1) Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:Files
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Jacek i Agatka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\ProgramData\dsgsdgdsgdsgw.js
C:\Users\Jacek i Agatka\wgsdgsdgdsgsd.dll
C:\Windows\System32\drivers\jrknwpcg.sys
C:\ProgramData\lsass.exe
:OTL
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2012-12-26 08:18:07 | 000,003,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-11-11 06:08:59 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Jacek i Agatka\AppData\Roaming\mozilla\Firefox\Profiles\60sxnlyg.default\extensions\toolbar@ask.com
[2012-12-25 13:23:44 | 000,002,574 | ---- | M] () -- C:\Users\Jacek i Agatka\AppData\Roaming\mozilla\firefox\profiles\60sxnlyg.default\searchplugins\askcom.xml
[2012-11-17 18:23:56 | 000,002,306 | ---- | M] () -- C:\Users\Jacek i Agatka\AppData\Roaming\mozilla\firefox\profiles\60sxnlyg.default\searchplugins\askcomsearch.xml
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll ()
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={6655A8BE-2D7C-4CFA-96B5-2598A044AC95}&mid=8139f8c5413747d0b9c0d15775bccc60-13ef0e14316aa87836b88a1620084d4d4371e748&lang=pl&ds=xn011&pr=sa&d=2012-12-26 08:17:59&v=13.3.0.17&sap=ku&q="
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={6655A8BE-2D7C-4CFA-96B5-2598A044AC95}&mid=8139f8c5413747d0b9c0d15775bccc60-13ef0e14316aa87836b88a1620084d4d4371e748&lang=pl&ds=xn011&pr=sa&d=&v=&sap=hp"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.1.100013
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6655A8BE-2D7C-4CFA-96B5-2598A044AC95}&mid=8139f8c5413747d0b9c0d15775bccc60-13ef0e14316aa87836b88a1620084d4d4371e748&lang=pl&ds=xn011&pr=sa&d=2012-12-26 08:17:59&v=13.3.0.17&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={6655A8BE-2D7C-4CFA-96B5-2598A044AC95}&mid=8139f8c5413747d0b9c0d15775bccc60-13ef0e14316aa87836b88a1620084d4d4371e748&lang=pl&ds=xn011&pr=sa&d=2012-12-26 08:17:59&v=13.3.0.17&sap=hp
DRV - [2012-12-26 08:16:40 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jrknwpcg.sys -- (jrknwpcg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hkxrxkot.sys -- (hkxrxkot)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ciqlfrvj.sys -- (ciqlfrvj)
SRV - [2012-12-26 08:17:33 | 000,894,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)
MOD - [2012-12-26 08:17:34 | 000,137,672 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\SiteSafety.dll
MOD - [2012-12-26 08:17:33 | 001,046,984 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012-12-26 08:17:33 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.3.2\avgdttbx.dll
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
2) Odinstaluj (w Trybie Normalnym, a nie w Awaryjnym) "
AVG Secure Search" = AVG Security Toolbar3) Użyj >
Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim
Usuń Pokaż raport z niego C:\AdwCleaner[S1].txt
4) Uruchom
OTL ponownie, tym razem kliknij
Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
5) Do >
SystemLook wklej:
:regfind
wgsdgsdgdsgsd
Naciśnij
Look i pokaż raport.