小弟上网成日有广告弹出黎,附 图 + HJTInstall.....

烦左我一段时间,无论上咩网都系弹出黎,系痴系个网的左手边,可以x左佢的,不过真系好烦,求大大帮我解决左佢....

http://postimg.org/image/p19kazroz/

左手边个d...

[ 本帖最后由 WhatTheFook 於 2013-11-3 06:05 PM 编辑 ]

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 下午 06:03:19, on 2013/11/3Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)FIREFOX: 24.0 (zh-TW)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\Samsung\Kies\KiesTrayAgent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PPStream\PPSKernel.exeC:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files\Samsung\Kies\Kies.exeC:\Program Files\Baidu\BaiduPlayer\3.2.1.107\BaiduPlayer.exeC:\Program Files\Baidu\BaiduPlayer\3.2.1.107\BaiduP2PService.exeC:\Program Files\Baidu\BaiduPlayer\3.2.1.107\downloader.exeC:\Program Files\Baidu\BaiduPlayer\3.2.1.107\bdbtray.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\FsUsbExService.ExeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\LemurLeap\updateLemurLeap.exeC:\Program Files\LemurLeap\bin\utilLemurLeap.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Meitu\KanKan\KanKan\KanKan.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exeO2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: LemurLeap - {415419c3-dad0-4df1-ac37-22c72ad81878} - C:\Program Files\LemurLeap\LemurLeapbho.dllO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live 登入小帮手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguiO4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [network_smb_serialnumber] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BI_RunOnce.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "network_smb_serialnumber" /id "7zipaixr" /name "7-Zip" /uniqid 3EqOn1G O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeO4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preloadO4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeO4 - HKCU\..\Run: [BaiduMEDIA] C:\Program Files\Baidu\BaiduPlayer\3.2.1.107\BaiduPlayer.exe minimizeO4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cabO20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: BitGuard - Unknown owner - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (file missing)O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.ExeO23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google更新 服务 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Update LemurLeap - LemurLeap - C:\Program Files\LemurLeap\updateLemurLeap.exeO23 - Service: Util LemurLeap - LemurLeap - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe--End of file - 8209 bytes

[ 本帖最后由 WhatTheFook 於 2013-11-3 06:04 PM 编辑 ]

推

推

1. 执行Rkill
下载连结 http://www.bleepingcomputer.com/download/rkill/dl/11/
将档案储存於桌面>双击执行iExplore.exe>完成后会产生log (如果桌面无显示档案 另存於桌面)>稍后上传

2. 执行AdwCleaner
下载连结 http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
将档案储存於桌面>双击执行AdwCleaner.exe>按下Scan>扫描完成后 按下Clean>重启电脑>完成后会产生log 另存於桌面>稍后上传

3. 执行Junkware Removal Tool
下载连结 http://www.bleepingcomputer.com/ ... emoval-tool/dl/131/
将档案储存於桌面>双击执行JRT.exe>按下任意键>扫描完成后 重启电脑>完成后会产生log (如果桌面无显示档案 另存於桌面)>稍后上传

4. 下载及安装Malwarebytes
下载连结 http://www.bleepingcomputer.com/ ... -anti-malware/dl/7/
>将档案储存於桌面>双击执行mbam-setup.exe
>选择繁体中文作为安装语言
>按 下一步 勾选 我同意 后再按 下一步
>然后全部都按 下一步，不需要更改任何设定
>按 安装 后等候安装
>按 完成 完成安装，并进行更新
>勾选 完整扫描，然后按 扫描
>等待扫瞄完成，按 显示结果，按下右键 按检查所有项目
>再按 Remove Selected 进行清理
>完成清理后会弹出扫描纪录，请储存扫描纪录至桌面
>关闭 Malwarebytes' Anti-Malware
>扫描完成后 会产生log 另存於桌面>稍后上传