Witam,
proszę o pomoc,
po przeskanowaniu Malwarebytes’ Anti-Malware, wykrył zainfekowane obiekty, które usunęłam.
zrobiłam logi OTL i usunęłam:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … id=3196&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … e&tid=3196
IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … id=3196&q={searchTerms}
FF - prefs.js…browser.search.defaultengine: “Web Search”
FF - prefs.js…browser.search.defaultenginename: “Web Search”
FF - prefs.js…browser.search.order.1: “Web Search”
FF - prefs.js…keyword.URL: “http://search.certified-toolbar.com?si=41460&tid=3196&bs=true&q=”
[2013-01-16 12:38:32 | 000,003,269 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
[2013-01-16 12:39:57 | 000,000,000 | —D | C] – C:\Users\Ola\AppData\Local\DownTango
[2013-01-16 12:39:55 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
:Commands
[emptytemp]
niestety, Toolbar cały czas jest.
Nowe logi