打印

[求助] 廣告毒!! 亦係pop-up視窗變成廣告! (附HijackThis)

廣告毒!! 亦係pop-up視窗變成廣告! (附HijackThis) E-mail 此主題給朋友

[隱藏]
就咁睇同另一個版友中左類似的病毒
唔同browser去開一d pop-up的分視窗時會去左廣告網頁!
please help!! ><

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:12, on 17/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\BetterSoft\SaveByClick\SaveByClick.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PPStream\PPSKernel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Documents and Settings\Jimmy\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Documents and Settings\All Users\Application

Data\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(864).dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder

Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program

Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11

\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder

Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O3 - Toolbar: 啃僅馱撿戲 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11

\facemoodsTlbr.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m|\?
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -

launchedbylogin
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program

Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Final Codecs\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"



實用相關搜尋: Spa Software Java LCD Canon 廣告 Microsoft yahoo
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jimmy\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo!Mini] "C:\PROGRA~1\Yahoo!\Mini\YMiniUpdat2.exe" -c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [記事本] notpad
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise

Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise

Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="d:\nvidia\drivers\182.42\winxp

(182.42)\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSKernel.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下載 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下載全部影片 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Documents and Settings\All Users\Application Data\Thunder

Network\XMP4\Core\Program\XmpIEMenu.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 設為 Messenger Live 頭像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {019c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Documents and Settings\All Users\Application

Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra 'Tools' menuitem: ??迅雷看看播放器 - {019c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Documents and Settings\All

Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
O9 - Extra button: 迅雷看看播放器 - {119c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Documents and Settings\All Users\Application

Data\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files\Common Files\Thunder

Network\Kankan\XLStartKankan.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program

Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor2.0.2.7.dll
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://download.alipay.com/ukey/cert/1007/ie/PTA.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -

https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} (SecureSession Class) -

http://warranty.samsungmcs.com.hk:8080/plugIn/SecuiSECIE.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {d906ea8a-c5b5-4e1d-9b4f-9f75b1c56efd} - C:\DOCUME~1\Jimmy\LOCALS~1\Temp\mstmp.
O20 - AppInit_DLLs: c:\progra~1\saveby~1\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program

Files\GIGABYTE\EnergySaver\GSvr.exe



實用相關搜尋: Spa Software Samsung Canon Microsoft google 部落格 yahoo
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance

Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared

files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 19816 bytes






:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

Step 1 : 開啟 HijackThis 修復項目

  • 開啟 HijackThis,按一下 Do a system scan only
  • 在左方的小格,勾選以下項目:
    引用:
    O20 - AppInit_DLLs: c:\progra~1\saveby~1\sprote~1.dll
  • 接一下 Fix checked,然後再按
  • 關閉 HijackThis

Step 2 : 重新啟動電腦

  • 重新啟動電腦
  • 請進入安全模式

Step 3 : 刪除檔案

  • 下載 OTM 至桌面,並執行 OTM
  • 複製下列文字,並貼上於 Paste Instructions for Items to be Moved 之框格內:
    引用:
    :files
    C:\progra~1\saveby~1\sprote~1.dll
  • 按一下 MoveIt!,再按 OK,並重新啟動電腦

Step 4 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis



實用相關搜尋: Spa Canon 電腦

TOP

[隱藏]
Thanks for your reply
但都仲係有廣告呢個問題呢!!
pls help~

http://www.sendspace.com/filegroup/7IFt2l%2FpXggMNmh%2FGiFGaA

otm log & hijackthis log!
Thanks~



實用相關搜尋: Spa 廣告
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

Step 1 : 下載及安裝 Malwarebytes' Anti-Malware

  • 下載 Malwarebytes' Anti-Malware
    http://www.malwarebytes.org/mbam-download.php
  • 儲存 mbam-setup.exe 至桌面
  • 執行 mbam-setup.exe 開始進行安裝,安裝時請選擇 English 作為安裝語言
  • Next,勾選 I accept the agreement 後再按 Next
  • 然後全部都按 Next,不需要更改任何設定
  • Install 後等候安裝
  • Finish 完成安裝,並進行更新

Step 2 : 使用 Malwarebytes' Anti-Malware

  • 勾選 Perform full scan,然後按 Scan
  • 再按 Scan,進行掃瞄
  • 等待掃瞄完成,按 Show Results,再按 Remove Selected 進行清理
  • 完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面
  • 關閉 Malwarebytes' Anti-Malware

Step 3 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • Malwarebytes' Anti-Malware



實用相關搜尋: Spa MBA 電腦

TOP

http://www.sendspace.com/filegroup/9Tz4140%2Buy1ptKBruS%2BeSQ

Thanks so much!
Don't know why no log popped up after the scan for Malwarebytes' Anti-Malware
I manually copied the LOG file, thought it's the same.

同睇來好似冇再re-direct...!



實用相關搜尋: Spa
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

如果沒有問題,請將標題的「求助」轉為「已解決」。





TOP

都係唔得...
還是再有出現...



實用相關搜尋: Spa
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

same here


實用相關搜尋: Spa

TOP

請貼上新的 HijackThis 紀錄。


實用相關搜尋: Spa

TOP

Sendspace:
http://www.sendspace.com/file/wf0qfa
thanks..個情況好似勁左咁 - -
之前都無跳得咁勁, 而家差唔多下下pop up之後都去左ad ><



實用相關搜尋: Spa
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

Step 1 : 使用 Malwarebytes' Anti-Malware

  • 執行 Malwarebytes' Anti-Malware
  • Update,再按 Check for Updates
  • 完成更新後,按 Scanner
  • 勾選 Perform full scan,然後按 Scan
  • 再按 Scan,進行掃瞄
  • 等待掃瞄完成,按 Show Results,再按 Remove Selected 進行清理
  • 完成清理後會彈出掃描紀錄,請儲存掃描紀錄至桌面
  • 關閉 Malwarebytes' Anti-Malware

Step 2 : 下載及執行 SREng

  • 下載 SREng 至桌面,並解壓縮檔案
  • 執行 SREng,並按一下智慧掃瞄
  • 按一下掃瞄SREng 會進行掃瞄,請耐心等待
  • 保存報告,並儲存它

Step 3 : 簡述情況及貼上報告

  • 請簡述一下閣下電腦的狀況
  • 請上傳下列報告至 Sendspace

  • HijackThis
  • Malwarebytes' Anti-Malware
  • SREng







TOP

仲係有呢個情況呀 ...
thanks..

http://www.sendspace.com/filegro ... EfBH8hJyANcgICDrraT



實用相關搜尋: Spa
:::Britney:::Morning Musume:::Otsuka Ai:::Rihanna:::Clamp_XXX Holic_Tsubasa_Chobits:::

TOP

[隱藏]
Step 1 : 下載及執行 ATF-Cleaner

  • 下載 ATF-Cleaner 至桌面,並執行 ATF-Cleaner
  • 勾選 Select All,後按 Empty Selected 進行清理
  • 最後關閉 ATF-Cleaner



實用相關搜尋: Spa

TOP

伸延閱讀
 23 12
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.3