qooqle

bnn · 20 Stycznia 2013

wiadomo o co chodzi.

jestem zielony nie znam się na tym , zwracam się do mądrzejszych

z góry dzięki za pomoc

picasso · 22 Stycznia 2013

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899}: "URL" = "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F"
IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\SearchScopes\{9BC03780-696F-4c32-B21A-DE4FCD44CFDC}: "URL" = "http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}"
IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\SearchScopes\{B704C5B4-BAC9-44fd-89DD-AB7D86DDADDD}: "URL" = "http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV"
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O3 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Readar_sl] C:\Users\Bnn\AppData\Roaming\Readar_sl.exe (Created with WinAutomation ("http://www.WinAutomation.com"))
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()
O4 - Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RazossUpdater.lnk =  File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) -  File not found
[2013-01-08 18:59:07 | 000,000,794 | ---- | C] () -- C:\Users\Bnn\Desktop\TornTV.lnk
[2013-01-09 08:13:56 | 000,000,000 | ---D | C] -- C:\Users\Bnn\AppData\Local\searchplugins
[2013-01-08 18:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013-01-16 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Bnn\AppData\Roaming\Splashtop
[2013-01-16 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Splashtop
[2012-11-17 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Babylon
[2013-01-16 18:40:27 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\Splashtop
[2013-01-16 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Piotrek\AppData\Roaming\Splashtop
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"=-
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

2. Otwórz Google Chrome. W sekcji "Po uruchomieniu" usuń z listy stron startowych qooqlle.com. W zarządzaniu wyszukiwarkami jest aktualnie ustawione sfałszowane Google (adres zmodyfikowany kierujący do qooqlle.com). Ustaw jako domyślną dowolną inną wyszukiwarkę, a po tym to "Google" usuń z listy. W Rozszerzeniach odinstaluj adware SweetIM for Facebook, SweetPacks Chrome Extension, uTorrentControl_v2. Wyczyść Historię.

3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

4. Uruchom AdwCleaner i zastosuj Usuń. Na dysku C powstanie log z usuwania.

5. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner.

.

bnn · 22 Stycznia 2013

wydaje mi się że problemy już niema

dziękuję

AdwCleanerS2.txt

OTL.Txt

picasso · 22 Stycznia 2013

1. Nie wykonałeś tego (i nadal wyszukiwarka Qooqlle w Firefox):

3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

2. Drobna korekta domyślnych wyszukiwarek Internet Explorer po użyciu AdwCleaner. Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
 
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

Kliknij prawym na plik i z menu wybierz opcję Scal. Potwierdź import do rejestru.

3. Przez SHIFT+DEL dokasuj folder C:\Program Files (x86)\TornTV.com, a jeśli ponownie zainstalowałeś to = w pierwszej kolejności odinstaluj. Na przyszłość: aplikacja jest źródłem adware.

4. Zrób nowy log z OTL poświadczający zmiany, ale go ogranicz: tylko opcję Rejestr ustaw na Użyj filtrowania, wszystkie inne opcje na Brak + szukanie plików na Żadne i klik w Skanuj.

.

bnn · 22 Stycznia 2013

OTL logfile created on: 2013-01-22 10:28:07 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bnn\Downloads

64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,73% Memory free

8,00 Gb Paging File | 5,92 Gb Available in Paging File | 74,09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 78,13 Gb Total Space | 26,87 Gb Free Space | 34,39% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 25,14 Gb Free Space | 17,16% Space Free | Partition Type: NTFS

Drive E: | 147,99 Gb Total Space | 21,88 Gb Free Space | 14,79% Space Free | Partition Type: NTFS

Drive G: | 2,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 2,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: BNN-KOMPUTER | User Name: Bnn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH"

IE - HKU\S-1-5-21-942916944-2415182806-1246814471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bnn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: D:\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2012-12-25 17:19:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-18 22:02:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-10-05 16:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bnn\AppData\Roaming\mozilla\Extensions

[2013-01-16 18:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bnn\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions

[2013-01-08 18:59:24 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Bnn\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi

