Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Notorycznie wyskakujące okienka z reklamami

crazyshake 04 Feb 2014 09:11 6597 14
  • #1
    crazyshake
    Level 9  
    Witam.

    Z jakimś programem zainstalował mi się program "Lallipop", który pewnie był jakimś wirusem. Powodował on otwieranie się nowych kart w przeglądarce z różnymi reklamami. Usunąłem go z poziomu panelu sterowania - dodaj/usuń programy.
    Przeskanowałem system antywirusem COMODO i nic nie wykrył.
    Wyczyściłem rejestr programem CCleaner.
    Mimo to okienka wyskakują nadal.
    Pomoże mi ktoś usunąć to świństwo?

    Log OTL: Link
    Extras: Link
  • Helpful post
    #2
    Acorus 20
    Level 43  
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Quote:
    :OTL
    IE - HKCU\..\SearchScopes\{83C57DBD-07C2-40EF-95CB-5C4B20494CB8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10809
    IE - HKCU\..\SearchScopes\{9EA1EB6F-EBB8-4574-ACC1-4794EB7477F2}: "URL" = http://search.findwide.com/serp?guid={B437EFB9-E38E-4AE4-BC3C-8C0F75AFB698}&action=default_search&serpv=22&k={searchTerms}
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [fst_pl_41] C:\Program Files (x86)\fst_pl_41\fst_pl_41.exe ()
    O4 - HKLM..\RunOnce: [upfst_pl_41.exe] C:\Users\Bartek\AppData\Local\fst_pl_41\upfst_pl_41.exe ()
    [2014-02-03 18:59:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-02-03 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\fst_pl_41
    [2014-02-03 13:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_pl_41
    [2014-02-03 13:47:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt.
    W OTL użyj opcji Sprzątanie.
  • #3
    crazyshake
    Level 9  
    Poszło podziękowanie. ;)
    Dziękuję za pomoc.
  • #8
    elefanto
    Level 2  
    adw cleaner nie pomogl. Jakie sa dalsze kroki z OTL?
    Z gory dzieki:)
  • #9
    Acorus 20
    Level 43  
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Quote:
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.yhs.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C8C8CA982B18BF9&affID=119357&tt=040713_ifrmful&tsp=4936
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\SearchScopes\{6F095C97-475A-74BB-C29D-579CBB6523C0}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OySiXDAG1&i=26
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    FF - prefs.js..browser.search.defaultengine: "Web Search"
    FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
    FF - prefs.js..browser.startup.homepage: "http://pl.yahoo.com?fr=fp-comodo"
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://pl.search.yahoo.com/search?fr=ytff-comodo&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
    [2011-11-09 09:57:31 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Slon\AppData\Roaming\mozilla\Firefox\Profiles\1fieun20.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011-07-28 20:00:24 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Slon\AppData\Roaming\mozilla\Firefox\Profiles\1fieun20.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    [2011-07-20 18:02:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Slon\AppData\Roaming\mozilla\Firefox\Profiles\1fieun20.default\extensions\engine@conduit.com
    [2012-10-26 20:07:59 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Slon\AppData\Roaming\mozilla\Firefox\Profiles\1fieun20.default\extensions\ffxtlbr@incredibar.com
    [2011-09-18 18:47:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Slon\AppData\Roaming\mozilla\Firefox\Profiles\1fieun20.default\extensions\firefox@tvunetworks.com
    [2013-07-07 08:56:02 | 000,006,557 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\babylon.xml
    [2011-07-20 18:02:58 | 000,000,863 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\conduit.xml
    [2013-07-07 08:56:22 | 000,001,294 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\delta.xml
    [2013-07-07 22:11:40 | 000,000,751 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\Funmoods.xml
    [2013-11-23 11:23:39 | 000,001,180 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\search.xml
    [2011-07-11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\startsear.xml
    [2011-07-28 20:05:00 | 000,003,915 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\SweetIM Search.xml
    [2011-07-28 20:00:21 | 000,003,915 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\sweetim.xml
    [2011-09-18 19:09:04 | 000,001,565 | ---- | M] () -- C:\Users\Slon\AppData\Roaming\mozilla\firefox\profiles\1fieun20.default\searchplugins\web-search.xml
    [2011-08-31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
    CHR - Extension: uTorrentBar = C:\Users\Slon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.26.4.512_0\
    CHR - Extension: uTorrentBar = C:\Users\Slon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\10.26.4.512_0\nativeMessaging\nmHost
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
    O4 - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002..\Run: [Akamai NetSession Interface] "C:\Users\Slon\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKU\S-1-5-21-3403940949-2699291093-3299837390-1002..\Run: [NextLive] C:\Users\Slon\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-3403940949-2699291093-3299837390-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O9:64bit: - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll File not found
    O9:64bit: - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll File not found
    [2014-01-15 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Slon\.android
    [2014-01-15 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Slon\AppData\Local\cache
    [2014-01-15 10:30:27 | 000,000,000 | ---D | C] -- C:\Users\Slon\AppData\Roaming\newnext.me
    [2014-01-15 10:30:27 | 000,000,000 | ---D | C] -- C:\Users\Slon\Documents\Mobogenie
    [2014-01-15 10:30:27 | 000,000,000 | ---D | C] -- C:\Users\Slon\AppData\Local\Mobogenie
    [2014-01-15 10:30:27 | 000,000,000 | ---D | C] -- C:\Users\Slon\AppData\Local\genienext
    [2014-01-15 10:29:37 | 000,000,000 | ---D | C] -- C:\Users\Slon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    [2013-07-05 16:37:21 | 000,201,728 | ---- | C] () -- C:\ProgramData\xqmtbxbvmwhictn
    [2013-07-05 16:34:20 | 000,182,272 | ---- | C] () -- C:\ProgramData\qjyndqdvxeirspb
    [2013-07-07 08:55:52 | 000,000,000 | ---D | M] -- C:\Users\Slon\AppData\Roaming\Babylon
    [2012-08-31 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\Slon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013-07-07 08:55:58 | 000,000,000 | ---D | M] -- C:\Users\Slon\AppData\Roaming\DSite
    [2014-01-15 10:32:55 | 000,000,000 | ---D | M] -- C:\Users\Slon\AppData\Roaming\OpenCandy
    [2013-08-20 04:05:06 | 000,000,000 | ---D | M] -- C:\Users\Slon\AppData\Roaming\Yontoo

