Cała masa adware.
Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe
() C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
() C:\Program Files (x86)\Greener Web\bin\GreenerWeb.PurBrowse64.exe
(Simplygen) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
(Avanquest Software) C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
() C:\Program Files (x86)\Greener Web\bin\GreenerWeb.BrowserAdapter.exe
(Smart PC Cleaner) C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe
HKLM-x32\...\Run: [facemoods] => "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe" /md I
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-16] (APN)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [764096 2014-04-07] ()
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Run: [PCSpeedUp] => C:\Program Files (x86)\Przyspiesz Komputer\PCSpeedUp.lnk [2425 2011-09-13] ()
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Run: [Tok-Cirrhatus] => [X]
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Justyna\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Run: [Tok-Cirrhatus-2355] => "C:\Users\Justyna\AppData\Local\br5733on.exe"
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-174387503-817570675-1949840425-1002\...\Policies\Explorer: [NoViewContextMenu] 0
Lsa: [Notification Packages] DPPassFilter scecli
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm007^YYA^pl&si=COLbzK-Gq7kCFQgQ3godgnwAJQ&ptb=C943E312-03E0-486B-9B12-D681030E74C6&ind=2013090116&n=77fd5144&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKCU - DefaultScope {04A0F314-DFC7-4D43-8F22-CDD614FF9788} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKCU - {04A0F314-DFC7-4D43-8F22-CDD614FF9788} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=iron&s={searchTerms}&f=4
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1403006657&from=w3i&uid=HitachiXHTS725032A9A364_101117PCK304GKH51XRKX&q={searchTerms}
SearchScopes: HKCU - {5ABE700D-7139-40F6-A083-805BED2C0A67} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=&itbv=12.7.0.15&apn_uid=B85F625A-1E0A-4593-81F1-EFEAE73CDC97&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=ie_11.0.9600.16428&doi=2014-01-19&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm007^YYA^pl&si=COLbzK-Gq7kCFQgQ3godgnwAJQ&ptb=C943E312-03E0-486B-9B12-D681030E74C6&ind=2013090116&n=77fd5144&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110913191959634&tb_oid=13-09-2011&tb_mrud=13-09-2011
BHO: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO-x32: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.)
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: DownTango Launcher - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} - C:\Users\Justyna\AppData\Roaming\DownTangoFTToolbar\DownTangoFTToolbar.dll (Simplytech Ltd.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - DownTango Launcher - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} - C:\Users\Justyna\AppData\Roaming\DownTangoFTToolbar\DownTangoFTToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
CHR HKLM-x32\...\Chrome\Extension: [gladcbhcbkdeddbidiblppadjdjalidb] - C:\Program Files (x86)\DownTangoFTToolbar\chrome\DownTangoFTToolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoods.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
R2 Update Greener Web; C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [317728 2014-06-24] ()
R2 Util Greener Web; C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe [317728 2014-06-24] ()
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61120 2014-06-16] (StdLib)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys [61120 2014-06-17] (StdLib)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U0 sr;
C:\Users\Justyna\Downloads\FLV-Player(12407) (1).exe
C:\Users\Justyna\Downloads\FLV-Player(12407).exe
C:\Users\Gość\daemonprocess.txt
C:\Users\Justyna\AppData\Roaming\newnext.me
C:\Users\Justyna\AppData\Roaming\sweet-page
C:\Users\Justyna\AppData\Local\Mobogenie
C:\Users\Justyna\AppData\Local\Temp\5j3lviai.dll
C:\Users\Justyna\AppData\Local\Temp\SymCCIS.dll
Task: {4D748CF5-8970-4171-B64B-A744F907BDB5} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2012-11-26] (Simplygen) <==== ATTENTION
Task: {7ED78D4D-882F-4734-9897-A0B37E739205} - System32\Tasks\Smart PC Cleaner Schedule => C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe [2014-04-16] (Smart PC Cleaner)
Task: {9A2EC7FE-82CC-4987-8986-A95BD05A6130} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe [2014-04-02] (Avanquest Software)
Task: {B0D788F6-864E-4FD0-93D6-E22584DCE5FB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reboot:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Odinstaluj:
Ask Shopping Toolbar
Ask Toolbar
DownTango
DownTango Launcher 2.1
Facemoods Toolbar
FoxTab FLV Player
Greener Web
Internet Explorer Toolbar 4.6 by SweetPacks
Media Player Classic - Home Cinema v1.5.1.2903 x64
Mobogenie
Protected Search 1.1
QuickStores-Toolbar 1.2.0
Smart PC Cleaner v3.2
SweetIM for Messenger 3.7
SweetPacks bundle uninstaller
sweet-page uninstaller
Update Manager for SweetPacks 1.1
W przeglądarce firefox -menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.
Google Chrome
Ustawienia > karta Rozszerzenia > odinstaluj Facemoods,DownTango Launcher
Ustawienia > karta Historia > wyczyść
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
pokaż raport
Ściągnij
[Aby zobaczyć linki, zarejestruj się tutaj]
i kliknij Start.
Wklej na stronę raport z
SecurityCheck
[Aby zobaczyć linki, zarejestruj się tutaj]
Uruchom kliknij w dowolny klawisz,poczekaj aż program zakończy działanie.
Zrób skan i pokaż nowe logi FRST.txt,Addition.txt + dodatkowo zaznacz Shortcut.txt i OTL bez extras.