Добрый день. Проблема заключается в самопроизвольном переходе на сайты с рекламой после клика по ссылкам. Заранее спасибо!!!
Printable View
Добрый день. Проблема заключается в самопроизвольном переходе на сайты с рекламой после клика по ссылкам. Заранее спасибо!!!
Уважаемый(ая) [B]Sifon[/B], спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
Запускайте HijackThis правой кнопкой мыши - "Запуск от имени Администратора".
Пофиксите в HijackThis только указанные строки [URL="http://virusinfo.info/showthread.php?t=4491"](как пофиксить)[/URL]:
[CODE]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1408007863&from=cor&uid=SAMSUNGXSP2504C_S09QJ10L827808&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1408007863&from=cor&uid=SAMSUNGXSP2504C_S09QJ10L827808&q={searchTerms}
O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
[/CODE]
Запускайте AVZ правой кнопкой мыши - "Запуск от имени Администратора".
Выполните скрипт в AVZ [URL="http://virusinfo.info/showthread.php?t=7239"](как выполнить)[/URL]:
[CODE]
begin
TerminateProcessByName('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe');
TerminateProcessByName('C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe');
TerminateProcessByName('c:\program files (x86)\clearthink\bin\clearthink.expext.exe');
TerminateProcessByName('c:\programdata\iepluginservices\pluginservice.exe');
TerminateProcessByName('c:\program files (x86)\clearthink\updateclearthink.exe');
TerminateProcessByName('c:\program files (x86)\clearthink\bin\utilclearthink.exe');
TerminateProcessByName('C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe');
TerminateProcessByName('c:\program files (x86)\clearthink\bin\clearthink.browseradapter.exe');
TerminateProcessByName('c:\program files (x86)\clearthink\bin\clearthink.boashelper.exe');
ClearQuarantine;
DelBHO('{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}');
QuarantineFile('C:\Program Files (x86)\ClearThink\ClearThinkBHO.dll','');
QuarantineFile('C:\ProgramData\WindowsMangerPro','');
QuarantineFile('C:\Windows\system32\drivers\{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{e5e8bd85-21de-4190-b364-33beb625e47f}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{e0cbbba5-5c5d-4016-a69f-410443e505d1}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9ce7879e-efcb-4d59-a160-5f2b28c004e0}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{944d25d5-1adf-4cba-98d5-05e5f2efd201}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9390ab08-5703-448b-94f8-b8b1934c8841}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9307392e-ba24-447f-958f-5a785f03634f}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{75729234-632f-47d7-8e20-2e89ba1587cf}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{18fa7aee-6838-42dd-8d32-3fd665a7e664}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{0cc68180-2a05-471a-a647-5c6cbe910ab9}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{0729a3ff-5ca9-4654-a275-96df29273fbf}w64.sys','');
QuarantineFile('C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe','');
QuarantineFile('C:\Program Files (x86)\ClearThink\updateClearThink.exe','');
QuarantineFile('C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','');
QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
QuarantineFile('C:\Program Files (x86)\ClearThink\bin\{e5e8bd85-21de-4190-b364-33beb625e47f}.dll','');
QuarantineFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.expextdll.dll','');
QuarantineFile('c:\program files (x86)\clearthink\bin\utilclearthink.exe','');
QuarantineFile('c:\program files (x86)\clearthink\updateclearthink.exe','');
QuarantineFile('c:\programdata\iepluginservices\pluginservice.exe','');
QuarantineFile('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','');
QuarantineFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe','');
QuarantineFile('c:\program files (x86)\clearthink\bin\clearthink.expext.exe','');
QuarantineFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe','');
QuarantineFile('c:\program files (x86)\clearthink\bin\clearthink.browseradapter.exe','');
QuarantineFile('c:\program files (x86)\clearthink\bin\clearthink.boashelper.exe','');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
StopService('Util ClearThink');
SetServiceStart('Util ClearThink', 4);
DeleteService('Util ClearThink');
StopService('Update ClearThink');
SetServiceStart('Update ClearThink', 4);
DeleteService('Update ClearThink');
StopService('MaintainerSvc3.38.8461645');
SetServiceStart('MaintainerSvc3.38.8461645', 4);
DeleteService('MaintainerSvc3.38.8461645');
StopService('IePluginServices');
SetServiceStart('IePluginServices', 4);
DeleteService('IePluginServices');
SetServiceStart('{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}w64', 4);
DeleteService('{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}w64');
StopService('{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}w64');
SetServiceStart('{f8280ede-2ab0-420d-ae0f-169ba406978b}w64', 4);
DeleteService('{f8280ede-2ab0-420d-ae0f-169ba406978b}w64');
StopService('{f8280ede-2ab0-420d-ae0f-169ba406978b}w64');
SetServiceStart('{ea2115a6-5989-483c-b1ee-19fba43198ff}w64', 4);
DeleteService('{ea2115a6-5989-483c-b1ee-19fba43198ff}w64');
StopService('{ea2115a6-5989-483c-b1ee-19fba43198ff}w64');
SetServiceStart('{e5e8bd85-21de-4190-b364-33beb625e47f}w64', 4);
DeleteService('{e5e8bd85-21de-4190-b364-33beb625e47f}w64');
StopService('{e5e8bd85-21de-4190-b364-33beb625e47f}w64');
SetServiceStart('{e0cbbba5-5c5d-4016-a69f-410443e505d1}w64', 4);
DeleteService('{e0cbbba5-5c5d-4016-a69f-410443e505d1}w64');
StopService('{e0cbbba5-5c5d-4016-a69f-410443e505d1}w64');
SetServiceStart('{c89879cb-75b8-4cb6-bc13-07c704396fd0}w64', 4);
DeleteService('{c89879cb-75b8-4cb6-bc13-07c704396fd0}w64');
StopService('{c89879cb-75b8-4cb6-bc13-07c704396fd0}w64');
SetServiceStart('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64', 4);
DeleteService('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64');
StopService('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64');
SetServiceStart('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64', 4);
StopService('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64');
DeleteService('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64');
SetServiceStart('{b35afcf6-0992-4551-b2da-3af8a5dc5119}w64', 4);
DeleteService('{b35afcf6-0992-4551-b2da-3af8a5dc5119}w64');
StopService('{b35afcf6-0992-4551-b2da-3af8a5dc5119}w64');
SetServiceStart('{b0c51d23-966e-4986-81ac-a04859acb990}w64', 4);
DeleteService('{b0c51d23-966e-4986-81ac-a04859acb990}w64');
StopService('{b0c51d23-966e-4986-81ac-a04859acb990}w64');
SetServiceStart('{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}w64', 4);
DeleteService('{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}w64');
StopService('{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}w64');
SetServiceStart('{9ce7879e-efcb-4d59-a160-5f2b28c004e0}w64', 4);
DeleteService('{9ce7879e-efcb-4d59-a160-5f2b28c004e0}w64');
StopService('{9ce7879e-efcb-4d59-a160-5f2b28c004e0}w64');
SetServiceStart('{94538859-34de-4cd4-9dc6-aa29e98ff214}w64', 4);
DeleteService('{94538859-34de-4cd4-9dc6-aa29e98ff214}w64');
StopService('{94538859-34de-4cd4-9dc6-aa29e98ff214}w64');
SetServiceStart('{944d25d5-1adf-4cba-98d5-05e5f2efd201}w64', 4);
DeleteService('{944d25d5-1adf-4cba-98d5-05e5f2efd201}w64');
StopService('{944d25d5-1adf-4cba-98d5-05e5f2efd201}w64');
SetServiceStart('{9390ab08-5703-448b-94f8-b8b1934c8841}w64', 4);
DeleteService('{9390ab08-5703-448b-94f8-b8b1934c8841}w64');
StopService('{9390ab08-5703-448b-94f8-b8b1934c8841}w64');
SetServiceStart('{9307392e-ba24-447f-958f-5a785f03634f}w64', 4);
DeleteService('{9307392e-ba24-447f-958f-5a785f03634f}w64');
StopService('{9307392e-ba24-447f-958f-5a785f03634f}w64');
SetServiceStart('{75729234-632f-47d7-8e20-2e89ba1587cf}w64', 4);
DeleteService('{75729234-632f-47d7-8e20-2e89ba1587cf}w64');
StopService('{75729234-632f-47d7-8e20-2e89ba1587cf}w64');
SetServiceStart('{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64', 4);
DeleteService('{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64');
StopService('{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64');
SetServiceStart('{38f72c19-9857-4bc2-b729-9d00bd429872}w64', 4);