[2013-01-18 22:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013-01-18 22:02:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-10-11 03:58:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2012-10-11 03:58:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2012-10-11 03:58:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2012-10-11 03:58:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2012-10-11 03:58:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-10-11 03:58:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: "http://www.google.com/"

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = "http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t"

CHR - default_search_provider: suggest_url = "http://suggestqueries.google.com/complete/search?q={searchTerms},"

CHR - homepage: "http://www.google.com/"

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bnn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: VLC Web Plugin (Enabled) = D:\VLC\npvlc.dll

CHR - Extension: Angry Birds = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: YouTube = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Online Guitar Tuner = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemellbcpjiodfgadpoebbjobfaoiga\1.1.6_0\

CHR - Extension: Szukaj w Google = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Guitar Tuner = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi\2.2_0\

CHR - Extension: Pixlr-o-matic = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\

CHR - Extension: Photo Zoom for Facebook = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\

CHR - Extension: Virtual Piano Black = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo\4_0\

CHR - Extension: LineBall = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeclmehkhpookgkhkecnaanahhoglakj\1.3.0_0\

CHR - Extension: ButtonBeats Guitar = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf\5_0\

CHR - Extension: Ti\u00EBsto = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\

CHR - Extension: Guitar Tab Viewer = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfbgfemjdpbnddbahbanipoblngdpmo\0.3.101_0\

CHR - Extension: Gmail = C:\Users\Bnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-01-09 08:14:03 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 genuine.microsoft.com

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O1 - Hosts: 127.0.0.1 sls.microsoft.com

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - D:\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Users\Bnn\AppData\Local\Temp\E_S33AD.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000..\Run: [Facebook Update] C:\Users\Bnn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000..\Run: [GG] C:\Users\Bnn\AppData\Local\GG\Application\gghub.exe (GG Network S.A.)

O4 - HKU\S-1-5-21-942916944-2415182806-1246814471-1000..\Run: [uTorrent] E:\utorent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61A60DB3-26CD-4264-8A84-18E26CB97059}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-01-09 00:29:15 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2005-11-03 20:52:23 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2005-11-03 21:22:30 | 000,000,160 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2005-10-13 23:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2013-01-14 06:03:53 | 000,000,058 | R--- | M] () - I:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{adf3a9b9-6074-11e2-b2e3-50e549681aa8}\Shell - "" = AutoRun

O33 - MountPoints2\{adf3a9b9-6074-11e2-b2e3-50e549681aa8}\Shell\AutoRun\command - "" = I:\Setup.exe -- [2013-01-14 05:45:29 | 012,853,845 | R--- | M] ( )

O33 - MountPoints2\{d8a8abc6-3174-11e2-986a-50e549681aa8}\Shell - "" = AutoRun

O33 - MountPoints2\{d8a8abc6-3174-11e2-986a-50e549681aa8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2005-11-03 20:52:23 | 000,729,088 | R--- | M] (Electronic Arts Inc.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

< End of report >

teraz ok ?

picasso · 22 Stycznia 2013

Jest OK i możemy kończyć:

1. W Firefox w Dodatkach odinstaluj TornTV. Po tym upewnij się, że zniknął z dysku plik:

C:\Users\Bnn\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi

2. Porządki po narzędziach: przez SHIFT+DEL skasuj z Pulpitu folder Stare dane programu Firefox, w AdwCleaner uruchom Odinstaluj, w OTL uruchom Sprzątanie.

3. Wyczyść foldery Przywracania systemu: KLIK.

4. Odinstaluj starą Java 7 Update 7 (64-bit) i zaktualizuj Windows (brak SP1): KLIK.

I przestrzegam. Infekcja qooqlle.com wchodzi z trefnych paczek pobranych np. z torrent. Na forum m.in. zostały zdiagnozowane paczki z "kodekami".

.

Zaloguj się

qooqle

Rekomendowane odpowiedzi

bnn

Odnośnik do komentarza

picasso

Odnośnik do komentarza

bnn

Odnośnik do komentarza

picasso

Odnośnik do komentarza

bnn

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność