Qooqle - jak usunąć?

brunner777 · 29 Marzec 2012 19:52

Witam

Bardzo proszę o pomoc w usunięciu Qooqlle z konputera. Poniżej logi.

OTL:

EXTRAS

Acorus · 30 Marzec 2012 11:43

Odinstaluj DealPly,free-downloads.net Toolbar,IncrediMail MediaBar 2 Toolbar,Norton Security Scan,Winamp Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL IE - HKLM…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM…\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKLM…\SearchScopes{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: “URL” = http://slirsredirect.search.aol.com/sli … 685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU…\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU…\SearchScopes{42168F92-DA71-42E6-BC7F-132EAC1F1899}: “URL” = http://www.google.com/cse?cx=partner-pu … -8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F IE - HKCU…\SearchScopes{65158992-BED1-4239-AFFF-1DB7625B8235}: “URL” = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: “URL” = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKCU…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92822864660147975 IE - HKCU…\SearchScopes{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: “URL” = http://slirsredirect.search.aol.com/sli … 685&query={searchTerms}&invocationType=tb50winampie7 FF - prefs.js…browser.search.defaultenginename: “MyStart Search” FF - prefs.js…keyword.URL: “http://mystart.incredimail.com/mb68/?loc=ff_address_bar&u=92822864660147975&search=” [2012-03-09 10:56:19 | 000,000,000 | —D | M] (IncrediMail MediaBar 2 Community Toolbar) – C:\Users\brunner\AppData\Roaming\mozilla\Firefox\Profiles\wp92dxj4.default\extensions{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2012-03-09 10:56:20 | 000,000,000 | —D | M] (free-downloads.net Community Toolbar) – C:\Users\brunner\AppData\Roaming\mozilla\Firefox\Profiles\wp92dxj4.default\extensions{ecdee021-0d17-467f-a1ff-c7a115230949} [2010-01-20 12:16:28 | 000,000,939 | ---- | M] () – C:\Users\brunner\AppData\Roaming\Mozilla\Firefox\Profiles\wp92dxj4.default\searchplugins\conduit.xml [2011-08-24 19:16:42 | 000,002,207 | ---- | M] () – C:\Users\brunner\AppData\Roaming\Mozilla\Firefox\Profiles\wp92dxj4.default\searchplugins\MyStart Search.xml [2011-07-04 21:50:07 | 000,001,860 | ---- | M] () – C:\Users\brunner\AppData\Roaming\Mozilla\Firefox\Profiles\wp92dxj4.default\searchplugins\search.xml O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKLM…\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O4 - HKCU…\Run: [Corel Photo Downloader] “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup File not found O4 - HKCU…\Run: [Java] %APPDATA%\Microsoft\jusched.exe File not found [2012-03-23 07:59:41 | 000,000,444 | -H-- | C] () – C:\Windows\tasks\Norton Security Scan for brunner.job [2012-01-27 00:14:06 | 000,460,624 | ---- | C] () – C:\Users\brunner\AppData\Local\promo.exe [2009-07-02 21:07:59 | 000,000,000 | -HSD | M] – C:\Users\brunner\AppData\Roaming.# [2011-07-17 11:01:09 | 000,000,000 | —D | M] – C:\Users\brunner\AppData\Roaming\OpenCandy :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete.

Pokaż z niego log.

brunner777 · 30 Marzec 2012 18:16

Poniżej pliki:

raport:

http://wklej.to/1vR7e

log OTL:

http://wklej.to/FHf9h

AdwCleaner:

http://wklej.to/EoUzZ

Acorus · 31 Marzec 2012 07:46

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt…W OTL użyj opcji Sprzątanie.Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.

W AdwCleaner użyj opcji Uninstall.

brunner777 · 1 Kwiecień 2012 06:00

Bardzo dziękuję za pomoc i pozdrawiam