1) Odinstaluj:
"
NetCrawl" = NetCrawl
"
Mobogenie" = Mobogenie
"
sweet-page uninstall" = sweet-page uninstall
"
WindowsMangerProtect" = WindowsMangerProtect20.0.0.502
2) Użyj
Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner.txt.
3) Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:OTL
MOD - [2014-09-01 17:02:50 | 000,098,592 | ---- | M] () -- C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
MOD - [2014-09-01 17:02:49 | 000,195,360 | ---- | M] () -- C:\Program Files (x86)\NetCrawl\bin\6fcd609296154f7f8898.dll
MOD - [2014-08-31 03:28:34 | 000,162,080 | ---- | M] () -- C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
SRV - [2014-08-31 17:41:23 | 000,323,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe -- (Update NetCrawl)
SRV - [2014-08-31 17:40:19 | 000,323,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe -- (Util NetCrawl)
RV - [2014-07-03 19:54:29 | 000,535,936 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2014-06-19 11:40:42 | 000,757,872 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
DRV:64bit: - [2014-07-16 06:55:18 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys -- ({6fcd6092-9615-4f7f-8898-8df53980e5d2}w64)
DRV:64bit: - [2014-07-03 11:23:20 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys -- ({6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
IE - HKU\S-1-5-21-983520209-4076795651-2901924220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Program Files (x86)\NetCrawl\bin\Pac9064.js
[2014-02-25 16:10:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\newnext.me
[2014-07-03 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupTab
[2014-08-03 12:01:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\sweet-page
:Files
C:\Users\wangzhisong
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom
OTL ponownie, tym razem kliknij
Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
.