Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

wyskakujące reklamy w nowych oknach

aneta80sp 14 Apr 2014 23:00 2112 10
Reply | New topic
  • #1
    aneta80sp
    Level 9  
    Witam,
    Proszę o pomoc w usunięciu wyskakujących reklam, gier i innych śmieci w nowych oknach.
    Mimo usilnych starań jestem bezradna i nie mam pojęcia, jak się tego pozbyć. Jestem laikiem komputerowym i pewnie nieświadomie coś zainstalowałam czego nie powinnam.
    Skanowanie komputera w poszukiwaniu wirusów nic nie dało, instalowanie Adblocka też nic nie pomogło.

    Poniżej skrypt z OTL
    Attachments:
    [07.10.2023, Warszawa] Eltrox Technology Expo [sponsorowane]
  • #3
    Kolobos
    IT specialist
    Odinstaluj:
    Ask Toolbar
    Adobe Reader 9.5.1 - Polish
    FilesFrog Update Checker
    Ask Toolbar Updater
    Adblock Plus for Google Chrome Packages

    Zainstaluj:
    http://ninite.com/java-foxit/

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2014/01/02 09:33:40 | 000,499,856 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe
    PRC - [2013/09/30 23:23:44 | 001,776,640 | ---- | M] (TODO: <Company name>) -- C:\Users\Aneta & Milan\AppData\Local\ConvertAd\ConvertAd.exe
    PRC - [2013/04/25 17:36:14 | 001,648,264 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    SRV - [2014/01/02 09:33:40 | 000,499,856 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&ts=1375279915
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&ts=1375279915
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&ts=1375279915
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&ts=1375279915
    IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&ts=1375279915
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18571
    IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875&q={searchTerms}
    IE - HKCU\..\SearchScopes\{DC6614E8-9DCB-482F-B695-06ED54D2C186}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{FB712B9F-CFA3-45BD-ACDC-A24EEF360673}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^PL&apn_uid=33572B53-01AA-4CDA-B4FD-870D24C16245&apn_sauid=525C1B24-2633-4694-BFB7-3A08F8545C3B
    FF - prefs.js..browser.search.defaultEngine: "Yahoo"
    FF - prefs.js..browser.search.defaultenginename: "delta-homes"
    FF - prefs.js..browser.search.param.yahoo-type: "394500523"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: toolbar.addon%40onet.pl:1.0.14
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
    [2013/10/22 21:11:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Aneta & Milan\AppData\Roaming\mozilla\Firefox\Profiles\qnvocnrl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/10/23 12:39:03 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Aneta & Milan\AppData\Roaming\mozilla\Firefox\Profiles\qnvocnrl.default\extensions\toolbar@ask.com
    [2013/11/21 07:56:07 | 000,519,238 | ---- | M] () (No name found) -- C:\Users\Aneta & Milan\AppData\Roaming\mozilla\firefox\profiles\qnvocnrl.default\extensions\toolbar.addon@onet.pl.xpi
    [2013/04/25 17:34:10 | 000,002,333 | ---- | M] () -- C:\Users\Aneta & Milan\AppData\Roaming\mozilla\firefox\profiles\qnvocnrl.default\searchplugins\askcom.xml
    [2011/08/31 13:53:18 | 000,001,832 | ---- | M] () -- C:\Users\Aneta & Milan\AppData\Roaming\mozilla\firefox\profiles\qnvocnrl.default\searchplugins\bing.xml
    [2011/09/26 18:01:58 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2014/01/02 20:19:58 | 000,000,585 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
    [2013/07/31 16:11:55 | 000,000,746 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
    CHR - Extension: Lightning Newtab = C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.8_0\
    CHR - Extension: FreeHDSport TV 3 = C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn\3.1_0\
    CHR - Extension: Widget context = C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0\
    O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [ConvertAd] C:\Users\Aneta & Milan\AppData\Local\ConvertAd\ConvertAd.exe (TODO: <Company name>)
    O4 - HKCU..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log File not found
    [2014/03/20 22:20:56 | 000,000,000 | ---D | C] -- C:\Users\Aneta & Milan\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
    [2014/03/20 22:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Browse
    [2013/07/31 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\Aneta & Milan\AppData\Roaming\eIntaller
    [2013/09/27 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Aneta & Milan\AppData\Roaming\eUpdate



