Znalazłam na swoim komputerze adware generic i nie umiem go usunąć. Proszę o sprawdzenie loga i dokładne wskazówki, co zrobić, bo kompletnie się na tym nie znam.
Link do loga: http://wklej.to/xa3Xx
Atis
(Atis)
17 Czerwiec 2012 19:01
#2
W panelu sterowania odinstaluj:
Browsers Protector
Conduit Engine
Softonic Toolbar
Bigpoint Games PL Toolbar
StartSearchToolBar
Babylon Toolbar
Akamai NetSession Interface
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=10&cf=b1a974c2 … cf3022af01 IE - HKLM…\URLSearchHook: {5c81f57f-3cf7-4785-b4ef-11ace31aec4f} - C:\Program Files (x86)\Bigpoint_Games_PL\tbBig0.dll (Conduit Ltd.) IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://startsear.ch/?aff=10&src=sp&cf=b … 022af01&q={searchTerms} IE - HKLM…\SearchScopes{27145F60-44DA-49D9-ADE1-922FD9A1E162}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=b1 … 022af01&q={searchTerms} IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2843462 IE - HKU.DEFAULT…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=b1a974c2- … cf3022af01 IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\URLSearchHook: {5c81f57f-3cf7-4785-b4ef-11ace31aec4f} - C:\Program Files (x86)\Bigpoint_Games_PL\tbBig0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://startsear.ch/?aff=10&src=sp&cf=b … 022af01&q={searchTerms} IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{27145F60-44DA-49D9-ADE1-922FD9A1E162}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=b1 … 022af01&q={searchTerms} IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={02DA76D0-B1DB-4251-BCAA-9FA06AB2C52B}&mid=eaf649a02c04b5f1f6a19a613af33ea4-b89e2b072939e07c68764cb8ad31b951b9e71849〈=pl&ds=AVG&pr=fr&d=2011-12-10 11:26:34&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2843462 IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{CFE4EFE8-3AF6-4591-B589-E5833C64AA97}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=b1 … 022af01&q={searchTerms} IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\SearchScopes{FCA9D19A-19AF-4E02-837A-C2BF198F1BA1}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=741bc94500000000000020cf3022af01 IE - HKU\S-1-5-21-4478474-1031681600-2270507633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = 127.0.0.1:9421; FF - prefs.js…browser.search.defaultenginename: “Web Search” FF - prefs.js…browser.search.order.1: “Web Search” FF - prefs.js…browser.startup.homepage: “http://startsear.ch/?aff=1&cf=b1a974c2-2370-11e1-ac7a-20cf3022af01 ” FF - prefs.js…keyword.URL: “http://isearch.avg.com/search?cid={af402a6c-5b05-4a5b-aae6-960f3336e978}&mid=eaf649a02c04b5f1f6a19a613af33ea4-b89e2b072939e07c68764cb8ad31b951b9e71849&ds=AVG&v=10.2.0.3〈=pl&pr=fr&d=2011-12-10%2011%3A26%3A34&sap=ku&q= ” [2012-04-10 21:19:34 | 000,000,793 | ---- | M] () – C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\un4qr5jb.default\searchplugins\startsear.xml [2011-10-02 17:18:03 | 000,002,288 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM…\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM…\Run: [browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe () O4 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found O4 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Run: [uTorrent] “C:\Program Files (x86)\uTorrent\uTorrent.exe” /MINIMIZED File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Get 2 FREE Audiobooks.lnk = File not found [2012-06-03 20:03:19 | 000,000,109 | ---- | M] () – C:\user.js [2012-04-10 21:17:00 | 001,915,904 | ---- | C] () – C:\Windows\SysWow64\4dc3522d.dll [2010-10-06 16:40:25 | 000,000,250 | ---- | M] () – C:\Windows\Tasks\Net4Switch.job [2012-03-14 21:34:52 | 000,075,045 | ---- | C] () – C:\Windows\SysWow64\db276304.exe [2011-10-02 17:18:01 | 000,000,000 | —D | M] – C:\Users\Kasia\AppData\Roaming\Babylon :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Aj! Wyłączyłam raport z usuwania. Można go gdzieś jeszcze znaleźć?
Log ze skanowania: http://wklej.to/B4Usg
Atis
(Atis)
17 Czerwiec 2012 20:41
#4
Odinstaluj McAfee Security Scan.
Wklej i kliknij Wykonaj skrypt:
:OTL [2011-10-02 17:18:10 | 000,000,000 | —D | M] (Babylon) – C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\un4qr5jb.default\extensions\ffxtlbr@babylon.com [2011-02-19 17:51:52 | 000,000,000 | —D | M] (No name found) – C:\Users\Kasia\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Toolbar\WebBrowser: (no name) - {5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F} - No CLSID value found. O3 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKU\S-1-5-21-4478474-1031681600-2270507633-1000…\Run: [Akamai NetSession Interface] “C:\Users\Kasia\AppData\Local\Akamai\netsession_win.exe” File not found
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania.
Aby usunąć wszystkie punkty przywracania:
http://windows.microsoft.com/pl-PL/wind … tore-point
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes-AntiMalware.
Podczas instalacji kliknij Odrzuć żeby zainstalować tylko darmowy skaner.
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Po skanowaniu pojawiły mi się:
Trojan.Agent
PUP.V.ShareRedir
PUP.V.ShareRedir
Adware.TryMedia
Atis
(Atis)
18 Czerwiec 2012 19:19
#6
To kliknij Usuń zaznaczone i to wszystko.
Dziękuję ślicznie za pomoc