Certified-toobler.com jak usunać

karlsen · 21 Styczeń 2013 13:17

Witam wszystkich,prosze o pomoc w usunieciu z przegladarki tego czegoś.z góry bardzo dziekuje

anon96572732 · 21 Styczeń 2013 13:20

Cześć

Wstaw logi OTL, zgodnie z informacjami z poniższego tematu:

analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html#p3059741

i poczekaj aż ktoś je przeanalizuje.

karlsen · 21 Styczeń 2013 14:05

http://www.wklej.org/id/932829/ nie wiem czy to dobrze zrobiłem ale to powinien byc link do raportu otl

– Dodane 21.01.2013 (Pn) 15:06 –

http://www.wklej.org/id/932834/ a to do Extras

Acorus · 21 Styczeń 2013 14:34

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL DRV:64bit: - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys – (esgiguard) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/pbr/pbr_1332705231_248319 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKLM…\SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: “URL” = http://search.certified-toolbar.com?si= … id=3201&q={searchTerms} IE - HKU.DEFAULT…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … 1&st=bs&q= IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3201 IE - HKU\S-1-5-21-386322394-1281959886-3459416417-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … e&tid=3201 FF - prefs.js…browser.search.defaultengine: “Web Search” FF - prefs.js…browser.search.defaultenginename: “Web Search” FF - prefs.js…browser.search.order.1: “Web Search” FF - prefs.js…browser.search.selectedEngine: “Web Search” FF - prefs.js…keyword.URL: “http://search.certified-toolbar.com?si=41460&tid=3201&st=bs&q=” O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-386322394-1281959886-3459416417-1000…\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-386322394-1281959886-3459416417-1000…\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM…\Run: [ROC_ROC_JULY_P1] “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe” / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM…\Run: [vProt] “C:\Program Files (x86)\AVG Secure Search\vprot.exe” File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O37 - HKU.DEFAULT…exe [@ = exefile] – Reg Error: Key error. File not found O37 - HKU\S-1-5-18…exe [@ = exefile] – Reg Error: Key error. File not found O37 - HKU\S-1-5-21-386322394-1281959886-3459416417-1000…exe [@ = exefile] – Reg Error: Key error. File not found [2013/01/17 21:44:43 | 000,000,000 | —D | C] – C:\Users\asiunia\AppData\Local\DownTango [2013/01/13 07:41:30 | 000,000,390 | ---- | M] () – C:\Users\asiunia\AppData\Roaming\wklnhst.dat [2010/08/16 06:38:31 | 000,000,000 | -HSD | M] – C:\Users\asiunia\AppData\Roaming.# [2011/10/21 19:13:04 | 000,000,000 | —D | M] – C:\Users\asiunia\AppData\Roaming\EurekaLog :Commands [emptytemp]

Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Reset Firefoxa: Pomoc-Informacje dla pomocy technicznej-Zresetuj program Firefox

karlsen · 21 Styczeń 2013 15:07

http://www.wklej.org/id/932907/ prosze nowy otl

– Dodane 21.01.2013 (Pn) 16:09 –

http://www.wklej.org/id/932909/ nowy Exstras

– Dodane 21.01.2013 (Pn) 16:16 –

http://www.wklej.org/id/932917/ a to ze skanu prosz e bardzo

– Dodane 21.01.2013 (Pn) 16:16 –

to znaczy raport z usuwania

Acorus · 21 Styczeń 2013 15:22

W OTL użyj opcji Sprzątanie.

