Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mozilla - złośliwe reklamy -

27 Sty 2014 20:06 1584 6
  • Poziom 12  
    Witam, od obecnej chwili zaczęły mi wyskakiwać uciążliwe reklamy, m.in ze strony frycell.pl, także playhe.com. Używam Mozilli, dodam, że stało się to odkąd zainstalowałem iplę. Proszę o pomoc.
  • Spec od komputerów
    Odinstaluj:
    SaveByclick
    RightSurf

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2014-01-26 22:32:05 | 000,102,176 | ---- | M] () -- C:\Program Files\RightSurf\bin\utilRightSurf.exe
    PRC - [2014-01-25 04:09:42 | 000,102,176 | ---- | M] () -- C:\Program Files\RightSurf\updateRightSurf.exe
    PRC - [2014-01-20 00:10:51 | 000,471,552 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\cacaoweb\cacaoweb.exe
    PRC - [2011-12-14 20:34:17 | 000,059,392 | -H-- | M] () -- C:\Users\Kacper\AppData\Roaming\vmreg.exe
    SRV - [2014-01-26 22:32:05 | 000,102,176 | ---- | M] () [Auto | Running] -- C:\Program Files\RightSurf\bin\utilRightSurf.exe -- (Util RightSurf)
    SRV - [2014-01-25 04:09:42 | 000,102,176 | ---- | M] () [Auto | Running] -- C:\Program Files\RightSurf\updateRightSurf.exe -- (Update RightSurf)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/ins/ins_1330100392_615603
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111216184730100&tb_oid=16-12-2011&tb_mrud=16-12-2011
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1331576949_750656
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss_gin2g...70475&affID=119357&tt=040713_ifrmful&tsp=4938
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_gin2g&mntrId=E613001D7DE70475&affID=119357&tt=040713_ifrmful&tsp=4938
    IE - HKCU\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
    IE - HKCU\..\SearchScopes\{ACBDC4FF-FBC5-49AC-BE26-568055A2AA19}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=14a29af1aeaf45129731984214baff3a
    IE - HKCU\..\SearchScopes\{AD866F56-9C4E-49E4-BC54-F7087134D74F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=77660FB7-2CCB-46AA-8BCA-773DDE7B039E&apn_sauid=4845E05C-AA77-4AFB-911F-9169873C6BE5
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..extensions.enabledAddons: cacaoweb%40cacaoweb.org:1.0.33
    [2012-12-15 18:45:29 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Kacper\AppData\Roaming\mozilla\Firefox\Profiles\8nzc06l6.default\extensions\50ccbacb79a2a@50ccbacb79a67.com
    [2011-12-19 16:34:32 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Kacper\AppData\Roaming\mozilla\Firefox\Profiles\8nzc06l6.default\extensions\cacaoweb@cacaoweb.org
    [2012-01-03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\askcom.xml
    [2012-09-12 18:44:53 | 000,002,306 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\askcomsearch.xml
    [2013-07-09 16:46:58 | 000,006,557 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\babylon.xml
    [2013-07-09 16:47:14 | 000,001,294 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\delta.xml
    [2012-03-26 07:05:28 | 000,003,916 | ---- | M] () -- C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\sweetim.xml
    O2 - BHO: (RightSurf) - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files\RightSurf\RightSurfBHO.dll (RightSurf)
    O2 - BHO: (SaveByclick Class) - {F5CD5BE5-5AE6-FB47-3AA1-8DEF48A3A0B7} - C:\ProgramData\SaveByclick\50ccbacb79bd4.ocx ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKCU..\Run: [cacaoweb] C:\Users\Kacper\AppData\Roaming\cacaoweb\cacaoweb.exe ()
    O4 - HKCU..\Run: [vmreg] C:\Users\Kacper\AppData\Roaming\vmreg.exe ()
    O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0 File not found
    [2014-01-26 21:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\RightSurf
    [2014-01-27 19:07:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012-01-08 21:37:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\e7e7d94c006492db1f3a8f5db8bbc174_c
    [2012-12-15 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Kacper\AppData\Roaming\APP_NAME_NON_STRING
    [2013-07-09 16:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kacper\AppData\Roaming\Babylon
    [2014-01-27 19:13:44 | 000,000,000 | ---D | M] -- C:\Users\Kacper\AppData\Roaming\cacaoweb


    Po wykonaniu daj nowy log z OTL, ze skanowania.
  • Poziom 12  
    + wynikowy log:

    ========== OTL ==========
    No active process named utilRightSurf.exe was found!
    No active process named updateRightSurf.exe was found!
    No active process named cacaoweb.exe was found!
    Process vmreg.exe killed successfully!
    Error: No service named Util RightSurf was found to stop!
    Service\Driver key Util RightSurf not found.
    File C:\Program Files\RightSurf\bin\utilRightSurf.exe not found.
    Error: No service named Update RightSurf was found to stop!
    Service\Driver key Update RightSurf not found.
    File C:\Program Files\RightSurf\updateRightSurf.exe not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ACBDC4FF-FBC5-49AC-BE26-568055A2AA19}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACBDC4FF-FBC5-49AC-BE26-568055A2AA19}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD866F56-9C4E-49E4-BC54-F7087134D74F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD866F56-9C4E-49E4-BC54-F7087134D74F}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: cacaoweb%40cacaoweb.org:1.0.33 removed from extensions.enabledAddons
    Folder C:\Users\Kacper\AppData\Roaming\mozilla\Firefox\Profiles\8nzc06l6.default\extensions\50ccbacb79a2a@50ccbacb79a67.com\ not found.
    Folder C:\Users\Kacper\AppData\Roaming\mozilla\Firefox\Profiles\8nzc06l6.default\extensions\cacaoweb@cacaoweb.org\ not found.
    File C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\askcom.xml not found.
    File C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\askcomsearch.xml not found.
    File C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\babylon.xml not found.
    File C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\delta.xml not found.
    File C:\Users\Kacper\AppData\Roaming\mozilla\firefox\profiles\8nzc06l6.default\searchplugins\sweetim.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}\ not found.
    File C:\Program Files\RightSurf\RightSurfBHO.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CD5BE5-5AE6-FB47-3AA1-8DEF48A3A0B7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CD5BE5-5AE6-FB47-3AA1-8DEF48A3A0B7}\ not found.
    File C:\ProgramData\SaveByclick\50ccbacb79bd4.ocx not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb not found.
    File C:\Users\Kacper\AppData\Roaming\cacaoweb\cacaoweb.exe not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vmreg deleted successfully.
    C:\Users\Kacper\AppData\Roaming\vmreg.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft AutoScreenRecorder 3.1 Free deleted successfully.
    Folder C:\Program Files\RightSurf\ not found.
    C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
    C:\ProgramData\e7e7d94c006492db1f3a8f5db8bbc174_c moved successfully.
    C:\Users\Kacper\AppData\Roaming\APP_NAME_NON_STRING\Logs folder moved successfully.
    C:\Users\Kacper\AppData\Roaming\APP_NAME_NON_STRING folder moved successfully.
    Folder C:\Users\Kacper\AppData\Roaming\Babylon\ not found.
    Folder C:\Users\Kacper\AppData\Roaming\cacaoweb\ not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 01272014_204321


    reklamy z przeglądarki zniknęły, ale pojawiły się na skypie, czy to przez to?
  • Spec od komputerów
    Zrob pelny skan przy pomocy Mbam:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Skrypt:

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kacper\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    [2014-01-27 20:19:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
  • Poziom 12  
    na razie wygląda na to,ze jest dobrze