Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wyskakujące reklamy w przeglądarce firefox

15 Paź 2014 11:07 2073 1
  • Poziom 9  
    Witam,

    Mam problem z przeglądarką firefox, dokładnie rzecz biorąc ciągle wyskakują jakieś reklamy których nie idzie się pozbyć nawet wtyczkami które je blokują.. Jest to o tyle uciążliwe, że uniemożliwia jakąkolwiek prace poprzez przeglądarkę. A stało się to oczywiście wraz z zainstalowaniem jakiegoś dziadostwa. Niee to nie ja to rodzeństwo.. Dlatego proszę was o pomoc. W załączniku przesyłam logi z FRST.
    Jeśli jeszcze coś trzeba pisać śmiało :)
  • Spec od komputerów
    Odinstaluj:
    AdvanceElite (HKLM\...\AdvanceElite) (Version: 2014.09.11.204528 - AdvanceElite)
    PodoWeb (HKLM\...\PodoWeb) (Version: 2014.09.13.043500 - PodoWeb) <==== ATTENTION
    SavingsAurora (HKCU\...\fabulous_09130717) (Version: - ) <==== ATTENTION
    McAfee Security Scan

    Uzyj http://www.bleepingcomputer.com/download/adwcleaner/ opcja Szukaj i Usun.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
    (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    () C:\Program Files (x86)\AdvanceElite\updater.exe
    () C:\Program Files (x86)\SupTab\HpUI.exe
    () C:\Program Files (x86)\SupTab\Loader32.exe
    () C:\Program Files (x86)\SupTab\Loader64.exe
    () C:\Users\Damian\AppData\Local\fabulous_09130717\fabulous_09130717.exe
    () C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
    () C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe
    () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
    () C:\Program Files (x86)\PodoWeb\bin\PodoWeb.PurBrowse64.exe
    () C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BOASHelper.exe
    () C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
    () C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe
    () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe
    () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
    () C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe
    () C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BrowserAdapter.exe
    () C:\Program Files (x86)\PodoWeb\bin\PodoWeb.BrowserAdapter64.exe
    C:\Program Files (x86)\AdvanceElite\
    C:\Program Files (x86)\PodoWeb\
    C:\Program Files (x86)\SupTab\
    C:\ProgramData\IePluginServices\
    C:\ProgramData\WindowsMangerProtect\
    HKU\S-1-5-21-3771105862-1147794576-3377853445-1000\...\Run: [fabulous_09130717] => c:\users\damian\appdata\local\fabulous_09130717\fabulous_09130717.exe [2850816 2014-09-13] ()
    HKU\S-1-5-21-3771105862-1147794576-3377853445-1000\...\Run: [AltT-1-0] => C:\Users\Damian\AppData\Local\Temp\dispplay.exe [248320 2014-10-07] () <===== ATTENTION
    Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fabulous_09130717.lnk
    ShortcutTarget: fabulous_09130717.lnk -> C:\Users\Damian\AppData\Local\fabulous_09130717\fabulous_09130717.exe ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=140...HitachiXHTS545032B9A300_100902PBPC04FDD4H6MMX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=140...HitachiXHTS545032B9A300_100902PBPC04FDD4H6MMX
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20140923
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=140...HitachiXHTS545032B9A300_100902PBPC04FDD4H6MMX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20140923
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts...XHTS545032B9A300_100902PBPC04FDD4H6MMX&q={searchTerms}
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
    BHO-x32: AdvanceElite -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
    BHO-x32: PodoWeb -> {980b8a8f-ea0b-4c24-a2e9-70635e2502e9} -> C:\Program Files (x86)\PodoWeb\PodoWebbho.dll (PodoWeb)
    FF NewTab: chrome://quick_start/content/index.html
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
    FF Extension: Fast Start - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\faststartff@gmail.com [2014-08-19]
    FF Extension: Supreme Finder - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\{4fec0d7e-e1c2-4b86-af44-c7cf7b0c199a} [2014-10-04]
    FF Extension: Ultimate Finder - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\{7c231677-e4fb-44ac-80a5-c87fcb7c2be9} [2014-10-04]
    FF Extension: Pro Advisor - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\{db615d8a-b766-4397-9ef1-0eeaf684d8da} [2014-10-13]
    FF Extension: PodoWeb - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\{00c97d86-accb-4288-9972-6d929c1fe93a}.xpi [2014-09-13]