    :Commands
    [emptytemp]
    [resethosts]


    Kliknij Wykonaj skrypt.
    W OTL użyj opcji Sprzątanie.
    Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free/
    Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa "Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje."
  • #10
    elefanto
    Level 2  
    Dziękuje bardzo:) pozbyłem sie uciązliwych reklam.
  • #11
    4422281
    Level 1  
    Witam, niedawno usuwałem niektóre pliki z kompa, blokowałem procesy itp. wydaje mi się że usunąłem jakiś ważny program i zaczęły pojawiać się reklamy w dużych ilościach, nie wiem w czym tkwi problem to wina wirusa czy braku programu blokującego, którego chyba usunąłem?
    Oraz, które pliki są do usunięcia z OTL ?
    I po czym rozpoznawać co mogę usunąć a co lepiej zostawić?
    Z góry dziękuję za odpowiedź.
  • #12
    Acorus 20
    Level 43  
    Odinstaluj FindRight,Akamai NetSession Interface,PDF Creator Packages,Revo Uninstaller Free 1.95 Packages.Użyj AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Quote:
    :OTL
    SRV - [2014-04-02 23:05:26 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FindRight\updateFindRight.exe -- (Update FindRight)
    SRV - [2014-04-02 22:32:21 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FindRight\bin\utilFindRight.exe -- (Util FindRight)
    DRV:64bit: - [2014-03-25 23:04:25 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\wStLibG64.sys -- (wStLibG64)
    IE - HKCU\..\SearchScopes\{08BB98AC-C866-49E2-A286-33C7EF86207A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=9E739C21-A58F-4787-B49D-B6A05E30C2EC&apn_sauid=E7B9256F-D13A-45AB-8C87-14C90550D6AE
    O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightBHO.dll (FindRight)
    O2 - BHO: (FindRight) - {cf710881-c002-4ea4-860a-b6931b040948} - C:\Program Files (x86)\FindRight\FindRightBHO.dll (FindRight)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bartosz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    [2014-03-25 23:04:25 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
    [2014-04-02 23:59:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Bartosz.job

    :Commands
    [emptytemp]
    [resethosts]


    Kliknij Wykonaj skrypt.Po restarcie uruchom OTL i użyj opcji Sprzątanie.
    W AdwCleaner Uninstall(odinstaluj)
  • #14
    Kolobos
    IT specialist
    Odinstaluj:
    pgcchelper

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2013-08-21 08:37:12 | 000,465,920 | ---- | M] () -- C:\Users\Janek\AppData\Local\pgcchelper\pgcchelper.exe
    IE - HKU\S-1-5-21-585523688-166250622-2409327017-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.search.yahoo.com/?type=599486&fr=spigot-yhp-ie
    IE - HKU\S-1-5-21-585523688-166250622-2409327017-1000\..\SearchScopes\{1E4888BF-D2B8-4D25-BBEF-368318E51BFC}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    FF - prefs.js..keyword.URL: "http://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p="
    [2014-05-12 15:28:27 | 000,008,078 | ---- | M] () -- C:\Users\Janek\AppData\Roaming\mozilla\firefox\profiles\c2zrsc7z.default\searchplugins\yahoo_ff.xml
    O3 - HKU\S-1-5-21-585523688-166250622-2409327017-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\S-1-5-21-585523688-166250622-2409327017-1000..\Run: [pgcchelper] C:\Users\Janek\AppData\Local\pgcchelper\pgcchelper.exe ()
    O4 - HKU\S-1-5-21-585523688-166250622-2409327017-1000..\Run: [SearchProtection] "C:\Users\Janek\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-585523688-166250622-2409327017-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    [2014-05-29 09:55:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-05-27 02:47:14 | 000,000,000 | ---D | C] -- C:\Users\Janek\AppData\Local\pgcchelper
    [2014-05-27 02:47:07 | 000,000,000 | ---D | C] -- C:\Users\Janek\.android
    [2014-05-27 02:47:06 | 000,000,000 | ---D | C] -- C:\Users\Janek\AppData\Local\cache
  • #15
    cptyuki
    Level 2  
    Dziekuje za pomoc wszystko działa .