nanann
26 Czerwiec 2013 11:17
#1
Witam, po raz kolejny mam problem z reklamami. Po włączeniu przeglądarki nie wyświetla się strona startowa lecz tak jakby wyszukiwarka i to z reklamą na dole. Poniżej screen.
http://speedy.sh/3mHMu/Bez-tytulu.png
Wklejam logi z OTL:
http://www.wklej.org/id/1074156/
Extras:
http://www.wklej.org/id/1074157/
Czy to jest jakiś wirus? Co trzeba zrobić aby to usunąć?
Atis
26 Czerwiec 2013 11:31
#2
Odinstaluj:
Web Assistant 2.0.0.573
iLivid
Conduit Engine
McAfee Security Scan Plus
Softonic toolbar on IE
Software Plate
vShare.tv plugin 1.3
Windows iLivid Toolbar
IB Updater Service
DealPly
Mysearchdial
Uruchom AdwCleaner i kliknij Usuń.
Pokaż nowy log z OTL.
nanann
26 Czerwiec 2013 12:07
#3
Atis
26 Czerwiec 2013 12:15
#4
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE:64bit: - HKLM…\SearchScopes{605EDB4A-0292-94A9-359F-1DFC67A108D2}: “URL” = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyByD0FtB0A0A0CyD0DyDtN0D0Tzu0StBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1722050304 IE - HKLM…\SearchScopes{02931CC8-23F5-4BF7-1213-2042D9CEB820}: “URL” = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyByD0FtB0A0A0CyD0DyDtN0D0Tzu0StBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1722050304 IE - HKLM…\SearchScopes{FF08D71F-9C68-4A14-99A2-A9BC0DB5BAAA}: “URL” = http://dts.search-results.com/sr?src=ie … 06&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\SearchScopes{2324AEA1-3DA5-7798-A821-470225CF5A13}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=fa79c5d50000000000001c6f6575f2aa IE - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\SearchScopes{605EDB4A-0292-94A9-359F-1DFC67A108D2}: “URL” = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyByD0FtB0A0A0CyD0DyDtN0D0Tzu0StBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1722050304 IE - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\SearchScopes{70AAE3A3-8291-4ED4-A8FA-53D84E8E7399}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=A4341D3E-1DBF-4F6C-84CF-298D9DBC852F&apn_sauid=2D80C773-382F-4C2A-BC55-223AFD60A7F9 IE - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\SearchScopes{FF08D71F-9C68-4A14-99A2-A9BC0DB5BAAA}: “URL” = http://dts.search-results.com/sr?src=ie … 06&sr=0&q={searchTerms} FF - prefs.js…browser.search.order.1: “Mysearchdial” FF - prefs.js…browser.search.selectedEngine: “Mysearchdial” [2013-06-26 12:26:57 | 000,002,120 | ---- | M] () – C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wbhoi2f9.default-1367170199889\searchplugins\MyStart Search.xml O3:64bit: - HKLM…\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM…\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O4 - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\Run: [] File not found O4 - HKU\S-1-5-21-3685996803-369467779-925902911-1000…\Run: [winupdate.exe] C:\Users\User\AppData\Roaming\winupdate.exe File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O7 - HKU\S-1-5-21-3685996803-369467779-925902911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: MediaInfo = C:\Users\User\AppData\Roaming\258C81.exe O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Value error.) [2013-06-26 12:24:32 | 000,000,372 | ---- | M] () – C:\Windows\tasks\RNUpgradeHelperLogonPrompt_User.job [2013-06-25 08:50:12 | 000,000,362 | ---- | M] () – C:\Windows\tasks\ReclaimerUpdateXML_User.job [2013-06-17 18:04:45 | 000,000,366 | ---- | M] () – C:\Windows\tasks\ReclaimerUpdateFiles_User.job [2013-06-01 09:47:28 | 000,572,439 | ---- | C] () – C:\Users\User\AppData\Local\mysearchdial.crx [2012-09-06 21:00:17 | 000,002,560 | -HS- | C] () – C:\ProgramData\ms001D730D.dat [2012-07-30 17:10:48 | 000,384,844 | ---- | C] () – C:\Users\User\AppData\Local\funmoods-speeddial.crx [2012-07-30 17:10:48 | 000,031,465 | ---- | C] () – C:\Users\User\AppData\Local\funmoods.crx [2011-07-31 19:01:30 | 000,000,000 | —D | M] – C:\Users\User\AppData\Roaming\Babylon [2013-03-12 16:00:42 | 000,000,000 | —D | M] – C:\Users\User\AppData\Roaming\DealPly [2011-03-22 18:13:28 | 000,000,000 | —D | M] – C:\Users\User\AppData\Roaming\OpenCandy [2013-06-02 11:31:30 | 000,000,000 | —D | M] – C:\Users\User\AppData\Roaming\PerformerSoft :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=- :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
nanann
27 Czerwiec 2013 00:27
#5
Atis
27 Czerwiec 2013 09:16
#6
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
Aby usunąć wszystkie punkty przywracania
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.
http://wstaw.org/m/2012/12/29/2012-12-29_005346.png
nanann
28 Czerwiec 2013 09:03
#7
Najpierw zeskanowałem, później usunąłem. Log z Malware:
http://www.wklej.org/id/1075670/
