HEUR:Trojan.Win32.Generic

przez **KubaIV** » 19 Sie 2012, 17:41

Witam, otóż mam taki problem
próbowałem wyłączyć w tuneup utilities 2012 aplikacje euseo, lecz się nie dało
zaciekawiło mnie to, więc zrobiłem skan virustotalem i wyszło, że 15 na 41 antywirusów wykryło wirusa
Kaspersky wykrył wirusa o nazwie HEUR:Trojan.Win32.Generic, więc postanowiłem usunąć go po prostu, lecz po restarcie systemu on znowu się pojawia...
Nie wiem co robić
z góry dzięki za pomoc

Log z OTL:
http://www.wklej.eu/index.php?id=d42918af2c

Extras:
http://www.wklej.eu/index.php?id=e5953969ac

przez **bajbus** » 19 Sie 2012, 18:05

Brak logu z GMER otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736 uzupelnij

przez **kominekl** » 19 Sie 2012, 22:27

Brak logu z GMER otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736 uzupelnij

Odpada, bo to system 64 bity.

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"V9Software" = Deinstalator Strony V9

Odinstaluj to oprogramowanie.

Logi.

Uruchom OTL

w oknie Własne opcje skanowania/skrypt wklej:

Kod: Zaznacz wszystko: :OTL IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=0885992a-49af-4e62-abfd-1dabe482df63&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/ IE - HKCU\..\SearchScopes,DefaultScope = {FC029A97-D024-45F0-ACF8-25A8038CD795} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=0885992a-49af-4e62-abfd-1dabe482df63&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{A8BDA6A7-9B7E-48ED-8079-7DD173F5B2CE}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{FC029A97-D024-45F0-ACF8-25A8038CD795}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maciek\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maciek\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) [2012-08-03 15:02:27 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Maciek\AppData\Roaming\mozilla\Firefox\Profiles\lsnsjnh3.default\extensions\[email protected] CHR - Extension: Complitly plugin for chrome = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: DealPly = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Complitly plugin for chrome = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: DealPly = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Maciek\AppData\Roaming\Complitly\Complitly.dll File not found O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - Startup: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\euseo.exe () O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0) :Files C:\Users\Maciek\AppData\Local\Google\Update C:\Windows\tasks\*.* :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] :Commands [emptyflash] [clearallrestorepoints] [emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z ADWCleaner (z opcji Delete)

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 + log z TDSSKiller

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 + nowe logi z OTL + log z Autoruns

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.

przez **KubaIV** » 20 Sie 2012, 09:46

Oto linki do Logów:

Log z OTL po skrypcie:

http://www.wklej.eu/index.php?id=032babe46d

Log z AdwCleaner:

http://www.wklej.eu/index.php?id=0f020ca513

Log z TDSSKiller:

http://www.wklej.eu/index.php?id=30d32cbaba

Nowy Log z OTL:

http://www.wklej.eu/index.php?id=1408a907fc

AutoRuns:

http://www14.zippyshare.com/v/26104453/file.html

P.S: po zrobieniu ostatniego skanowania w OTL otworzył się tylko 1 Notatnik o nazwie OTL, nie pojawił się drugi o nazwie Extras

przez **Pangia** » 20 Sie 2012, 11:36

KubaIV napisał(a):P.S: po zrobieniu ostatniego skanowania w OTL otworzył się tylko 1 Notatnik o nazwie OTL, nie pojawił się drugi o nazwie Extras

Pewno nie zastosowałeś się do tej instrukcji i OTL nie zrobił nowego logu jak trzeba

przez **KubaIV** » 20 Sie 2012, 16:19

Pangia napisał(a):
KubaIV napisał(a):P.S: po zrobieniu ostatniego skanowania w OTL otworzył się tylko 1 Notatnik o nazwie OTL, nie pojawił się drugi o nazwie Extras

Pewno nie zastosowałeś się do tej instrukcji i OTL nie zrobił nowego logu jak trzeba

Nowy skan z OTL:

http://www.wklej.eu/index.php?id=86ff881f88

i Extras:

http://www.wklej.eu/index.php?id=96875a16b7

jeszcze chciałbym dodać, że plik ghcmby.exe ma taką samą ikonkę jak miał euseo.exe, a na dodatek nie mogę z nim nic zrobić, bo pisze że nie mam uprawnień administratora a ja jestem administratorem...

przez **kominekl** » 20 Sie 2012, 18:01

Autoruns.

W Autoruns odznacz, a następnie usuń (co się bedzie dało):

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

EasyTuneVI

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

Microsoft Windows

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components

Microsoft Windows

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DAEMON Tools Lite
htqvspr
Skype

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Wszystko.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Wszystko.

HKLM\System\CurrentControlSet\Services

AMD External Events Utility
gusvc
IDriverT
MozillaMaintenance
MSSQL$SQLEXPRESS
ose
PnkBstrA
SkypeUpdate
StarWindServiceAE
TuneUp.UtilitiesSvc
UxTuneUp
WinDefend
WireHelpSvc
WMPNetworkSvc

HKLM\System\CurrentControlSet\Services

EagleX64
PARLDR2K
vserial

"TuneUp Utilities 2012_is1" = TuneUp Utilities 2012 wersja 12.0.3600.104

Odinstaluj to oprogramowanie.

Logi.

Uruchom OTL

w oknie Własne opcje skanowania/skrypt wklej:

:OTL

:Files
C:\Program Files (x86)\TuneUp Utilities 2012
C:\TDSSKiller_Quarantine
C:\Users\Maciek\AppData\Local\ghcmby.exe
C:\Users\Maciek\AppData\Roaming\TuneUp Software

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

przez **KubaIV** » 20 Sie 2012, 21:35

Odinstalować tuneup.?
ja go używam do zwiększenia wydajności komputera

przez **KubaIV** » 20 Sie 2012, 21:53

Log z OTL po skrypcie:
http://www.wklej.eu/index.php?id=4c0c5192a0

Nowe Logi z OTL:

OTL:
http://www.wklej.eu/index.php

Extras:
http://www.wklej.eu/index.php?id=d90488268b

przez **kominekl** » 21 Sie 2012, 12:13

ja go używam do zwiększenia wydajności komputera

Fakt do tego służy, ale po przestawieniu opcji na optymalne w rzeczywistości już się nie przydaję, bo tylko zwalnia system.

Logi.

Błąd podania. Powtórz.

przez **KubaIV** » 22 Sie 2012, 11:24

Nowy log OTL:

http://www.wklej.eu/index.php?id=b404c68c85

Extras:

http://www.wklej.eu/index.php

przez **kominekl** » 22 Sie 2012, 13:26

AVG.

Pozbądź się resztek

http://www.instalki.pl/programy/downloa ... mover.html. Ponadto wywal tego TuneUp`a za pomocą Revo Uninstaller`a w trybie zaawansowanym (po wcześniejszym zaznaczeniu w nim opcji

Pokazuj Elementy Systemowe)

https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/revo-uninstaller/

Logi.

Uruchom OTL

w oknie Własne opcje skanowania/skrypt wklej:

Kod: Zaznacz wszystko: :OTL IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B1209F00-EF9F-4897-870A-97A93979DF4F}&mid=7f88b7ebd85047d085e6d16d5b962906-3955ea0f29a2d60adf97937871f3c80b381b83f6&lang=pl&ds=AVG&pr=fr&d=2012-08-21 13:35:58&v=12.2.0.5&sap=dsp&q={searchTerms} FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=c3309f36-0e70-4016-9716-d2b2b7ad3e96&affid=111585&searchtype=hp&babsrc=lnkry" FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bd581c44e-08c4-4b69-b61f-e02a99d0bef0%7D&mid=7f88b7ebd85047d085e6d16d5b962906-3955ea0f29a2d60adf97937871f3c80b381b83f6&ds=AVG&v=12.2.0.5&lang=pl&pr=fr&d=2012-08-21%2013%3A35%3A58&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-08-21 13:33:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012-08-21 13:36:13 | 000,000,000 | ---D | M] [2012-08-21 15:01:01 | 000,002,474 | ---- | M] () -- C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\lsnsjnh3.default\searchplugins\Web Search.xml [2012-08-21 13:36:13 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5 CHR - Extension: AVG Secure Search = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\ CHR - Extension: AVG Do Not Track = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: AVG Secure Search = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\ CHR - Extension: AVG Do Not Track = C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ O2:[b]64bit:[/b] - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-4264085835-547092888-1601998623-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll () O27:[b]64bit:[/b] - HKLM IFEO\acrord32.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\backitup.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\coverdes.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\discspeed.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\drivespeed.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\et6sc.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\excel.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\groove.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\infopath.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\infotool.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\nero.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\neroburnrights.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\nerohome.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\neromediahome.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\nerorescueagent.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\neroscoutoptions.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\nerostartsmart.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\nerovision.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\outlook.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\photosnap.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\photosnapviewer.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\recode.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\setupx.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\showtime.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\soundtrax.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\teamviewer.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\waveedit.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27:[b]64bit:[/b] - HKLM IFEO\winword.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\acrord32.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\backitup.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\coverdes.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\discspeed.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\drivespeed.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\et6sc.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\excel.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\groove.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\infopath.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\infotool.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\nero.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\neroburnrights.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\nerohome.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\neromediahome.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\nerorescueagent.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\nerostartsmart.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\nerovision.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\outlook.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\photosnap.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\photosnapviewer.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\recode.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\setupx.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\showtime.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\soundtrax.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\teamviewer.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\waveedit.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\winword.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) :Files C:\Users\Maciek\AppData\Roaming\OpenCandy C:\Program Files (x86)\Common Files\AVG Secure Search C:\Program Files (x86)\AVG C:\ProgramData\AVG Secure Search C:\Users\Maciek\AppData\Roaming\AVG2012 C:\Users\Maciek\AppData\Local\AVG Secure Search C:\ProgramData\AVG Secure Search C:\Windows\SysNative\drivers\avgtpx64.sys C:\Program Files (x86)\AVG Secure Search C:\Windows\SysWow64\drivers\AVG C:\$AVG C:\ProgramData\AVG2012 C:\Windows\SysNative\drivers\AVG C:\Users\Maciek\AppData\Roaming\TuneUp Software C:\Windows\SysNative\uxtuneup.dll C:\Windows\SysNative\TURegOpt.exe C:\Users\Maciek\temp C:\Users\Maciek\Desktop\jre-7u5-windows-x64(dobreprogramy.pl).exe :Commands [emptyflash] [clearallrestorepoints] [emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

przez **mateo8898** » 22 Sie 2012, 13:29

Czemu zalecasz usunięcie AVG??? Już prędzej zaleciłbym usunięcie starego Avasta.

przez **kominekl** » 22 Sie 2012, 13:34

mati8898 napisał(a):Czemu zalecasz usunięcie AVG??? Już prędzej zaleciłbym usunięcie starego Avasta.

Avast do aktualizacji. Jest lżejszy od AVG, a wcale nie mniej skuteczny.

przez **mateo8898** » 22 Sie 2012, 13:54

Skoro tak to jego też trzeba odinstalować

http://www.instalki.pl/programy/downloa ... ility.html

HEUR:Trojan.Win32.Generic

HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Re: HEUR:Trojan.Win32.Generic

Kto jest na forum