    Daj w załączniku oba logi z FRST:
    http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294

    Zrób pełny skan przy pomocy Mbam:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
  • #4
    aneta80sp
    Level 9  
    Dzięki za pomoc,
    wykonuję wszystkie polecenia Kolobos'a
    Miałam problemy z odinstalowaniem Adblock Plus for Google Chrome Packages
    wyrzucało mi ciągle jakieś błędy autoryzacji, ale w końcu chyba się udało.
    Póki co reklamy ciągle się pojawiają.
    poniżej przesyłam wyniki logu oraz nowy skan OTL i w dalszym ciągu proszę o instrukcje co dalej:)
    Pozdrawiam,

    Po wykonaniu zalecanego skryptu pojawił się taki oto komunikat:
    [brak :OTL na poczatku]
    Attachments:
  • #5
    Acorus 20
    Level 43  
    Wykonaj jeszcze raz skrypt w OTL-u bo nie wkleiłaś :OTL
  • #6
    Kolobos
    IT specialist
    Użyj ZMIEŃ i usuń to co wkleiłeś, łącznie z logami. Wykonaj jeszcze raz CAŁY skrypt z wspomnianym :OTL na początku. Po wykonaniu daj nowy log z FRST.
  • #7
    aneta80sp
    Level 9  
    Faktycznie nie wykonałam poprawnie skryptu.
    Teraz powinno być lepiej.

    Dodano po 39 [sekundy]:

    Code: text
    Log in, to see the code
  • Helpful post
    #8
    Kolobos
    IT specialist
    Masz dać logi w ZAŁĄCZNIKU, a nie w treści, do tego usuń to co wkleiłeś wcześniej (źle wykonany skrypt).
  • #10
    Kolobos
    IT specialist
    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun:
    http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


    Ten katalog C:\Users\EasyColor Foto\ nie powinien byc w Users, usun "EasyColor Foto"

    Obok Frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {69DDD75B-F2B6-4F4E-913A-CAC19AA9A8A2} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM - DefaultScope value is missing.
    FF Extension: Widget context - C:\Users\Aneta & Milan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-22]
    CHR HomePage: hxxp://www.delta-homes.com/?type=hp&ts=1388686797&from=wpm0102&uid=WDCXWD5000BEVT-35A0RT0_WD-WX81A80F1875F1875
    CHR Extension: (Extended Protection) - C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-15]
    CHR Extension: (Lightning Newtab) - C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-01-13]
    CHR Extension: (FreeHDSport TV 3) - C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn [2013-07-31]
    CHR Extension: (Widget context) - C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-01-22]
    CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2014-01-22]
    CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Aneta & Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
    CHR HKLM-x32\...\Chrome\Extension: [nbdbmopeebalgaeghmjoegpkngglikgn] - C:\Program Files (x86)\FreeHDSport.TV\freehdsporttv10.crx [2013-06-30]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-04-15 20:41 - 2014-01-02 20:19 - 00000000 ____D () C:\ProgramData\WPM
    2014-04-15 20:41 - 2013-10-22 21:47 - 00000000 ____D () C:\Users\Aneta & Milan\AppData\Local\ConvertAd
    2014-03-19 22:23 - 2013-07-31 16:13 - 00000000 ____D () C:\ProgramData\eSafe

    W Frst wybierz Fix.

    Uzyj http://www.bleepingcomputer.com/download/tfc/

    To wszystko.
  • #11
    aneta80sp
    Level 9  
    Jeszcze raz dziękuję za pomoc. Dla mnie to magia, a MAGIKIEM jest ten kto ma o tym pojęcie i czas pomagać innym.
    Dzięki.
Reply | New topic