Virus przekierowujacy na strony z reklamami

Cześć,

 

Często po otwarciu strony zostaję przekierowany na stronę z reklamami (ostatnio także strony pornograficzne). Próbowałem używać AdwCleaner, ale nie pomogło, a skala tego zjawiska się nasila.

 

Logi FRST:

 

FRST

http://wklej.to/zLiH8

 

Addition 

http://wklej.to/ZQboC

 

Odinstaluj IncrementEdit,TheAdBlock.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [XeroxRegistation] = C:\Users\Mateusz\AppData\Local\Temp\Xerox\EReg\EReg.exe [157184 2008-03-13] (Xerox Corporation) ===== ATTENTION
HKU\S-1-5-21-3135873756-1747778033-1847798441-1001\...\Run: [SpeedUpMyComputer] = C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
ShellIconOverlayIdentifiers: [DropboxExt1] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt2] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt3] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt4] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
HKU\S-1-5-21-3135873756-1747778033-1847798441-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoEMonYBdpid=SnapdoEMonYBco=PLuserid=7feb83bf-34ac-4d47-8b5a-a950949af8bcsearchtype=dsq={searchTerms}installDate=09/07/2013
HKU\S-1-5-21-3135873756-1747778033-1847798441-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoEMonYBdpid=SnapdoEMonYBco=PLuserid=7feb83bf-34ac-4d47-8b5a-a950949af8bcsearchtype=dsq={searchTerms}installDate=09/07/2013
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQBq={searchTerms}
BHO: TTakeeTheCouuponn - {b15277e3-c583-427e-82f5-38f0ac244317} - C:\Program Files (x86)\TTakeeTheCouuponn\UkXkduUhLeDRyd.x64.dll [2015-03-06] ()
BHO-x32: TTakeeTheCouuponn - {b15277e3-c583-427e-82f5-38f0ac244317} - C:\Program Files (x86)\TTakeeTheCouuponn\UkXkduUhLeDRyd.dll [2015-03-06] ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1420051132from=wpcuid=TOSHIBAXMK3265GSX_11K3D5OQBXX11K3D5OQB
FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\8q1nz9e1.default\searchplugins\browsemngr.xml [2012-11-10]
FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\8q1nz9e1.default\searchplugins\delta.xml [2013-07-09]
FF Extension: Torntv - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\8q1nz9e1.default\Extensions\torntv@torntv.com [2013-02-06]
FF Extension: Torntv - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\8q1nz9e1.default\Extensions\torntv@torntv.com.xpi [2013-02-06]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\8q1nz9e1.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-11-17]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
2015-03-06 09:42 - 2015-03-06 09:44 - 00000000 ____ D () C:\Program Files (x86)\TTakeeTheCouuponn
C:\Windows\Installer\{f6463ed5-56b8-9e8a-cfea-6766bc3cf3a7}
C:\Users\Mateusz\AppData\Local\Temp\Xerox\EReg\EReg.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Dzięki, mam tylko jeden problem. TheAdBlock nie daje się odinstalować, cały czas wymaga zamknięcia przeglądarki, nawet gdy zostało to już wykonane.

Pomiń to i wykonaj resztę.

Wielkie dzięki!

 

Teraz wszystko działa i przestało przekierowywać na reklamy. 

Skasuj folder C:\FRST