:OTL
PRC - [2012-12-16 12:12:26 | 003,201,024 | ---- | M] (32XEP) -- C:\Users\TOMEK\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\okqorwsu.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.v9.com/?utm_source=b&utm_...&ts=1350720711
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.100 02&barid={5EDEBAEE-E978-11E1-ADD8-001BB1F83F6D}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
http://search.babylon.com/?affID=113...00001bb1f68395
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
http://search.babylon.com/?affID=113...00001bb1f68395
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.v9.com/?utm_source=b&utm_...&ts=1350720711
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=a1043a47-da14-44e9-86bb-83c2f6161cd6&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=a1043a47-da14-44e9-86bb-83c2f6161cd6&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={7FF1D8CC-0550-4429-BDDB-74E08FEE0260}&mid=a5fa2078de9447d0aedfd152f71cd69e-918cd28cdf90d43674bfec0088df4236462470b6&lang=en&d s=ft011&pr=sa&d=2012-08-17 19:04:48&v=13.2.0.5&sap=hp
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=a1043a47-da14-44e9-86bb-83c2f6161cd6&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=a1043a47-da14-44e9-86bb-83c2f6161cd6&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=a1043a47-da14-44e9-86bb-83c2f6161cd6&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=bandext_3312_2&ba bsrc=SP_ss&mntrId=dc5f5931000000000000001bb1f68395
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={7FF1D8CC-0550-4429-BDDB-74E08FEE0260}&mid=a5fa2078de9447d0aedfd152f71cd69e-918cd28cdf90d43674bfec0088df4236462470b6&lang=en&d s=ft011&pr=sa&d=2012-08-17 19:04:48&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={5EDEB AEE-E978-11E1-ADD8-001BB1F83F6D}
FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?st=6&barid={5EDEBAEE-E978-11E1-ADD8-001BB1F83F6D}"
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-4002041719-3412652790-2106340082-1000..\Run: [Browser Infrastructure Helper] C:\Users\TOMEK\AppData\Local\Smartbar\Application\ Linkury.exe (Smartbar)
O4 - Startup: C:\Users\TOMEK\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\okqorwsu.exe (32XEP)
:Files
C:\Users\TOMEK\AppData\Roaming\Babylon
C:\Users\TOMEK\AppData\Roaming\BabylonToolbar
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Live Security Platinum]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2]
:Commands
[resethosts]
[emptytemp]
[emptyjava]
Mam do sprawdzenia logi.
Odpowiedź z cytatem
Zakładki