Witam. W temacie jestem zielona, więc proszę o pokierowanie mną krok po kroku. 2-3 tygodnie temu zagościł u mnie Mystart i mam go dość, chcę się go pozbyć. Dodaję logi z OTL. Mam Windows XP, moja przeglądarka to Firefox.
Odinstaluj SweetIM for Messenger 3.7,Adobe Download Assistant,pdfforge Toolbar v9.7,Internet Explorer Toolbar 4.6 by SweetPacks,Ask Toolbar,AutocompletePro,Bonanza Deals (remove only),BrotherSoft Extreme3 Toolbar,Claro LTD toolbar,Facemoods Toolbar,McAfee Security Scan Plus,Windows Searchqu Toolbar,IB Updater Service,WPM18.8.0.212,Windows XP Service Pack Packages.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Mam wrażenie, że nie wszystko usunęłam, ale oko eksperta w razie czego to dostrzeże.
Raporty:
Otwórz Notatnik i wklej:
HKLM\...\Run: [GEST] = m
HKLM\...\Run: [USBFW] = \ü
HKLM\...\Run: [facemoods] = C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
HKLM\...\Run: [Sweetpacks Communicator] = C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] = F:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-21-1957994488-507921405-725345543-1003\...\Run: [Kookos] = C:\Documents and Settings\U [23448 2009-12-09] ()
HKU\S-1-5-21-1957994488-507921405-725345543-1003\...\Run: [ctfmon.exe] = ytkownik1\Ustawienia lokalne\Dane aplikacji\Kookos\kookos.exe silent
HKU\S-1-5-21-1957994488-507921405-725345543-1003\...\Run: [] = [X]
HKU\S-1-5-21-1957994488-507921405-725345543-1003\...\Run: [Google Update] = [X]
AppInit_DLLs: F:\PROGRA~1\SupTab\SEARCH~1.DLL = F:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
BootExecute: autocheck autochk * SsiEfr.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/?a=6PR9CFupdYi=26loc=skw
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OCdpid=OCco=PLuserid=b048bd3c-8be5-4096-ba49-da2bd5b7914eaffid=111583searchtype=dsbabsrc=lnkryq={searchTerms}installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OCdpid=OCco=PLuserid=b048bd3c-8be5-4096-ba49-da2bd5b7914eaffid=111583searchtype=dsbabsrc=lnkryq={searchTerms}installDate=01/01/1970
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1397497976from=coruid=WDCXWD2500AAJS-22B4A0_WD-WCAT1583846438464q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1397497976from=coruid=WDCXWD2500AAJS-22B4A0_WD-WCAT1583846438464q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OCdpid=OCco=PLuserid=b048bd3c-8be5-4096-ba49-da2bd5b7914eaffid=111583searchtype=dsbabsrc=lnkryq={searchTerms}installDate=01/01/1970
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1397497976from=coruid=WDCXWD2500AAJS-22B4A0_WD-WCAT1583846438464q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OCdpid=OCco=PLuserid=b048bd3c-8be5-4096-ba49-da2bd5b7914eaffid=111583searchtype=dsbabsrc=lnkryq={searchTerms}installDate=01/01/1970
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PR9CFupdYloc=skwsearch={searchTerms}i=26
BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - F:\Program Files\AutocompletePro\AutocompletePro.dll No File
Toolbar: HKLM - No Name - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Toolbar: HKLM - No Name - !{62d40876-df18-411f-9d34-a9dd7a197bc5} - No File
Toolbar: HKLM - No Name - !{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No File
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - No Name - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF SearchPlugin: C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\searchplugins\delta.xml
FF Extension: Conduit Engine - C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\Extensions\engine@conduit.com [2011-01-11]
FF Extension: Funmoods.com - C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\Extensions\ffxtlbr@funmoods.com [2012-02-18]
FF Extension: AutocompletePro - Your handy search suggestions tool - C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\Extensions\support@predictad.com [2011-02-02]
FF Extension: SweetPacks Toolbar for Firefox - C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-09-24]
FF Extension: BonanzaDeals - C:\Documents and Settings\Użytkownik1\Dane aplikacji\Mozilla\Firefox\Profiles\0vjs6bg7.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-18]
FF HKLM\...\Firefox\Extensions: [support@predictad.com] - F:\Program Files\AutocompletePro\support@predictad.com
CHR Plugin: (McAfee Security Scanner +) - F:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR HKLM\...\Chrome\Extension: [defdhglnppeioeflggkmglipcecffkhk] - F:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx []
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - F:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2014-09-07]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - F:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoods.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - F:\Program Files\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2012-09-24]
R2 IePluginService; C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 Update BrowseMark; F:\Program Files\BrowseMark\updateBrowseMark.exe [351008 2014-04-27] ()
R2 Util BrowseMark; F:\Program Files\BrowseMark\bin\utilBrowseMark.exe [351008 2014-04-27] ()
S2 WebrootSpySweeperService; "F:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X]
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t; C:\WINDOWS\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [55232 2014-04-24] (StdLib)
S2 adfs; No ImagePath
S3 catchme; \\C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\catchme.sys [X]
U2 CertPropSvc; No ImagePath
S4 IntelIde; No ImagePath
S2 NEWDRIVER; \\C:\WINDOWS\system32\WinVDEdrv6.sys [X]
2014-09-04 21:33 - 2014-09-21 11:55 - 00000000 ____ D () C:\AdwCleaner
2014-09-04 20:58 - 2014-09-04 20:58 - 00000000 ____ D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-09-04 20:58 - 2014-09-04 20:58 - 00000000 ____ D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-16 12:48 - 2013-06-26 17:42 - 00000284 _____ () C:\WINDOWS\Tasks\EPUpdater.job
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Ustaw Google na domyślną wyszukiwarkę w Chrome a MyStart usuń: http://support.google.com/chrome/bin/answer.py?hl=planswer=95426
Czy to wszystko? Bo widzę, że problem już zniknął, za co ślicznie dziękuję.
Skasuj folder C:\FRST
Skasowałam.