Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows Vista - probel z usunięciem qooqlle.com

08 Wrz 2011 09:34 1319 3
  • Poziom 2  
    Witam
    Mam mam ogromną prośbę - czy ktoś mógł by mi napisać jak usunąć qooqle.com.
    Załączam OTL.txt i Extras.txt, w celu uzyskania fachowej porady - OTL ruszył dopiero w trybie awaryjnym.
    Dziękuję i pozdrawiam.
    Darmowe szkolenie: Ethernet w przemyśle dziś i jutro. Zarejestruj się za darmo.
  • Spec od komputerów
    Do aktualizacji:
    Java(TM) 6 Update 26
    Adobe Reader 9.4.5 - Polish
    Mozilla Thunderbird (2.0.0.23)
    Opera 11.10

    Odinstaluj:
    pdfforge Toolbar v4.6
    DAEMON Tools Toolbar
    Norton Security Scan
    PDF Creator Toolbar
    NetPanel

    Wykonaj skrypt w OTL:

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pdfcreator/{219ABE1C-F140-4E64-AF85-95030E7321EB}
    IE - HKU\S-1-5-21-581831928-245075301-1931075360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
    IE - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\PDF Creator Toolbar\tbhelper.dll ()
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.search.selectedEngine: "qooqlle"
    FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
    FF - prefs.js..extensions.enabledItems: pdfforge(malpa)mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: wtxpcom(malpa)mybrowserbar.com:4.3
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p="
    [2011-05-01 14:50:15 | 000,001,860 | ---- | M] () -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\ikl4wps8.default\searchplugins\search.xml
    [2011-08-30 22:11:47 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2011-08-30 22:11:47 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll ()
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll ()
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (PDF Creator Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\Toolbar\WebBrowser: (PDF Creator Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\PDF Creator Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [Display] File not found
    O4 - HKLM..\Run: [GProton] File not found
    O4 - HKLM..\Run: [NetPanel] C:\Program Files\NetPanel\Starter.exe (Gemius SA)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKU\S-1-5-21-581831928-245075301-1931075360-1000..\Run: [Crystal.exe] C:\Users\Maciek\AppData\Roaming\Crystal.exe ()
    O4 - HKU\S-1-5-21-581831928-245075301-1931075360-1000..\Run: [KeywordSearchUpdater] File not found
    O4 - HKU\S-1-5-21-581831928-245075301-1931075360-1000..\Run: [nvwiz] C:\ProgramData\nvwiz.exe ( )
    O33 - MountPoints2\{5f107930-77be-11de-9d95-001eec5bf756}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f107930-77be-11de-9d95-001eec5bf756}\Shell\AutoRun\command - "" = G:\setup.exe
    O33 - MountPoints2\{9d2df9f5-960c-11dd-b48d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d2df9f5-960c-11dd-b48d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\{bd09b1f7-9f50-11dd-813e-001fe2f0cb92}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
    O33 - MountPoints2\{bd09b1f7-9f50-11dd-813e-001fe2f0cb92}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
    O33 - MountPoints2\{beceaa30-e0fd-11de-a50a-001fe2f0cb92}\Shell - "" = AutoRun
    O33 - MountPoints2\{beceaa30-e0fd-11de-a50a-001fe2f0cb92}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    [2011-09-06 17:55:59 | 000,498,688 | ---- | C] ( ) -- C:\Users\Maciek\AppData\Local\nvwiz.exe
    [2011-08-30 22:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
    [2011-08-30 22:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2011-08-29 06:45:07 | 000,498,688 | ---- | C] ( ) -- C:\ProgramData\nvwiz.exe
    [2011-09-06 17:56:00 | 000,000,246 | ---- | C] () -- C:\Users\Maciek\AppData\Local\Setup.dat
    [2011-09-06 17:55:59 | 006,501,171 | ---- | C] () -- C:\Users\Maciek\AppData\Local\data2.cab
    [2011-09-06 17:55:59 | 000,737,029 | ---- | C] () -- C:\Users\Maciek\AppData\Local\Crystal.exe
    [2011-09-06 17:55:59 | 000,646,601 | ---- | C] () -- C:\Users\Maciek\AppData\Local\done.exe
    [2011-08-29 06:45:09 | 000,000,002 | ---- | C] () -- C:\Users\Maciek\AppData\Roaming\System.dat
    [2011-08-29 06:45:09 | 000,000,002 | ---- | C] () -- C:\Users\Maciek\AppData\Roaming\DirectX.dat
    [2011-08-29 06:45:09 | 000,000,001 | ---- | C] () -- C:\Users\Maciek\AppData\Roaming\Windows.dat
    [2011-08-29 06:45:09 | 000,000,001 | ---- | C] () -- C:\Users\Maciek\AppData\Roaming\etc.dat
    [2011-08-29 06:45:07 | 000,737,029 | ---- | C] () -- C:\Users\Maciek\AppData\Roaming\Crystal.exe

    :Commands
    [emptytemp]


    Po wykonaniu zrob skan przy pomocy mbam oraz cureit. Po wszystkim daj nowy log z OTL.
  • Spec od komputerów
    Usun te dodatki w FF:
    FF - prefs.js..extensions.enabledItems: pdfforge(malpa)mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: wtxpcom(malpa)mybrowserbar.com:4.3

    Nowy skrypt:

    :OTL
    O3 - HKU\S-1-5-21-581831928-245075301-1931075360-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    FF - prefs.js..extensions.enabledItems: pdfforge(malpa)mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: wtxpcom(malpa)mybrowserbar.com:4.3


    Zmien (malpa na @). Reszta wyglada ok. Wybierz Sprzatanie w OTL i to wszystko.