xegehase
(Mariusz P1989)
5 Sierpień 2012 11:36
#1
Acorus
(Acorus)
5 Sierpień 2012 12:18
#2
Odinstaluj YTD Toolbar v6.2,MediaBar,BS.Player ControlBar,MyAshampoo Toolbar,Softonic.com.PL FF Toolbar,Softonic-Eng7 Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL DRV - File not found [File_System | On_Demand | Stopped] – -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] – E:\NTGLM7X.sys – (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] – E:\NTACCESS.sys – (NTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] – E:\INSTALL\GMSIPCI.SYS – (GMSIPCI) DRV - File not found [Kernel | System | Stopped] – system32\DRIVERS\AmdPPM.sys – (AmdPPM) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\URLSearchHook: {a31ac2d0-a903-45d6-82be-3c0206868997} - C:\Program Files\Softonic.com.PL_FF\prxtbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QJ&apn_dtid=YYYYYYYYPL&apn_uid=CFD6001E-AA3C-416B-B197-ACDC5C3E8671&apn_sauid=8E497DA2-D3DF-4626-A1F1-8BF16D031128 IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2860351 IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\SearchScopes{B76E7A85-7322-428b-AB33-19A6A5FD1E73}: “URL” = http://www.bsplayer-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2 FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Yahoo” FF - prefs.js…browser.search.defaultthis.engineName: “SFT.com.PL FF Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2860351&SearchSource=3&q={searchTerms} ” FF - prefs.js…browser.search.order.1: “Ask.com ” FF - prefs.js…browser.search.param.yahoo-fr: “chr-greentree_ff&ilc=12&type=937811” FF - prefs.js…browser.search.selectedEngine: “Yahoo” FF - prefs.js…extensions.enabledItems: BSToolbar@toolbarnet.com:1.0.0.4 FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js…extensions.enabledItems: wtxpcom@mybrowserbar.com:5.8 FF - prefs.js…extensions.enabledItems: youtubedownloader@mybrowserbar.com:5.8 [2012-07-16 10:17:41 | 000,000,000 | —D | M] (Freecorder Community Toolbar) – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\extensions{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011-12-05 21:22:31 | 000,000,000 | —D | M] (Complitly - Speed up your search with your personal search suggestions tool) – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\extensions{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012-07-16 10:17:43 | 000,000,000 | —D | M] (ST-Eng7 Community Toolbar) – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\extensions{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} [2012-07-16 10:17:44 | 000,000,000 | —D | M] (MyAshampoo Community Toolbar) – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\extensions{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012-07-16 10:17:45 | 000,000,000 | —D | M] (SFT.com.PL FF Community Toolbar) – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\extensions{a31ac2d0-a903-45d6-82be-3c0206868997} [2010-07-06 10:38:36 | 000,002,565 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\searchplugins\askcom.xml [2010-05-31 11:42:57 | 000,002,447 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\searchplugins\bsplayer-search.xml [2012-05-30 09:03:40 | 000,000,929 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\searchplugins\conduit.xml [2010-04-30 00:03:20 | 000,002,149 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nnalxuwv.default\searchplugins\MyStart Search.xml [2010-05-31 11:42:55 | 000,000,000 | —D | M] (BS.Player ControlBar) – C:\PROGRAM FILES\BS.PLAYER CONTROLBAR\FIREFOXDTT [2012-07-31 18:04:11 | 000,000,000 | —D | M] (Widgi Toolbar Platform) – C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM O3 - HKLM…\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof1.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic.com.PL FF Toolbar) - {a31ac2d0-a903-45d6-82be-3c0206868997} - C:\Program Files\Softonic.com.PL_FF\prxtbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\ShellBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\ShellBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll () O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll () O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (Softonic.com.PL FF Toolbar) - {A31AC2D0-A903-45D6-82BE-3C0206868997} - C:\Program Files\Softonic.com.PL_FF\prxtbSoft.dll (Conduit Ltd.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [Freecorder FLV Service] “C:\Program Files\Freecorder\FLVSrvc.exe” /run File not found O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray File not found O4 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent File not found O4 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray File not found O4 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\RunOnce: [036E1BA42B17D97900010F0F81CB3EF3] C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\036E1BA42B17D97900010F0F81CB3EF3\036E1BA42B17D97900010F0F81CB3EF3.exe () [2012-07-31 18:04:04 | 000,000,000 | —D | C] – C:\Program Files\YTD Toolbar [2012-07-31 18:04:04 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Spigot [2012-07-31 18:04:04 | 000,000,000 | —D | C] – C:\Program Files\Application Updater [2012-08-04 18:49:02 | 000,002,320 | ---- | M] () – C:\Documents and Settings\Administrator\Pulpit\Live Security Platinum.lnk [2010-07-29 20:25:14 | 000,000,000 | -HSD | M] – C:\Documents and Settings\Administrator\Dane aplikacji.# [2012-05-02 23:15:19 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\OpenCandy [2012-08-04 20:41:07 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\PriceGong :Files C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\036E1BA42B17D97900010F0F81CB3EF3 :Commands [emptytemp]
Kliknij Wykonaj skrypt.
Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
xegehase
(Mariusz P1989)
5 Sierpień 2012 13:13
#3
wykonałem to co napisałeś, nie udało się usunac YTD Toolbar v6.2 wyskakuje komunikat “nie mozna uzyskac dostepu do instalatora windows…” tak samo wyskakuje w trybie awaryjnym jak i normalnym
Pliki:
http://www.wklej.org/id/804489/
http://www.wklej.org/id/804490/
Acorus
(Acorus)
5 Sierpień 2012 14:05
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - File not found [Auto | Stopped] – C:\Program Files\Application Updater\ApplicationUpdater.exe – (Application Updater) O3 - HKLM…\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll File not found O3 - HKLM…\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found. O3 - HKU\S-1-5-21-790525478-1214440339-1801674531-500…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. [2012-08-04 18:49:02 | 000,000,000 | —D | C] – C:\Documents and Settings\Administrator\Menu Start\Programy\Live Security Platinum :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete
xegehase
(Mariusz P1989)
5 Sierpień 2012 15:04
#5
wielkie dzieki, wszystko juz dziala :razz: