Problém s presmerovaním na Ultrafiles.net

Zpráva

plllo · #1 Příspěvek od **plllo** » 26 dub 2014 22:39

Prosím o pomoc. Už dlhšiu dobu mam problém s presmerovaním na http://www.ultrafiles.net
Čítal som témy ktoré tu boli o tomto probléme ale kedže niesom bohvie aký ITčkar chcel by som poprosiť o nejaké riešenie vysvetlené čo najjednoduchšie.

Ďakujem.
Mám Windows 8.1 64-bit

#2 Příspěvek od **Rudy** » 27 dub 2014 10:15

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

plllo · #3 Příspěvek od **plllo** » 27 dub 2014 11:16

Log s FRST

#4 Příspěvek od **Rudy** » 27 dub 2014 12:24

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2077824057-3627672256-2651451842-1001\...\MountPoints2: {e1f448e4-ca1f-11e3-8252-40f02f82a79a} - "E:\WD SmartWare.exe" autoplay=true
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienwarearena.com/welcome-uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-uk
SearchScopes: HKLM - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL =
SearchScopes: HKCU - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL =
CHR Extension: (ThemeBeta.com) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd [2014-04-22]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {E415E0D6-BBCA-4990-89CA-E99399D9D340} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
Task: {8DD12C2C-1595-401B-8427-AD3A3B81DA08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
AlternateDataStreams: C:\Users\Adam\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Adam\SkyDrive:ms-properties
End

Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

plllo · #5 Příspěvek od **plllo** » 27 dub 2014 12:58

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2014 03
Ran by Adam at 2014-04-27 13:54:44 Run:1
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2077824057-3627672256-2651451842-1001\...\MountPoints2: {e1f448e4-ca1f-11e3-8252-40f02f82a79a} - "E:\WD SmartWare.exe" autoplay=true
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienwarearena.com/welcome-uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-uk
SearchScopes: HKLM - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL = http://www.bing.com/search?q={searchTer ... TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {212087C4-29A3-4A7D-AC29-3A0E79878764} URL =
SearchScopes: HKCU - {212087C4-29A3-4A7D-AC29-3A0E79878764} URL =
CHR Extension: (ThemeBeta.com) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd [2014-04-22]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {E415E0D6-BBCA-4990-89CA-E99399D9D340} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
Task: {8DD12C2C-1595-401B-8427-AD3A3B81DA08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
AlternateDataStreams: C:\Users\Adam\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Adam\SkyDrive:ms-properties
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-2077824057-3627672256-2651451842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f448e4-ca1f-11e3-8252-40f02f82a79a} => Key deleted successfully.
HKCR\CLSID\{e1f448e4-ca1f-11e3-8252-40f02f82a79a} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key deleted successfully.
HKCR\CLSID\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key deleted successfully.
HKCR\CLSID\{212087C4-29A3-4A7D-AC29-3A0E79878764} => Key not found.

"C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd" directory move:

Could not move "C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\Cached Theme.pak" => Scheduled to move on reboot.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\manifest.json => Moved successfully.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\images\theme_frame.png => Moved successfully.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\images\theme_ntp_background.png => Moved successfully.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\images\theme_tab_background.png => Moved successfully.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\images\theme_toolbar.png => Moved successfully.
Could not move "C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd" directory. => Scheduled to move on reboot.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E415E0D6-BBCA-4990-89CA-E99399D9D340} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E415E0D6-BBCA-4990-89CA-E99399D9D340} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DD12C2C-1595-401B-8427-AD3A3B81DA08} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD12C2C-1595-401B-8427-AD3A3B81DA08} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
"C:\Users\Adam\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\Adam\SkyDrive" => ":ms-properties" ADS not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-27 13:56:36)<=

C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd\1_0\Cached Theme.pak => Is moved successfully.
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijfogibdkbiikkacoeacfdodlbichgd => Moved successfully.

==== End of Fixlog ====

#6 Příspěvek od **Rudy** » 27 dub 2014 16:27

Smazáno. Nastala nějaká změna?

plllo · #7 Příspěvek od **plllo** » 27 dub 2014 16:35

Nie stále ma to prepája.

#8 Příspěvek od **Rudy** » 27 dub 2014 16:43

Zkuste Junkware removal Tool:

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

plllo · #9 Příspěvek od **plllo** » 27 dub 2014 16:48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Adam on ne 27.04.2014 at 17:45:00,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27.04.2014 at 17:47:22,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 Příspěvek od **Rudy** » 27 dub 2014 16:50

Změnilo se něco?

plllo · #11 Příspěvek od **plllo** » 27 dub 2014 16:51

Nič

#12 Příspěvek od **Rudy** » 27 dub 2014 16:54

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

plllo · #13 Příspěvek od **plllo** » 27 dub 2014 17:05

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.4.2014
Scan Time: 18:04:32
Logfile: log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.27.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Adam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244001
Time Elapsed: 4 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

plllo · #14 Příspěvek od **plllo** » 27 dub 2014 17:07

Inak tento počítač má asi 2 týždne. Anti virus má od začiatku používania. A toto presmerovanie robilo aj na starom PC. Robí to aj na notebooku aj na TV keď zapnem Internet.

#15 Příspěvek od **Rudy** » 27 dub 2014 17:22

Jak jste k internetu připojen?

VIRY.CZ

Problém s presmerovaním na Ultrafiles.net

Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net

Re: Problém s presmerovaním na Ultrafiles.net