piotrm23
8 Lipiec 2012 15:33
#1
Witam
Sprawa w której zwracam się z prośbą o pomoc została zawarta w tytule .
Podaję loga :
http://www.wklej.org/id/786565/ - OTL
http://www.wklej.org/id/786564/ - EXTRAS
Serdecznie proszę o dalsze wskazówki .
Pozdrawiam Piotr
Acorus
8 Lipiec 2012 15:53
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com \Updater\Updater.exe (Ask) O4 - HKU\S-1-5-21-1440103629-4270272420-3639045120-1001…\Run: [wfapigp] C:\Users\Pi\AppData\Local\Microsoft\Windows\1632\wfapigp.exe () [2012/07/06 17:29:53 | 000,000,000 | —D | C] – C:\Users\Pi\AppData\Roaming\hellomoto :Files C:\Users\Pi\AppData\Local\Microsoft\Windows\1632 :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
piotrm23
8 Lipiec 2012 16:30
#3
Acorus
8 Lipiec 2012 17:13
#4
Dla piotrm 23.Odinstaluj Babylon toolbar on IE,DealPly,LiveVDO plugin 1.3,toolplugin,vShare.tv plugin 1.3.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=dcd67b81- … edde68b137 IE - HKLM…\SearchScopes{5A8F0AF3-212B-41CE-BD5E-B1AD07F982DE}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=dc … e68b137&q={searchTerms} IE - HKLM…\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=dc … e68b137&q={searchTerms} IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={AEA98276-BB5F-414C-9B14-45C1F08B222F} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=110393&ba … edde73618b IE - HKCU…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com \GenericAskToolbar.dll (Ask) IE - HKCU…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=dc6d4e4b0000000000004cedde73618b IE - HKCU…\SearchScopes{7647E64C-2144-469D-9330-37025689C954}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=96E3BD8D-7D9D-4674-9501-9C53DD9A5C1E&apn_sauid=44CB61E6-BCE4-4D9A-B964-665519798109 IE - HKCU…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={AEA98276-BB5F-414C-9B14-45C1F08B222F} FF - prefs.js…browser.search.defaultengine: “ask.com ” FF - prefs.js…browser.search.defaultenginename: “search the web (babylon)” FF - prefs.js…browser.search.order.1: “search the web” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?babsrc=hp_prot ” FF - prefs.js…sweetim.toolbar.previous.browser.search.selectedengine: “search the web” [2011/11/09 00:52:17 | 000,000,000 | —D | M] (DealPly) – C:\Users\Pi\AppData\Roaming\mozilla\Firefox\Profiles\yu7yeijx.default\extensions{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011/12/18 19:24:29 | 000,000,000 | —D | M] (SweetIM Toolbar for Firefox) – C:\Users\Pi\AppData\Roaming\mozilla\Firefox\Profiles\yu7yeijx.default\extensions{EEE6C361-6118-11DC-9C72-001320C79847} [2012/04/09 03:01:39 | 000,000,000 | —D | M] (Babylon) – C:\Users\Pi\AppData\Roaming\mozilla\Firefox\Profiles\yu7yeijx.default\extensions\ffxtlbr@babylon.com [2012/04/07 00:19:24 | 000,000,000 | —D | M] (Ask Toolbar) – C:\Users\Pi\AppData\Roaming\mozilla\Firefox\Profiles\yu7yeijx.default\extensions\toolbar@ask.com [2011/11/03 21:10:55 | 000,000,000 | —D | M] (toolplugin) – C:\Users\Pi\AppData\Roaming\mozilla\Firefox\Profiles\yu7yeijx.default\extensions\welcome@toolmin.com [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () – C:\Users\Pi\AppData\Roaming\Mozilla\Firefox\Profiles\yu7yeijx.default\searchplugins\askcom.xml [2012/04/03 20:54:24 | 000,000,792 | ---- | M] () – C:\Users\Pi\AppData\Roaming\Mozilla\Firefox\Profiles\yu7yeijx.default\searchplugins\startsear.xml [2011/12/18 19:35:59 | 000,003,915 | ---- | M] () – C:\Users\Pi\AppData\Roaming\Mozilla\Firefox\Profiles\yu7yeijx.default\searchplugins\SweetIM Search.xml [2011/12/18 19:24:26 | 000,003,915 | ---- | M] () – C:\Users\Pi\AppData\Roaming\Mozilla\Firefox\Profiles\yu7yeijx.default\searchplugins\sweetim.xml O3 - HKLM…\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com \GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Pi\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM…\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM…\Run: [Corel Photo Downloader] “C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup File not found O4 - HKCU…\Run: [ares] “C:\Program Files (x86)\Ares\Ares.exe” -h File not found :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.