DeleteService('{38f72c19-9857-4bc2-b729-9d00bd429872}w64');
StopService('{38f72c19-9857-4bc2-b729-9d00bd429872}w64');
SetServiceStart('{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}w64', 4);
DeleteService('{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}w64');
StopService('{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}w64');
SetServiceStart('{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}w64', 4);
DeleteService('{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}w64');
StopService('{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}w64');
SetServiceStart('{18fa7aee-6838-42dd-8d32-3fd665a7e664}w64', 4);
DeleteService('{18fa7aee-6838-42dd-8d32-3fd665a7e664}w64');
StopService('{18fa7aee-6838-42dd-8d32-3fd665a7e664}w64');
SetServiceStart('{0cc68180-2a05-471a-a647-5c6cbe910ab9}w64', 4);
StopService('{0cc68180-2a05-471a-a647-5c6cbe910ab9}w64');
DeleteService('{0cc68180-2a05-471a-a647-5c6cbe910ab9}w64');
SetServiceStart('{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}w64', 4);
DeleteService('{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}w64');
StopService('{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}w64');
SetServiceStart('{0729a3ff-5ca9-4654-a275-96df29273fbf}w64', 4);
DeleteService('{0729a3ff-5ca9-4654-a275-96df29273fbf}w64');
StopService('{0729a3ff-5ca9-4654-a275-96df29273fbf}w64');
DeleteFile('c:\program files (x86)\clearthink\bin\clearthink.boashelper.exe','32');
DeleteFile('c:\program files (x86)\clearthink\bin\clearthink.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe','32');
DeleteFile('c:\program files (x86)\clearthink\bin\clearthink.expext.exe','32');
DeleteFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe','32');
DeleteFile('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','32');
DeleteFile('c:\programdata\iepluginservices\pluginservice.exe','32');
DeleteFile('c:\program files (x86)\clearthink\updateclearthink.exe','32');
DeleteFile('c:\program files (x86)\clearthink\bin\utilclearthink.exe','32');
DeleteFile('C:\Program Files (x86)\ClearThink\bin\ClearThink.expextdll.dll','32');
DeleteFile('C:\Program Files (x86)\ClearThink\bin\{e5e8bd85-21de-4190-b364-33beb625e47f}.dll','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','32');
DeleteFile('C:\Program Files (x86)\ClearThink\updateClearThink.exe','32');
DeleteFile('C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe','32');
DeleteFile('C:\Windows\system32\drivers\{0729a3ff-5ca9-4654-a275-96df29273fbf}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{0cc68180-2a05-471a-a647-5c6cbe910ab9}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{18fa7aee-6838-42dd-8d32-3fd665a7e664}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{75729234-632f-47d7-8e20-2e89ba1587cf}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9307392e-ba24-447f-958f-5a785f03634f}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9390ab08-5703-448b-94f8-b8b1934c8841}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{944d25d5-1adf-4cba-98d5-05e5f2efd201}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9ce7879e-efcb-4d59-a160-5f2b28c004e0}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e0cbbba5-5c5d-4016-a69f-410443e505d1}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e5e8bd85-21de-4190-b364-33beb625e47f}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}w64.sys','32');
DeleteFile('C:\ProgramData\WindowsMangerPro','32');
DeleteFile('C:\Program Files (x86)\ClearThink\ClearThinkBHO.dll','32');
ExecuteWizard('SCU',2,2,true);
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
RebootWindows(true);
end.
[/CODE]
Компьютер перезагрузится.
Загрузите quarantine.zip из папки AVZ по красной ссылке "Прислать запрошенный карантин" в шапке этой темы.
Снимите галки со всего, что относится к Mail.Ru во всех вкладках AdwCleaner. (если пользуетесь этим).
Все остальное удалите в AdwCleaner.
Как удалить:
[url]http://virusinfo.info/showthread.php?t=146192&p=1041864&viewfull=1#post1041864[/url]
Сделайте заново лог virusinfo_syscheck.zip и лог HijackThis (пункты 2 и 3 раздела "Диагностика" [URL="http://virusinfo.info/pravila.html"]правил[/URL]) и приложите в теме.