Witam! Mam znowu problem włączających się mimowolnie reklam. Nie jest to mój laptop, więc sądzę że jest to przyyczyną zainstalowanych wielu programów. Jak mam zaprzestac tym reklamą?
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Chyba rekord pobiłeś.Odinstaluj AnyProtect,BrowserCompanion,Bundled software uninstaller,Codec Package Packages,ConvertAd,FilesFrog Update Checker,FLV Player,LinkSwift 1.0.0,Lyrmix,metaCrawler,Mobogenie,Movies Toolbar for Chrome,Movies Toolbar for Internet Explorer,MyPC Backup,Optimizer Pro v3.0,OptimizerPro,RegClean Pro,SaveSense,SpeedUpMyPC,Torch,Update for Funmoods Chat,VO Package,VuuPC Packages.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
Pokaż nowe logi z FRST.
Otwórz Notatnik i wklej:
HKU\S-1-5-21-2752112492-331565439-935345252-1001\...\Run: [ihjmtolcjcnzfrnyj] = C:\Users\Andrzej\AppData\Roaming\kvuexhltmlg.exe
HKU\S-1-5-21-2752112492-331565439-935345252-1001\...\RunOnce: [Application Restart #1] - C:\Users\Andrzej\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Andrzej\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4q={searchTerms}a=as1212chnl=as1212cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzyyDyCtAtC0C0AyDtDtN0D0Tzu0CtAtAyCtN1L2XzutBtFtBtFtDtFtAyEyEcr=1234967652
SearchScopes: HKLM - {49BF8DBA-80BA-4A07-8175-19620754E5E7} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=113systemid=473v=a12627-345apn_uid=8148485233824525apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {49BF8DBA-80BA-4A07-8175-19620754E5E7} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=113systemid=473v=a12627-345apn_uid=8148485233824525apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4q={searchTerms}a=as1212chnl=as1212cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzyyDyCtAtC0C0AyDtDtN0D0Tzu0CtAtAyCtN1L2XzutBtFtBtFtDtFtAyEyEcr=1234967652
SearchScopes: HKCU - {0FE58BDB-5C98-4CC3-8E12-2455E8B225F5} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=100000027src=kwq={searchTerms}locale=en_USapn_ptnrs=^U3apn_dtid=^OSJ000^YY^PLapn_uid=2BC3D45B-13C0-4234-A2A2-CF7EA4AEBA7Aapn_sauid=0BD73AC6-2B07-4B7D-91C1-963A21FE77ED
SearchScopes: HKCU - {336E2E18-1367-49AF-BF73-1F7A0756F7C5} URL = http://www.delta-search.com/?q={searchTerms}affID=119392tt=030213_yhbabsrc=SP_ssmntrId=94ceca5000000000000008edb9047916
SearchScopes: HKCU - {49BF8DBA-80BA-4A07-8175-19620754E5E7} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=113systemid=473v=a12627-345apn_uid=8148485233824525apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKCU - {CD907547-31E2-44BA-B4C4-537E52038874} URL = http://rts.dsrlte.com/?q={searchTerms}r=349
BHO-x32: No Name - {c75a2d66-6d1d-4735-8f63-9d85dcc026a6} - No File
Toolbar: HKLM-x32 - No Name - {c75a2d66-6d1d-4735-8f63-9d85dcc026a6} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchPlugin: C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\searchplugins\keepmysearch.xml
FF SearchPlugin: C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF Extension: Lyrmix - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\Extensions\133 [2013-10-17]
FF Extension: Bazaar Friend - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\Extensions\addon@bazaarfriend.com [2013-08-14]
FF Extension: LinkSwift - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\Extensions\firefox@linkswift.co [2013-10-17]
FF Extension: WindowShopper - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\81gvp5ok.default\Extensions\superfish@superfish.com [2014-06-27]
FF Extension: No Name - C:\Program Files (x86)\Lyrmix\133.xpi []
FF Extension: No Name - C:\Program Files (x86)\iRobinHood\iRobinHood Addon\irobinhood@irobinhood.org.xpi []
CHR HKLM-x32\...\Chrome\Extension: [gnnabbonolmdccgncgckdfikehphiknc] - C:\Users\Andrzej\AppData\Roaming\CRDeltaTB\DeltaYHS.crx [2014-05-20]
R1 {25d71abf-7776-46f5-a269-9951331f9030}Gw64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}Gw64.sys [61112 2014-04-24] (StdLib)
R1 {25d71abf-7776-46f5-a269-9951331f9030}w64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [61112 2014-06-18] (StdLib)
2014-06-29 14:59 - 2014-06-29 15:06 - 00000000 ____ D () C:\AdwCleaner
2014-06-29 14:46 - 2014-06-29 14:46 - 00003336 _____ () C:\Windows\System32\Tasks\{CF9BA021-8FC6-4E62-8917-57E88D6860BA}
2014-06-29 14:46 - 2014-06-29 14:46 - 00003336 _____ () C:\Windows\System32\Tasks\{C26B090C-D2A2-4887-9082-2B67070EAEAB}
2014-06-27 22:09 - 2014-06-27 22:09 - 00740312 _____ (Elex do Brasil Participaçþes Ltda) C:\Users\Andrzej\Downloads\yet_another_cleaner_reh (5).exe
2014-06-20 07:43 - 2014-06-18 17:08 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys
2014-06-05 20:06 - 2014-06-05 20:07 - 12787704 _____ (Elex do Brasil Participaçþes Ltda) C:\Users\Andrzej\Downloads\yet_another_cleaner_mcr.exe
C:\Users\Andrzej\AppData\Roaming\*.exe
2014-05-30 07:20 - 2014-06-02 13:46 - 00000000 ____ D () C:\Users\Andrzej\AppData\Roaming\270C6A69646505FF6E1C4316B8D4C252
2014-05-30 07:20 - 2014-06-01 19:23 - 00000604 _____ () C:\Users\Andrzej\AppData\Roaming\9BA3FT7EgN6EeE45MpLkZfoWLnEV
2014-05-30 07:20 - 2014-05-30 07:20 - 00288937 _____ () C:\Users\Andrzej\AppData\Roaming\7B624D54C7D551685B7455C0971286EB
2014-06-29 15:06 - 2014-06-29 14:59 - 00000000 ____ D () C:\AdwCleaner
2014-06-29 14:20 - 2013-11-03 15:15 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2752112492-331565439-935345252-1001UA.job
2014-06-29 14:20 - 2013-11-03 15:15 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2752112492-331565439-935345252-1001Core.job
C:\Users\Andrzej\AppData\Local\Temp\*.exe
C:\Users\Andrzej\AppData\Local\Temp\*.dll
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.