Proszę o przejrzenie logów i pomoc w od infekowaniu laptopa. Nie wiem czemu ale przykładowo strona wp wyświetla mi się nieprawidłowo:
http://i.imgur.com/SrtwEdy.png
W autostarcie mam taki wpis: fst_pl_126, nie mam pojęcia co to jest i gdzie to usunąć.
Logi:
Odinstaluj Adobe Reader 9.5.5 - Polish.Otwórz notatnik systemowy i wklej:
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [fst_pl_126] = [X]
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL = C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL = "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
HKU\S-1-5-21-4252998405-2261948787-377368717-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=dsts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
HKU\S-1-5-21-4252998405-2261948787-377368717-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKU\S-1-5-21-4252998405-2261948787-377368717-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
HKU\S-1-5-21-4252998405-2261948787-377368717-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=dsts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=scts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1402566749from=amtuid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
SearchScopes: HKU\S-1-5-21-4252998405-2261948787-377368717-1001 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
SearchScopes: HKU\S-1-5-21-4252998405-2261948787-377368717-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470Pq={searchTerms}
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=ntts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
FF SelectedSearchEngine: delta-homes
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\kgkjf70q.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\kgkjf70q.default\extensions\detgdp@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=scts=1419599094from=wpm12262uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF497470P
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-26] (Fuyu LIMITED) [File not signed]
R1 {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64; C:\Windows\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64.sys [61112 2014-06-11] (StdLib)
R1 {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}w64; C:\Windows\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}w64.sys [61112 2014-06-13] (StdLib)
2015-01-04 09:32 - 2015-01-04 09:32 - 00000000 ____ D () C:\Users\Andrzej\AppData\Roaming\eCyber
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Dziękuję, strona startowa wyświetla się już prawidłowo. Jednak wp nadal wyświetla się w takim formatowaniu jak pokazałem na screenie, co może być tego powodem, jak temu zaradzić?. Dlaczego mam odinstalować Adobe Reader? Używam go już kilka lat i się do niego przyzwyczaiłem, konieczne jest jego usunięcie?.
Reset Firefoxa: Pomoc-Informacje dla pomocy technicznej-Zresetuj program Firefox
AdobeReader wymaga aktualizacji dlatego proponuję bardziej bezpieczny FoxitReader.
Wyłączyłem Adblock Plus i wp już wyświetla się prawidłowo. Widocznie to on powodował takie wyświetlanie się stron. Dziękuję za pomoc.