Live Security Platinum

[luk1990luk]

prosze o pomoc w usunieciu live scurity platinum

moje logi:

Extras.Txt

OTL.Txt

[picasso]

Zasady działu: KLIK. Tu jest zakaz dopisywania się do cudzych wątków. Temat wydzielony.

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O4 - HKCU..\RunOnce: [6C82D12408A25B8AB2EC2FDA6C44B161] C:\ProgramData\6C82D12408A25B8AB2EC2FDA6C44B161\6C82D12408A25B8AB2EC2FDA6C44B161.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} "http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} "http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab" (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" (Reg Error: Key error.)
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYPL&fl=0&ptb=6OXvPuZAQlT9j1m1afbn_w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}"
IE - HKLM\..\SearchScopes\{AA4477C8-D31E-485A-AC9C-723100751A0B}: "URL" = "http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={78F12488-D81B-455D-93CC-6ECB8207B82C}"
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111024173518128&tb_oid=10-10-1010&tb_mrud=24-10-2011"
IE - HKCU\..\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}: "URL" = "http://flv.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-113-11-sgzc"
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=aa7216270000000000000060b38f5699"
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYPL&fl=0&ptb=6OXvPuZAQlT9j1m1afbn_w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}"
IE - HKCU\..\SearchScopes\{AA4477C8-D31E-485A-AC9C-723100751A0B}: "URL" = "http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={78F12488-D81B-455D-93CC-6ECB8207B82C}"
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = "http://www.daemon-search.com/search/web?q={searchTerms}"
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543"
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://startsear.ch/?aff=1&src=sp&cf=0927566c-7e87-11e1-a525-88a9f0140967&q={searchTerms}"
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111024173518128&tb_oid=10-10-1010&tb_mrud=24-10-2011"
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32 File not found
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
 
:Files
C:\ProgramData\6C82D12408A25B8AB2EC2FDA6C44B161
C:\Program Files\Mozilla Firefox\extensions\{5d64f229-a448-e51f-e420-9c53b3031d6e}
C:\Users\Oleszowski\AppData\Roaming\Mozilla\Firefox\Profiles\9ajyr8ti.default\searchplugins\conduit.xml
C:\Users\Oleszowski\AppData\Roaming\Mozilla\Firefox\Profiles\9ajyr8ti.default\searchplugins\startsear.xml
C:\Users\Oleszowski\AppData\Roaming\Mozilla\Firefox\Profiles\9ajyr8ti.default\searchplugins\sweetim.xml
C:\Users\Oleszowski\AppData\Roaming\OpenCandy
C:\Users\Oleszowski\AppData\Local\Temp*.html
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania. Dalsze działania prowadzisz już w Trybie normalnym:

 

2. Odinstaluj adware:

- W Firefox w Dodatkach: Ask Toolbar for Firefox, Babylon, Conduit Engine, Softonic-Eng7 Community Toolbar, Winamp Toolbar.

- W Google Chrome w Rozszerzeniach odinstaluj: StartSearch Video plug-in.

- Przez Panel sterowania: Ask Toolbar, Babylon toolbar on IE, Browsers Protector, Conduit Engine, FoxTab PDF Creator, PHPNukeEN Toolbar, Update Manager for SweetPacks 1.0, Winamp Toolbar for Firefox. Dodatkowo pozbądź się zbędnego Akamai NetSession Interface.

 

3. Uruchom AdwCleaner i zastosuj Delete. Z tego działania powstanie log na dysku C.

 

4. Wygeneruj nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania AdwCleaner.

 

 

 

.

Edytowane 4 Października 2012 przez picasso
4.10.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso