VIRY.CZ

Mám asi 3 týdny nový ntb, a najednou sem něco instaloval a ted když sem na internetu tak mě to často přesměruje na stránku s reklamou. Jak to odstranit? Až se mi to znovu zobrazí, přiložím screen

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Log FRTS jsem nahrál sem :
http://leteckaposta.cz/969982624

Odinstalujte AdvancedSystemCare. Důvod: viewtopic.php?f=14&t=127320&hilit=iobit .

Dále otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\...\MountPoints2: {23eeabc9-0689-11e5-8261-acd1b82219e6} - "H:\autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?unqvl= ... 2015/06/12
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... earchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... earchTerms}
SearchScopes: HKU\S-1-5-21-4162299864-2003137946-148624621-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... earchTerms}
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/06/12&l=1&q=
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\searchplugins\WebSearch.xml [2015-06-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
R2 361859b7; c:\Program Files (x86)\decodit\decodit.dll [1776640 2015-06-12] () [File not signed]
c:\Program Files (x86)\decodit
R2 PrivoxyService; C:\Program Files (x86)\AFC Secure Net\privoxy.exe [371200 2015-05-27] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\AFC Secure Net
C:\Users\David\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by David at 2015-06-14 18:12:30 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\...\MountPoints2: {23eeabc9-0689-11e5-8261-acd1b82219e6} - "H:\autorun.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?unqvl= ... 2015/06/12
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... /12&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... /12&l=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4162299864-2003137946-148624621-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl= ... /12&l=1&q={searchTerms}
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl= ... /12&l=1&q=
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\searchplugins\WebSearch.xml [2015-06-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
R2 361859b7; c:\Program Files (x86)\decodit\decodit.dll [1776640 2015-06-12] () [File not signed]
c:\Program Files (x86)\decodit
R2 PrivoxyService; C:\Program Files (x86)\AFC Secure Net\privoxy.exe [371200 2015-05-27] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\AFC Secure Net
C:\Users\David\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-4162299864-2003137946-148624621-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23eeabc9-0689-11e5-8261-acd1b82219e6}" => key removed successfully
HKCR\CLSID\{23eeabc9-0689-11e5-8261-acd1b82219e6} => key not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4162299864-2003137946-148624621-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKU\S-1-5-21-4162299864-2003137946-148624621-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
Firefox SearchEngineOrder.1 removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.1,S removed successfully
Firefox DefaultSearchEngine,S removed successfully
Firefox SelectedSearchEngine,S removed successfully
Firefox DefaultSearchUrl removed successfully
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\searchplugins\WebSearch.xml => moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
361859b7 => Service removed successfully
c:\Program Files (x86)\decodit => moved successfully.
PrivoxyService => Unable to stop service.
PrivoxyService => Service removed successfully

"C:\Program Files (x86)\AFC Secure Net" folder move:

Could not move "C:\Program Files (x86)\AFC Secure Net" folder => Scheduled to move on reboot.


"C:\Users\David\AppData\Local\Temp" folder move:

Could not move "C:\Users\David\AppData\Local\Temp" folder => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-14 18:15:09)<=

C:\Program Files (x86)\AFC Secure Net => Is moved successfully
C:\Users\David\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:15:10 ====

Smazáno. Nastala nějaká změna?

Ano, už to je v pořádku, děkuji.

FRST a vše, co vytvořil, smažte. Rádo se stalo!