Automatycznie uruchamiające się reklamy w oknie przeglądarki

wiktoro198 · 20 Kwiecień 2014 12:22

Witam, mam problem z reklamami które uruchamiają mi się w oknie co jakiś czas, być może zainstalowałem jakiś darmowy syf, nie zwracając na to uwagi, chciałbym się pozbyć tego. Zawsze ktoś prosi o jakiegoś OTL, wybaczcie ale ale mało się na tym znam. To jest ten OTL: http://wklej.to/PGuUv

Acorus · 20 Kwiecień 2014 13:12

Odinstaluj BrowseToSave,BrowseMark,Claro Chrome Toolbar,Certified Toolbar 1.9,BabylonObjectInstaller,VDownloader Toolbar,saaFe saave,continuetosave,SearchNewTab,AVG Security Toolbar,Contextual Tool Extrafind,Babylon toolbar on IE,Bundled software uninstaller,BitTorrentBar Toolbar,Bonanza Deals (remove only),Claro toolbar,DealPly (remove only),fst_pl_96,Giant Savings,McAfee Security Scan Plus,Mobogenie,Norton Security Scan,Optimizer Pro v3.1,SimilarSites,ContinueToSave 1.74,SafeSaver 1.74,WinZipper,

VDownloader Toolbar Updater,Qtrax Player,Lollipop,Price Meter (remove only),Update for PriceMeter,vDownloader Packages.Użyj AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).

Pokaż nowy OTL.txt

wiktoro198 · 20 Kwiecień 2014 14:35

Zrobione Acorus.

Nowy OTL: http://wklej.to/I8iSD

Acorus · 20 Kwiecień 2014 14:59

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
DRV:64bit: - [2014-03-15 00:45:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}: "URL" = http://www.default-search.net/search?sid=498aid=109itype=nver=12386tm=323src=dsp={searchTerms}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes\{0EC5F614-5B3D-4467-8723-8D3D4B46CE57}: "URL" = http://startsear.ch/?aff=2src=spcf=e4934edc-75d5-11e1-b5ef-50e549a7a95cq={searchTerms}
IE - HKLM\..\SearchScopes\{18F1B1A4-E5ED-4A62-8236-7AB742671CC0}: "URL" = http://startsear.ch/?aff=1src=spcf=e4934edc-75d5-11e1-b5ef-50e549a7a95cq={searchTerms}
IE - HKLM\..\SearchScopes\{3F468CF9-61F9-4F0B-AAD8-43663B1F1A88}: "URL" = http://startsear.ch/?aff=1src=spcf=e4934edc-75d5-11e1-b5ef-50e549a7a95cq={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}: "URL" = http://www.default-search.net/search?sid=498aid=109itype=nver=12386tm=323src=dsp={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=498aid=109itype=nver=12386tm=323src=hmp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{0EC5F614-5B3D-4467-8723-8D3D4B46CE57}: "URL" = http://startsear.ch/?aff=2src=spcf=e4934edc-75d5-11e1-b5ef-50e549a7a95cq={searchTerms}
IE - HKCU\..\SearchScopes\{18F1B1A4-E5ED-4A62-8236-7AB742671CC0}: "URL" = http://startsear.ch/?aff=1src=spcf=e4934edc-75d5-11e1-b5ef-50e549a7a95cq={searchTerms}
IE - HKCU\..\SearchScopes\{9767D189-5B86-4B82-8FAA-B16B500EE96E}: "URL" = http://search.certified-toolbar.com?si=33953bs=truetid=2958q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}: "URL" = http://www.default-search.net/search?sid=498aid=109itype=nver=12386tm=323src=dsp={searchTerms}
IE - HKCU\..\SearchScopes\{C805EB25-DABB-462F-ABD4-B82DB1934CC1}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ietb=ORJo=100000026src=kwq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000
[2014-04-20 16:17:52 | 000,000,000 | ---D | M] ("Plus-HD-9.1") -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\4k7jdue6.default\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [fst_pl_96] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PriceMeterW] C:\Users\Win7\AppData\Local\PriceMeter\pricemeterw.exe (PriceMeter)
O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniSpiker-2.6.lnk = File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (Reg Error: Key error.)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[2014-04-20 15:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-9.1
[2014-04-17 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
[2014-04-17 14:39:53 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\PriceMeter
[2012-03-15 19:56:48 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
[2012-03-15 19:56:48 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe
[2014-04-20 16:18:16 | 000,002,766 | ---- | M] () -- C:\Windows\tasks\3088d587-54aa-48af-b48c-7f4e0c41b772-3.job
[2014-04-20 16:17:57 | 000,001,438 | ---- | M] () -- C:\Windows\tasks\3088d587-54aa-48af-b48c-7f4e0c41b772-5.job
[2014-04-20 16:17:56 | 000,002,124 | ---- | M] () -- C:\Windows\tasks\3088d587-54aa-48af-b48c-7f4e0c41b772-4.job
[2014-04-20 16:17:46 | 000,001,352 | ---- | M] () -- C:\Windows\tasks\3088d587-54aa-48af-b48c-7f4e0c41b772-2.job
[2014-04-20 16:17:43 | 000,001,346 | ---- | M] () -- C:\Windows\tasks\3088d587-54aa-48af-b48c-7f4e0c41b772-1.job
[2014-04-20 16:17:39 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014-04-20 16:17:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-04-20 16:17:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014-04-20 15:47:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
[2014-04-20 13:56:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3278253223-2622619984-686015309-1000UA.job
[2014-04-19 22:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3278253223-2622619984-686015309-1000Core.job
@Alternate Data Stream - 1275 bytes - C:\ProgramData\Microsoft:TIixyfC711e3i0fHqVdy
@Alternate Data Stream - 1252 bytes - C:\Program Files (x86)\Common Files\System:tp5WQO1tdx8fOL97o5U
@Alternate Data Stream - 119 bytes - C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 1189 bytes - C:\ProgramData\Microsoft:iPt4C4k9Eta32MhX
@Alternate Data Stream - 1187 bytes - C:\Users\Win7\AppData\Local\CpnsvMFO9ovHL:tapTg8xj6jDnQIobp4UatDAj

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Po restarcie uruchom OTL i użyj opcji Sprzątanie.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.0.1000.exe

wiktoro198 · 20 Kwiecień 2014 15:41

Ok, teraz jestem na etapie zakończenia skanu tym podesłanym przez ciebie programem. Wykryto dużo objektów. Najwięcej kluczy rejestru i plików, jeszcze moduły, foldery i wartości rejestru, większość wykrytych obiektów z dopiskiem PUP na początku. Dodać wszystko do kwarantanny?.

Acorus · 20 Kwiecień 2014 15:48

Tak.

wiktoro198 · 20 Kwiecień 2014 16:06

Wygląda na to że pomogło, już po usunięciu tych programów i oczyszczeniu ADW Cleanarem. Ale wykonałem też dodatkowe czynności. Dzięki za pomoc.