1. Start > Uruchom >
cmd > wklep te komendy: (po kazdej ENTER)
reg delete HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /f
reg add HKLM\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /ve /t REG_SZ /d C:\WINDOWS\system32\wbem\wbemess.dll /f
2. Uruchom OTL i w oknie
Własne opcje skanowania/Skrypt wklej nastąpujący tekst:
[okno]:OTL
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~2\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~2\MediaBar\Datamngr\IEBHO.dll) - File not found
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - No CLSID value found.
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - prefs.js..extensions.enabledItems: gb@toolbar:1.0.0
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://isearch.avg.c...sa&d=2012-07-04 05:41:46&v=11.1.0.12&sap=hp
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\InprocServer32 File not found
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" =
http://isearch.avg.c...sa&d=2012-07-04 05:41:46&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1454471165-1343024091-854245398-500\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" =
http://toolbar.ask.c...m=1&toolbar=DVS
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" =
http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" =
http://us.yhs.search...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" =
http://us.yhs.search...p={searchTerms}
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CE5FE623FC778A5C
:Files
C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH\11.1.0.12
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\searchplugins\aol-web-search.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\searchplugins\BearShareWebSearch.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\searchplugins\iMeshWebSearch.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\searchplugins\SearchResults.xml
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lmjp5osb.default\searchplugins\web-search.xml
C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
C:\Documents and Settings\All Users\Dane aplikacji\6F638BFE2B17D97900001A8481CB3EF3
C:\WINDOWS\Installer\{70897ead-26ab-a5f1-fa8a-82101e0fd372}
C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{70897ead-26ab-a5f1-fa8a-82101e0fd372}
C:\Documents and Settings\All Users\Dane aplikacji\1322F
C:\Documents and Settings\All Users\Dane aplikacji\15D2
C:\Documents and Settings\All Users\Dane aplikacji\1F3C9
C:\Documents and Settings\All Users\Dane aplikacji\28248
C:\Documents and Settings\All Users\Dane aplikacji\2B63
C:\Documents and Settings\All Users\Dane aplikacji\2D148
C:\Documents and Settings\All Users\Dane aplikacji\2E198
C:\Documents and Settings\All Users\Dane aplikacji\302E3
C:\Documents and Settings\All Users\Dane aplikacji\3117
C:\Documents and Settings\All Users\Dane aplikacji\3331C
C:\Documents and Settings\All Users\Dane aplikacji\3333B
C:\Documents and Settings\All Users\Dane aplikacji\3B216
:Services
PCAMPR5
XTrapD12
gupdate
gupdatem
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=-
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=-
"Start Page"="about:blank"
[-HKEY_USERS\S-1-5-21-1454471165-1343024091-854245398-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum]
:Commands
[emptyflash]
[resethosts]
[emptytemp][/okno]
Kliknij w
Wykonaj skrypt. Zatwierdź restart komputera.
2. W aplecie panelu sterowania => dodaj lub usuń programy => odinstaluj te śmiecie:
Winamp Toolbar / AVG Secure Search
3. Użyj
AdwCleaner z opcji
Delete. Pokaż raport który sią wyświetli w notatniku po restarcie albo znajdziesz go:
C:\Clean.txt
4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcją
Skanuj. Pokazujesz nowy log z OTL (bez extras), nowy z SystemLook oraz raport z czyszczenia AdwCleanerem.