Użyj Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

karlsen · 21 Styczeń 2013 16:00

zrobiłem sprzatanie otl i uzyłem jrt i problem nadal jest

– Dodane 21.01.2013 (Pn) 17:09 –

oto raport jrt http://www.wklej.org/id/932991/

Acorus · 21 Styczeń 2013 16:22

Resetowałeś Firefoxa?Usuń wszystkie skróty przegladarek i utwórz nowe.

karlsen · 21 Styczeń 2013 18:06

w firefoxsie i chrome problemu nie ma bo juz wczesniej odinstalowałem i zainst. na nowo problem jest w internet explorer

spandaupol · 22 Styczeń 2013 12:50

Zresetuj ustawienia IE do domyślnych http://windows.microsoft.com/pl-PL/wind … Explorer-9

karlsen · 22 Styczeń 2013 15:23

zresetowałem problem nadal jest

spandaupol · 22 Styczeń 2013 15:37

Pobierz SystemLook64 (SystemLook64) http://jpshortstuff.247fixes.com/SystemLook.html Wklej do niego

Klikasz Look pokaż log na forum

karlsen · 22 Styczeń 2013 17:07

http://www.wklej.org/id/934375/ prosze look

spandaupol · 23 Styczeń 2013 08:16

W okno Własne opcje skanowania / skrypt w OTL wklej:

:Files C:\Users\asiunia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EFGTF1J\search_certified-toolbar_com[1].dat C:\Users\asiunia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIABGAVU\search_certified-toolbar_com[1].htm C:\Users\asiunia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBWPURNU\search_certified-toolbar_com[1].htm C:\Users\asiunia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Z8DEMO2\search_certified-toolbar_com[1].htm C:\Program Files (x86)\Protected Search :Reg [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{C627E7C6-878A-44F0-AA59-F665BC7D2373}”=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{BB064627-A3EA-4E7A-97BC-C9F071E1C30F}”=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{C627E7C6-878A-44F0-AA59-F665BC7D2373}”=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{BB064627-A3EA-4E7A-97BC-C9F071E1C30F}”=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{C627E7C6-878A-44F0-AA59-F665BC7D2373}”=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{BB064627-A3EA-4E7A-97BC-C9F071E1C30F}”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] “Tabs”=“res://ieframe.dll/tabswelcome.htm” [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] “DefaultScope”="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\AboutURLs] “Tabs”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @=“Bing” “URL”=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC” “DisplayName”="@ieframe.dll,-12512" [-HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] :Commands [emptytemp]

Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania pokaż na forum.

Następnie ponownie wklej do SystemLook64 (SystemLook64) http://jpshortstuff.247fixes.com/SystemLook.html Wklej do niego

Klikasz Look pokaż log na forum

karlsen · 23 Styczeń 2013 14:04

http://www.wklej.org/id/935411/ log z usuwania otl

– Dodane 23.01.2013 (Śr) 15:06 –

http://www.wklej.org/id/935413/ z system look

spandaupol · 23 Styczeń 2013 14:41

W okno Własne opcje skanowania / skrypt w OTL wklej:

:Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] “(Default)”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] “Tabs”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main] “Start Page”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main] “Start Default_Page_URL”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main] “Default_Search_URL”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main] “Search Bar”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main] “Search Page”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search] “Start Page”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search] “Start Default_Page_URL”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search] “Default_Search_URL”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search] “Search Bar”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search] “Search Page”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] “URL”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] “TopResultURLFallback”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI] “(Default)”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl] “(Default)”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] “(Default)”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] “(Default)”=- [HKEY_USERS\S-1-5-21-386322394-1281959886-3459416417-1000\Software\Microsoft\Internet Explorer\SearchURI] “(Default)”=- :Commands [emptytemp]

Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania pokaż na forum.

Uruchom OTL klikasz Sprzątanie to usunie OTL’a wraz z jego kwarantanną

Sprawdź czy nadal się to pojawia.

karlsen · 24 Styczeń 2013 18:49

http://www.wklej.org/id/936804/ niestety problem cały czas jest

Acorus · 24 Styczeń 2013 19:07

Usuń wszystkie skróty Internet Explorer z Pulpitu / Menu Start / Paska zadań. Utwórz nowe skróty ręcznie.

karlsen · 25 Styczeń 2013 15:41

wyglada na to ze sie udało =D> WIELKIE DZIEKI POZDRAWIAM!