Jak to usunąć?
Odinstaluj VShareToolBar i Searchqu Toolbar
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
IE - HKU\S-1-5-21-842925246-706699826-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchqu.com//sidebar.html?src=ssb&appid=0&systemid=410
IE - HKU\S-1-5-21-842925246-706699826-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKU\S-1-5-21-842925246-706699826-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-842925246-706699826-515967899-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-842925246-706699826-515967899-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53798
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: "118.98.16.2"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "118.98.16.2"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "118.98.16.2"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "118.98.16.2"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "202.62.86.38"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "202.62.86.38"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "202.62.86.38"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "202.62.86.38"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53798
FF - prefs.js..network.proxy.type: 1
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AB6.exe] C:\Program Files\LP\3789\AB6.exe ()
O4 - HKLM..\Run: [crrss] C:\WINDOWS\system32\crrss.exe ()
O4 - HKU\S-1-5-21-842925246-706699826-515967899-1004..\Run: [Antivirus Protection 2012] C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012\AntivirusProtection2012.exe (KlureIn)
O4 - HKU\S-1-5-21-842925246-706699826-515967899-1004..\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn)
O4 - HKU\S-1-5-21-842925246-706699826-515967899-1004..\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012\securitymanager.exe (KlureIn)
O4 - HKU\S-1-5-21-842925246-706699826-515967899-1004..\Run: [c6kownuvvwf5] C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012\securityhelper.exe (KlureIn)
O4 - HKU\S-1-5-21-842925246-706699826-515967899-1004..\Run: [winlogon] C:\Documents and Settings\acer\winlogon.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\crrss.exe) - C:\WINDOWS\system32\crrss.exe ()
O20 - HKU\S-1-5-21-842925246-706699826-515967899-1004 Winlogon: Shell - ("C:\Documents and Settings\acer\winlogon.exe") - C:\Documents and Settings\acer\winlogon.exe ()
:Files
C:\Program Files\9FF94
C:\Documents and Settings\acer\Dane aplikacji\94C9F
C:\Documents and Settings\acer\Pulpit\Antivirus Protection 2012.lnk
C:\Documents and Settings\acer\Menu Start\Programy\Antivirus Protection 2012.lnk
C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012
:Reg
[HKEY_USERS\S-1-5-21-842925246-706699826-515967899-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Kopiuj dokładnie i kliknij Zaznacz cały
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=beea87bc-462a-11e1-8972-705ab6005378
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
:Files
C:\Program Files\9FF94
C:\Documents and Settings\acer\Dane aplikacji\94C9F
C:\Documents and Settings\acer\Menu Start\Programy\Antivirus Protection 2012
C:\Documents and Settings\acer\Dane aplikacji\Antivirus Protection 2012
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Wklij i kliknij Wykonaj skrypt:
Pokaż nowy log.
To jest raport z usuwania.
Pokaż jeszcze nowy log Skanuj.
Ręcznie skasuj to:
C:\Documents and Settings\acer\Menu Start\Programy\Antivirus Protection 2012.lnk
C:\Program Files\9FF94
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
http://support.microsoft.com/kb/310312/pl
Dysk przeskanuj Malwarebytes
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Zainstaluj najnowszą wersję IE - Internet Explorer 8 (XP):
http://www.dobreprogramy.pl/Internet-Ex … l#archives
Aktualizuj programy mające wpływ na bezpieczeństwo, Java, Flash Player, Firefox, Adobe Reader itp.