    FF Extension: AdvanceElite - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\Extensions\{84e24724-32a5-4ef8-b981-cc669543b4a4}.xpi [2014-10-11]
    FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\4zkdeoc8.default\extensions\faststartff@gmail.com
    CHR Extension: (PodoWeb) - C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjbgbmjaheanejhaompcejgiebnlioo [2014-10-05]
    CHR Extension: (AdvanceElite) - C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbbmldjcnhopjhpifcocnmkooiadpbb [2014-10-15]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-19] (Cherished Technololgy LIMITED) [File not signe
    R2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [522480 2014-10-15] ()
    R2 Update PodoWeb; C:\Program Files (x86)\PodoWeb\updatePodoWeb.exe [522480 2014-10-15] ()
    R2 UpdaterSvcAdvanceElite; C:\Program Files (x86)\AdvanceElite\updater.exe [135920 2014-09-11] ()
    R2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [522480 2014-10-15] ()
    R2 Util PodoWeb; C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe [522480 2014-10-15] ()
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-08-19] (Fuyu LIMITED) [File not signed]
    R1 {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64; C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys [44624 2014-09-12] (StdLib)
    R1 {1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64; C:\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys [48784 2014-10-13] (StdLib)
    R1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; C:\Windows\System32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [48784 2014-10-11] (StdLib)
    R1 {336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64; C:\Windows\System32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys [48784 2014-10-11] (StdLib)
    R1 {3b808196-ff63-49ee-b33b-efdf51723eca}Gw64; C:\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys [48784 2014-10-13] (StdLib)
    R1 {4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64; C:\Windows\System32\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys [48784 2014-10-14] (StdLib)
    R1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; C:\Windows\System32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [48784 2014-10-11] (StdLib)
    R1 {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64; C:\Windows\System32\drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys [48784 2014-10-10] (StdLib)
    R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-09-23] (StdLib)
    R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-08-17] (StdLib)
    R1 {fd600559-a688-4110-b9b9-0f1a9beae8ae}Gw64; C:\Windows\System32\drivers\{fd600559-a688-4110-b9b9-0f1a9beae8ae}Gw64.sys [48784 2014-10-12] (StdLib)
    S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
    2014-10-15 08:10 - 2014-10-14 20:06 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys
    2014-10-14 09:07 - 2014-10-13 12:52 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys
    2014-10-13 16:39 - 2014-10-13 03:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys
    2014-10-13 11:44 - 2014-10-12 20:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{fd600559-a688-4110-b9b9-0f1a9beae8ae}Gw64.sys
    2014-10-12 11:55 - 2014-10-11 21:46 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys
    2014-10-11 19:32 - 2014-10-11 09:14 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys
    2014-10-11 13:13 - 2014-10-11 03:16 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys
    2014-10-11 09:13 - 2014-10-10 20:56 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys
    2014-10-10 21:53 - 2014-10-10 21:53 - 00811520 _____ () C:\Users\Damian\Downloads\--php the_title(); --.exe
    2014-10-10 21:49 - 2014-10-10 21:49 - 00060784 _____ (Premium Installer ) C:\Users\Damian\Downloads\StartDownload.exe
    2014-10-10 12:56 - 2014-10-11 09:08 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
    2014-09-23 18:42 - 2014-09-23 02:33 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
    2014-09-23 18:40 - 2014-10-15 10:02 - 00000000 ____D () C:\Program Files (x86)\AdvanceElite
    2014-10-14 11:49 - 2014-09-13 09:17 - 00000000 ____D () C:\Users\Damian\AppData\Local\fabulous_09130717
    C:\Users\Damian\AppData\Local\Temp\dispplay.exe
    EmptyTemp:

    W FRST wybierz Fix.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy mbam i usun to co wykryje: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/