Logi - System zabrudzony adware

Proszę o sprawdzenie.
Pozdrawiam dziękuję.

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - [2012-09-13 21:41:32 | 001,701,400 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
IE - HKLM\..\URLSearchHook: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=113678&tt=bandext_3312_8&babsrc=HP_ss&mntrId=fe97a5eb000000000000ec55f9be5b3f
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_7&babsrc=SP_ss&mntrId=fe97a5eb000000000000ec55f9be5b3f
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
[2012-08-21 22:40:10 | 000,000,000 | ---D | M] (Serif PhotoPlus Community Toolbar) -- C:\Users\ola\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Serif PhotoPlus Toolbar) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Serif PhotoPlus Toolbar) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

2) Użyj >Adw-cleaner. Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

Proszę

Użytkownik Timoniasty edytował ten post 16 10 2012 - 20:06

Trochę dziwne, że AdwCleaner nic nie wykrył, choć powinien wykryć i usunąć.
Odinstaluj " Linkury Smartbar".
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\ola\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"BrowserMngrDefaultScope"=-

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt

W Adw-Cleaner kliknij na przycisk Uninstall

Zrobię jak mówisz w czwartek (komputer, który ma ten problem należy do mojej kuzynki, u której będę właśnie w czwartek).