1) Odinstaluj:
"Bonanza Deals" = Bonanza Deals (remove only)
"sweet-page uninstaller" = sweet-page uninstaller
"WPM" = WPM18.8.0.212
2) Użyj >
Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt
3) Uruchom
OTL i w oknie
Własne opcje skanowania/Skrypt wklej to:
:OTL
SRV - [2014-04-12 15:08:06 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2014-04-11 04:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014-04-09 19:46:39 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe -- (Util RightSurf)
SRV - [2014-04-08 20:51:26 | 000,350,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RightSurf\updateRightSurf.exe -- (Update RightSurf)
SRV - [2013-11-17 21:05:43 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013-11-17 21:05:43 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\PROGRA~2\SupTab\SEARCH~2.DLL (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\PROGRA~2\SupTab\SEARCH~1.DLL (Skytech Co., Ltd.)
[2014-04-12 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\Sabina\AppData\Roaming\SupTab
[2014-04-12 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014-04-12 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014-04-12 15:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014-04-12 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Sabina\AppData\Roaming\sweet-page
[2014-04-12 15:07:13 | 000,000,000 | ---D | C] -- C:\Users\Sabina\AppData\Roaming\AppCloudUpdater
[2013-11-30 14:02:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SysWow64\AI_RecycleBin
[2013-11-30 13:41:11 | 000,000,000 | ---D | C] -- C:\Users\Sabina\Documents\Mobogenie
[2014-04-18 10:10:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2014-04-18 09:31:31 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2014-04-12 15:07:15 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\AppCloudUpdater.job
[2014-04-11 17:44:56 | 000,000,009 | ---- | M] () -- C:\END
[2014-01-27 01:17:02 | 000,386,722 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013-09-23 19:48:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Dealply.job
:Files
C:\Users\wangzhisong
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com/"
:Commands
[emptytemp]
Kliknij w
Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
4) Zrób log z OTL na ustawieniach:
Procesy - brak
Moduły - brak
Sterowniki - brak
Rejestr-skan dodatkowy - brak
zaznacz w okienku przy "Pomiń pliki Microsoftu"
zaznacz w okienku przy "Pomiń znane dobre pliki"
zaznacz przy "Infekcja LOP"
brak zaznaczenia przy "Infekcja Purity".