Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 7 - Wszędzie reklamy

Dj nemsu 05 Lip 2015 14:50 486 4
  • #1 05 Lip 2015 14:50
    Dj nemsu
    Poziom 22  

    Witam serdecznie.
    Otóż koleżanka ma problem z przeglądanie www,, ciągle otwierają się jakieś strony, a reklam jest na 3/4 ekranu.
    Skąd to? mówi że tak samo po prostu powstało, niby nic nie robiła.
    Zamieszczam logi z FRST, proszę o pomoc :)

    Pozdrawiam
    Bartek

    0 4
  • CControls
  • #2 05 Lip 2015 14:59
    Pi0trek121
    Poziom 23  

    Proponuje przeskanować komputer Malwarebytes

    0
  • CControls
  • Pomocny post
    #3 05 Lip 2015 15:18
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {49021009-8986-48AB-AD42-DAC00ECD9BA7} - System32\Tasks\{340647A7-A64B-413A-94A4-6AC1525A011C} => pcalua.exe -a C:\Users\Sony\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:uWJRbbuh1sfSQ1cYhNn
    AlternateDataStreams: C:\ProgramData\Microsoft:cMHtc9nJGJda5cpnuZ
    AlternateDataStreams: C:\ProgramData\Microsoft:ujfLKZ3cNzvk92tnkQTGBPh
    AlternateDataStreams: C:\ProgramData\Microsoft:uMlBLKW9xX2vQ1CJEZkZSg
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
    AlternateDataStreams: C:\Users\Sony\Ustawienia lokalne:cNRsCXf5iSaxpfxdaOacOdkom
    AlternateDataStreams: C:\Users\Sony\AppData\Local:cNRsCXf5iSaxpfxdaOacOdkom
    AlternateDataStreams: C:\Users\Sony\AppData\Local\Dane aplikacji:cNRsCXf5iSaxpfxdaOacOdkom
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1338336144-545273661-2084543506-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&...D3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&...D3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861&q={searchTerms}




    HKU\S-1-5-21-1338336144-545273661-2084543506-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&am...D3200BPVT-55JJ5T0_WD-WXN1A71Y9861Y9861&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> {677BBC90-B9F4-4C1A-997C-9E6278DDC6E5} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1338336144-545273661-2084543506-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
    BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
    BHO-x32: No Name -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> No File
    FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\olq31poe.default\extensions\searchengine@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\p3xmfpyq.default-1424387878018\extensions\quick_searchff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\p3xmfpyq.default-1424387878018\extensions\sweetsearch@gmail.com
    CHR Extension: (Strong Signal) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\odckdhimhjidiihnkmocngdngkngjjka [2015-07-04]
    R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
    R2 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\PluginContainer.exe [650512 2015-07-05] ()
    R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [570128 2015-07-05] ()
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112 2015-05-20] (Windows SysTool) [File not signed] <==== ATTENTION
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2015-07-04 17:29 - 2015-02-20 01:04 - 00000000 ____D C:\Program Files (x86)\XTab
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    1
  • #4 07 Lip 2015 18:01
    Dj nemsu
    Poziom 22  

    Dziękuje bardzo, zrobiła i twierdzi że wszystko okej :)
    Pozdrawiam

    0
  • #5 07 Lip 2015 19:11
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.
    W AdwCleaner użyj opcji Uninstall.

    0