somoto) -> No action taken.

(end)

1。做多次Malwarebytes
>等待扫瞄完成，按 显示结果，按下右键 按检查所有项目
>再按 清除已选择的项目 进行清理

2。然后重新安装浏览器
重设IE


卸载Chrome/Firefox > 重新开机 > 再安装

3。报告情况
仲有冇广告弹？