Atak reklam


(Basiston) #1

Witam, mam problem z kosmiczną ilością reklam w przeglądarce Mozilla. Wiem, że temat ponawiany ale Admin każe zakładać nowy. Proszę o nieodsyłanie dopoprzednich wątków bo każde kliknięcie w ekran to dwie kolejne reklamy... kosmos.

 

FRST.txt

Addition.txt


(Noldorin6) #2

Posiadasz AD block ?


(Basiston) #3

raczej nie, ale teraz czytałem że blokuje zwykłe reklamy, a mi chodzi o to, że od dwóchdni każde kliknięcie na jakiejolwiek stronie powoduje otwarcie jednej albo dwóch nowych kart z reklamami mp jakichś gier on line, konkursów itp.  masakra

 


(Acorus) #4

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
GroupPolicyUsers\S-1-5-21-1844772625-2383077020-3029886991-1001\User: Group Policy restriction detected ======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com/?type=scts=1382896140from=coruid=HitachiXHTS543232A7A384_E2034243DZ08UPDZ08UPX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=dsts=1382896140from=coruid=HitachiXHTS543232A7A384_E2034243DZ08UPDZ08UPXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=dsts=1382896140from=coruid=HitachiXHTS543232A7A384_E2034243DZ08UPDZ08UPXq={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=dsts=1382896140from=coruid=HitachiXHTS543232A7A384_E2034243DZ08UPDZ08UPXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=dsts=1382896140from=coruid=HitachiXHTS543232A7A384_E2034243DZ08UPDZ08UPXq={searchTerms}
SearchScopes: HKLM-x32 - {43F1EB01-9D58-40AB-A3B3-F8A02004E896} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2504091
SearchScopes: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}babsrc=SP_ssmntrId=889E7E2F68A0A98EaffID=121563tt=150713_91114tsp=4944
SearchScopes: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - {21BA8541-8036-4CD5-8800-17B58FF64B43} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT3289075CUI=UN29125622562929015UM=1
SearchScopes: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - {43F1EB01-9D58-40AB-A3B3-F8A02004E896} URL = http://dts.search-results.com/sr?src=iebappid=0systemid=2sr=0q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://startsear.ch/?aff=2src=spcf=ed517416-5fd5-11e1-ad97-742f68a0f556q={searchTerms}
Toolbar: HKLM-x32 - Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll No File
Toolbar: HKU\S-1-5-21-1844772625-2383077020-3029886991-1000 - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
FF SearchPlugin: C:\Users\MARCIN\AppData\Roaming\Mozilla\Firefox\Profiles\afuu89vl.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\MARCIN\AppData\Roaming\Mozilla\Firefox\Profiles\afuu89vl.default\searchplugins\startsear.xml
FF Extension: uTorrentControl_v6 - C:\Users\MARCIN\AppData\Roaming\Mozilla\Firefox\Profiles\afuu89vl.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-12-30]
FF Extension: HEZqAsPJ76 - C:\Users\MARCIN\AppData\Roaming\Mozilla\Firefox\Profiles\afuu89vl.default\Extensions\{c3ead74e-9eeb-41c6-bcb9-d1c845c5da5d} [2014-12-29]
CHR Extension: (LiveVDO plugin) - C:\Users\MARCIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp [2012-11-24]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [Not Found]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
2014-12-27 13:43 - 2014-12-27 13:43 - 00003182 _____ () C:\Windows\System32\Tasks\{D99FD31D-5092-4272-A0B1-2871C7F70A22}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Basiston) #5

Pan Acorus jest Dzebeściak. I Jego banda też.

Na raziepomogło dzięki WIELKIE.


(Acorus) #6

Tylko nie banda.Skasuj folder C:\FRST