pilers7
(Pilers7)
6 Wrzesień 2012 18:17
#1
adam9870
(adam9870)
6 Wrzesień 2012 18:33
#2
Odinstaluj w Panelu sterowania sweetim, searchqu, Yontoo, babylon, web search, ask. W razie problemów przejdź dalej.
Uruchom OTL. W okno Własne opcje skanowana / skrypt wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&c … 2075141119 IE - HKLM…\SearchScopes{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: “URL” = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyEyD0E0B0EtC0DtCyEyEtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2075141119 IE - HKLM…\SearchScopes{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={87B8D7AF-B2CB-11E1-9636-485B3945EBE1} IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={87B8D7AF-B2CB-11E1-9636-485B3945EBE1} IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&c … 2075141119 IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=681ed144000000000000485b3945ebe1 IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AU&apn_dtid=YYYYYYYYPL&apn_uid=1DCC6F22-B198-4419-907C-0CD6CC988B86&apn_sauid=A623E5C8-38DE-482D-A645-3BC825F7A03D IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: “URL” = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyEyD0E0B0EtC0DtCyEyEtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2075141119 IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260345761340276 IE - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={87B8D7AF-B2CB-11E1-9636-485B3945EBE1} [2012-07-28 18:45:33 | 000,000,000 | —D | M] (searchya.com ) – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\extensions\ffxtlbr@searchya.com [2012-06-10 09:12:16 | 000,000,000 | —D | M] (Yontoo) – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\extensions\plugin@yontoo.com [2011-11-08 23:19:18 | 000,002,207 | ---- | M] () – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\searchplugins\MyStart Search.xml [2012-07-28 18:46:34 | 000,002,337 | ---- | M] () – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\searchplugins\Search.xml [2011-03-23 14:24:21 | 000,005,529 | ---- | M] () – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\searchplugins\SearchquWebSearch.xml [2012-06-10 09:11:58 | 000,003,998 | ---- | M] () – C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\searchplugins\sweetim.xml [2011-11-08 23:13:28 | 000,002,288 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-03-23 14:24:21 | 000,005,529 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml CHR - default_search_provider: Web Search () CHR - default_search_provider: search_url = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyEyD0E0B0EtC0DtCyEyEtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2075141119 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM…\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKU\S-1-5-21-1177238915-746137067-839522115-1003…\Run: [fqonmnxjuiidflj] C:\WINDOWS\fqonmnxj.exe (Magneto Soft) [2012-09-06 13:45:44 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\knolasfjufpcsps [2012-09-06 13:45:43 | 000,146,944 | ---- | C] (Magneto Soft) – C:\WINDOWS\fqonmnxj.exe [2012-09-06 13:45:43 | 000,146,944 | ---- | C] (Magneto Soft) – C:\Documents and Settings\All Users\Dane aplikacji\fqonmnxj.exe [2012-09-06 13:45:44 | 000,078,022 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\fjmopndeqmidjac @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D158BAF9 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:93E9C78D :Commands [emptytemp]
Kliknij Wykonaj skrypt. Zgódź się na ponowne uruchomienie (restart).
Użyj AdwCleaner (opcja Delete).
Sam dodawałeś wpisy do pliku hosts? Jeżeli nie - Zresetuj hosts za pomocą automatu - http://support.microsoft.com/kb/972034/pl
Po wszystkim pokazujesz nowy log Skanuj oraz Extras (opcja Rejestr - skan dodatkowy ma być ustawiona na Użyj filtrowania), raport z usuwania OTL i raport z AdwCleaner.
Prośba - wklej logi na http://wklej.org/ albo http://www.wklej.eu/