coton93
(Adam3991)
16 Grudzień 2012 10:24
#1
Próbowałem to usunąć odinstalowałem dwa prgoramy z nazwą Claro. W Mozill nawet się udało ale nadal są jakieś wpisy w about:config. W Google Chrome przy nowym uruchomieni przeglądarki ustawia się strona startowa http://www.claro-search.com/?affID=1174 … e5493212f0 i instaluje się dodatek Browser Protet
http://www.wklej.org/id/898503/ - OTL.Txt
http://www.wklej.org/id/898504/ - Extras.Txt
Leon1
(Leon$)
16 Grudzień 2012 19:51
#2
odinstaluj
OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:
:OTL PRC - [2012-12-06 23:31:33 | 002,443,800 | ---- | M] () – C:\ProgramData\BrowserProtect\2.5.986.67{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2012-12-06 23:31:33 | 002,443,800 | ---- | M] () – C:\ProgramData\BrowserProtect\2.5.986.67{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2012-12-06 23:30:35 | 002,158,104 | ---- | M] () – c:\ProgramData\BrowserProtect\2.5.986.67{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll SRV - [2012-12-06 23:31:33 | 002,443,800 | ---- | M] () [Auto | Running] – C:\ProgramData\BrowserProtect\2.5.986.67{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe – (BrowserProtect) IE - HKLM…\SearchScopes{03D33F15-54AB-4938-B174-D88C2A777E45}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=c1 … 50cf912&q={searchTerms} IE - HKU\S-1-5-21-809428780-79355066-1188616844-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=1174 … e5493212f0 IE - HKU\S-1-5-21-809428780-79355066-1188616844-1000…\SearchScopes{03D33F15-54AB-4938-B174-D88C2A777E45}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=c1 … 50cf912&q={searchTerms} IE - HKU\S-1-5-21-809428780-79355066-1188616844-1000…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://www.claro-search.com/?q={searchTerms}&affID=117423&tt=5012_1&babsrc=SP_ss&mntrId=56536ddc00000000000050e5493212f0 IE - HKU\S-1-5-21-809428780-79355066-1188616844-1000…\SearchScopes{2951FE03-7383-4418-8485-239CCEBC57E5}: “URL” = http://websearch.ask.com/redirect?clien … &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=12431A38-B86C-4117-8183-B57E9B22A7E0&apn_sauid=7D8BE971-A0C5-4C0F-94DA-1CE24B021685 FF - prefs.js…browser.search.selectedEngine: “Claro Search” FF - prefs.js…browser.startup.homepage: “http://www.claro-search.com/?affID=117423&tt=5012_1&babsrc=HP_ss&mntrId=56536ddc00000000000050e5493212f0 ” [2012-12-15 22:40:18 | 000,006,520 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml CHR - homepage: http://www.claro-search.com/?affID=1174 … e5493212f0 CHR - homepage: http://www.claro-search.com/?affID=1174 … e5493212f0 O4 - HKU\S-1-5-21-809428780-79355066-1188616844-1000…\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Value error.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25986~1.67{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.986.67{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () [2012-12-15 22:41:42 | 000,000,000 | —D | C] – C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2012-12-15 22:41:33 | 000,000,000 | —D | C] – C:\ProgramData\BrowserProtect [2012-12-15 22:39:41 | 000,000,000 | —D | C] – C:\Users\Adam\AppData\Roaming\Babylon [2012-12-15 22:39:41 | 000,000,000 | —D | C] – C:\ProgramData\Babylon [2012-12-16 11:01:00 | 000,000,254 | ---- | M] () – C:\Windows\tasks\HP Photo Creations Messager.job [2012-12-16 10:57:00 | 000,000,930 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job [2012-12-16 10:36:05 | 000,001,040 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-16 10:11:00 | 000,001,044 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-16 10:04:06 | 000,001,074 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-809428780-79355066-1188616844-1000UA.job [2012-12-15 22:09:39 | 000,001,052 | ---- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-809428780-79355066-1188616844-1000Core.job [2012-12-14 00:00:00 | 000,000,516 | ---- | M] () – C:\Windows\tasks\Podstawowe porządkowanie.job [2012-12-15 22:39:41 | 000,000,000 | —D | M] – C:\Users\Adam\AppData\Roaming\Babylon [2012-11-08 23:49:35 | 000,000,000 | —D | M] – C:\Users\Adam\AppData\Roaming\EurekaLog @Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Adam\Documents\desktop.ini:gs5sys @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BC359956 :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.
Pokaż log z usuwania.
potem nowy log OTL robiony opcją Run Scan (Skanuj)