Wyłącz całkiem Windows Defender. Avast posiada czynny moduł antyspyware.
Tu są zainstalowane bardzo stare i dziurawe wersje Adobe Reader, Adobe Flash Player i Java. Odinstaluj stare wersje i zaktualizuj do najnowszych.
Odinstaluj Pasek narzędzi AOL 5.0.
Otwórz Autoruns.
W zakładce Scheduled Tasks odhach wpisy:
Task: {01550C77-E6DD-40E0-A8AB-B8BF9341C78F} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {0BB38C71-39E3-4159-8623-B81818FDFD00} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {24FE2854-DF8C-427A-8B66-E308A5DA4B0B} - System32\Tasks\Hewlett-Packard\HP Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2009-07-09] (Hewlett-Packard)
Task: {2A72308B-9FAE-4364-B17B-48059FDA7242} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {3B57B01B-1125-41B2-8A91-D035219C6527} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {639EF556-5DBC-4BE8-884A-7DAC844FD060} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {8630C281-6667-4002-A2D8-B173DD5A06B6} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {D7C25F08-BAB6-4BF5-A02A-84D8065F853D} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {FADCECB1-D6D9-4F1F-9B9C-29EE136BFE6D} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
W zakładce Logon:
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2009-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\S-1-5-21-3509502883-1399461187-125786782-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-3509502883-1399461187-125786782-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
W zakładce Services:
WinDefend C:\Program Files\Windows Defender\mpsvc.dl
Otwórz Notatnik i wklej tekst:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKU\S-1-5-21-3509502883-1399461187-125786782-1001 -> DefaultScope {E2958F71-2B50-4864-811E-2F39556414E9} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKU\S-1-5-21-3509502883-1399461187-125786782-1001 -> {E2958F71-2B50-4864-811E-2F39556414E9} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-07-02] (AOL LLC)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-07-02] (AOL LLC)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger
EmptyTemp:
Plik nazwij fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij Fix.
Pokaż raport z czyszczenia Fixlog.txt, o ile będzie jakiś problem. Jeśli nie, nie musisz pokazywać.
Pobierz AdwCleaner i użyj z opcji Szukaj a później Usuń.
Przeglądarka musi być zamknięta.
Pokaż raport z czyszczenia i opisz czy coś się zmieniło.