logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

QOOQLE.COM przejmuje Chrome i czarny ekran po zamknięciu na Windows Vista

Tombcio 09 Cze 2011 23:10 1991 1
REKLAMA
Zgłoś naruszenie prawa
Odpowiedz | Nowy temat
  • #1 9595220
    Tombcio
    Poziom 10  
    Posty: 15
    Ocena: 1
    Po włączeniu google chorme włącza się qooqle, a po wyłączeniu przeglądarki przez chwile jest czarny ekran (trzeba myszką poruszać chwile)
    Załączniki:
    • Extras.Txt (90.8 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • OTL.Txt (135.34 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • #2 9595289
    Kolobos
    Spec od komputerów
    Posty: 85152
    Pomógł: 17160
    Ocena: 10423
    Po usunieciu infekcji bedziesz musial sam zmienic recznie strone glowna w chrome na inna niz qooqle.

    Zrob skan przy pomocy mbam oraz cureit i usun infekcje.

    Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe w tym KONIECZNIE javy oraz adobe reader'a. Uzyj JavaRa do usuniecia starych wersji javy.

    Odinstaluj:
    Google Toolbar for Internet Explorer
    Facemoods Toolbar
    Megaupload Toolbar
    MoneyCashBAR v1.5
    Softonic Deutsch FF Toolbar
    XfireXO Toolbar


    Wykonaj skrypt w OTL:

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
    FF - prefs.js..extensions.enabledItems: engine(_at_)conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: ffxtlbr(_at_)Facemoods.com:1.2.1
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&q="
    [2011-05-28 01:02:42 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Tomasz\AppData\Roaming\mozilla\Firefox\Profiles\vye2dhni.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2011-06-06 22:41:47 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Tomasz\AppData\Roaming\mozilla\Firefox\Profiles\vye2dhni.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
    [2011-06-06 22:41:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Tomasz\AppData\Roaming\mozilla\Firefox\Profiles\vye2dhni.default\extensions\engine@conduit.com
    [2011-06-09 22:41:37 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Tomasz\AppData\Roaming\mozilla\Firefox\Profiles\vye2dhni.default\extensions\ffxtlbr@Facemoods.com
    [2010-11-02 16:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\vye2dhni.default\searchplugins\conduit.xml
    [2008-06-07 11:01:59 | 000,002,921 | ---- | M] () -- C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\vye2dhni.default\searchplugins\daemon-search.xml
    [2011-06-09 22:41:39 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
    O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
    O4 - HKCU..\Run: [jushed] C:\ProgramData\jushed.exe ( )
    [2011-06-09 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
    [2011-05-28 01:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2011-05-28 01:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
    [2011-05-28 01:02:43 | 000,000,000 | ---D | C] -- C:\Users\Tomasz\AppData\Local\Conduit
    [2011-05-25 12:09:08 | 000,347,136 | RHS- | C] (NirSoft) -- C:\ProgramData\nircmd.exe
    [2011-05-25 12:09:05 | 000,566,784 | RHS- | C] ( ) -- C:\ProgramData\jushed.exe
    [2011-05-25 12:09:04 | 007,987,953 | ---- | C] (CCCP Project ) -- C:\Users\Tomasz\AppData\Local\Codecs.exe
    [2011-05-25 12:09:04 | 000,566,784 | ---- | C] ( ) -- C:\Users\Tomasz\AppData\Local\jushed.exe
    [2011-05-25 12:09:04 | 000,347,136 | ---- | C] (NirSoft) -- C:\Users\Tomasz\AppData\Local\nircmd.exe
    [2011-06-09 19:27:30 | 000,000,002 | ---- | M] () -- C:\ProgramData\timerxfile
    [2011-06-09 19:27:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\varsavefile
    [2011-06-09 19:27:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\datesavefile
    [2011-05-25 12:09:04 | 000,004,768 | ---- | M] () -- C:\Users\Tomasz\AppData\Local\operaprefs.ini
    [2011-05-25 12:09:04 | 000,004,768 | ---- | M] () -- C:\ProgramData\operaprefs.ini

    :Commands
    [emptytemp]


    Po wykonaniu daj nowy log.
Odpowiedz | Nowy temat
Zgłoś naruszenie prawa
REKLAMA