Wyskakujące reklamy w IE

[janek]

wyskakują mi reklamy w internet exploerze nawetgdy z niego nie korzystam (włączony firefox). Dodatkowo antywirus wyświetla komunikat:

{22116563-108c-42c0-a7ce-60161b75e508}.job próbuje zmodyfikować konfigurację systemu.

Próba utworzenia nowego zadania harmonogramu.

Wydawca: Nieznany wydawca

Żądanie modyfikacji ustawień zostało odrzucone.

OTL.Txt

Extras.Txt

[picasso]

Przypuszczalnie także nie działają gadżety Pulpitu. Zaadresuję to zagadnienie na wszelki wypadek. A jako kosmetyka sprzątnięcie śmieci Gadu-Gadu 10, niestety to zabieg nietrwały i znów się pojawią w trakcie używania Gadu masowe pliki Temp*.html.

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
C:\Windows\Hcuzea.exe
C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
C:\Users\Janek\AppData\Local\Temp*.html
 
:Reg
[HKEY_CURRENT_USER\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"CE8SIIFGSU"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\]
 
:Commands
[emptyflash]
[emptytemp]

 

Rozpocznij usuwanie przez opcję Wykonaj skrypt. System będzie restartował. Na koniec zgłosi się log z usuwania.

 

2. Przejdź do apletu deinstalacji oprogramowania i usuń:

 

• Śmieci sponsoringowe: DAEMON Tools Toolbar, free-downloads.net Toolbar oraz Winamp Toolbar.
  
• Zbędny jest także Akamai NetSession Interface, czyli downloader Adobe.
  

3. Przygotuj nowe logi z OTL opcją Skanuj. Dołącz log powstały z usuwania w punkcie 1.

 

 

 

.

[janek]

LOG po restarcie komputera oraz po ponownym włączeniu OTL

All processes killed

========== FILES ==========

C:\Windows\Hcuzea.exe moved successfully.

File\Folder C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.

C:\Users\Janek\AppData\Local\TempaF2488.html moved successfully.

C:\Users\Janek\AppData\Local\TempAG2832.html moved successfully.

C:\Users\Janek\AppData\Local\TempAo1468.html moved successfully.

C:\Users\Janek\AppData\Local\Tempao2612.html moved successfully.

C:\Users\Janek\AppData\Local\TempAP1300.html moved successfully.

C:\Users\Janek\AppData\Local\TempaP2928.html moved successfully.

C:\Users\Janek\AppData\Local\TempAQ2812.html moved successfully.

C:\Users\Janek\AppData\Local\TempaQ2908.html moved successfully.

C:\Users\Janek\AppData\Local\TempaY2908.html moved successfully.

C:\Users\Janek\AppData\Local\Tempay3124.html moved successfully.

C:\Users\Janek\AppData\Local\Tempbd2516.html moved successfully.

C:\Users\Janek\AppData\Local\Tempbf2888.html moved successfully.

C:\Users\Janek\AppData\Local\TempBF3408.html moved successfully.

C:\Users\Janek\AppData\Local\TempBG2604.html moved successfully.

C:\Users\Janek\AppData\Local\TempBi2984.html moved successfully.

C:\Users\Janek\AppData\Local\TempBK2272.html moved successfully.

C:\Users\Janek\AppData\Local\TempBl1292.html moved successfully.

C:\Users\Janek\AppData\Local\TempBm2632.html moved successfully.

C:\Users\Janek\AppData\Local\Tempbp3048.html moved successfully.

C:\Users\Janek\AppData\Local\TempBp3248.html moved successfully.

C:\Users\Janek\AppData\Local\Tempbt1260.html moved successfully.

C:\Users\Janek\AppData\Local\Tempbu2036.html moved successfully.

C:\Users\Janek\AppData\Local\TempBU3344.html moved successfully.

C:\Users\Janek\AppData\Local\TempBu3492.html moved successfully.

C:\Users\Janek\AppData\Local\TempBw2056.html moved successfully.

C:\Users\Janek\AppData\Local\TempBw2932.html moved successfully.

C:\Users\Janek\AppData\Local\TempcC2936.html moved successfully.

C:\Users\Janek\AppData\Local\TempcE2856.html moved successfully.

C:\Users\Janek\AppData\Local\TempCH2936.html moved successfully.

C:\Users\Janek\AppData\Local\Tempcj2760.html moved successfully.

C:\Users\Janek\AppData\Local\TempCJ2928.html moved successfully.

C:\Users\Janek\AppData\Local\Tempck2240.html moved successfully.

C:\Users\Janek\AppData\Local\TempCl2356.html moved successfully.

C:\Users\Janek\AppData\Local\Tempco3416.html moved successfully.

C:\Users\Janek\AppData\Local\TempcP3124.html moved successfully.

C:\Users\Janek\AppData\Local\TempcR1116.html moved successfully.

C:\Users\Janek\AppData\Local\TempCr2604.html moved successfully.

C:\Users\Janek\AppData\Local\TempcS3448.html moved successfully.

C:\Users\Janek\AppData\Local\Tempct3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempCu3816.html moved successfully.

C:\Users\Janek\AppData\Local\TempCX2332.html moved successfully.

C:\Users\Janek\AppData\Local\TempCz2692.html moved successfully.

C:\Users\Janek\AppData\Local\TempdD3140.html moved successfully.

C:\Users\Janek\AppData\Local\TempdE2916.html moved successfully.

C:\Users\Janek\AppData\Local\Tempdh2900.html moved successfully.

C:\Users\Janek\AppData\Local\TempDJ2900.html moved successfully.

C:\Users\Janek\AppData\Local\TempDs2776.html moved successfully.

C:\Users\Janek\AppData\Local\TempDU3012.html moved successfully.

C:\Users\Janek\AppData\Local\TempEe2728.html moved successfully.

C:\Users\Janek\AppData\Local\Tempef6320.html moved successfully.

C:\Users\Janek\AppData\Local\TempEm2764.html moved successfully.

C:\Users\Janek\AppData\Local\TempEn2908.html moved successfully.

C:\Users\Janek\AppData\Local\Tempeo2596.html moved successfully.

C:\Users\Janek\AppData\Local\TempER3132.html moved successfully.

C:\Users\Janek\AppData\Local\TempEt4764.html moved successfully.

C:\Users\Janek\AppData\Local\TempEX1360.html moved successfully.

C:\Users\Janek\AppData\Local\TempEz3248.html moved successfully.

C:\Users\Janek\AppData\Local\TempfA2592.html moved successfully.

C:\Users\Janek\AppData\Local\TempfH3012.html moved successfully.

C:\Users\Janek\AppData\Local\TempfI2776.html moved successfully.

C:\Users\Janek\AppData\Local\Tempfi4976.html moved successfully.

C:\Users\Janek\AppData\Local\TempFK1292.html moved successfully.

C:\Users\Janek\AppData\Local\TempfK1556.html moved successfully.

C:\Users\Janek\AppData\Local\TempFQ2716.html moved successfully.

C:\Users\Janek\AppData\Local\TempfR1840.html moved successfully.

C:\Users\Janek\AppData\Local\TempfRj232.html moved successfully.

C:\Users\Janek\AppData\Local\TempfX3956.html moved successfully.

C:\Users\Janek\AppData\Local\TempgE2784.html moved successfully.

C:\Users\Janek\AppData\Local\TempgF6320.html moved successfully.

C:\Users\Janek\AppData\Local\Tempgi2272.html moved successfully.

C:\Users\Janek\AppData\Local\TempgJ2056.html moved successfully.

C:\Users\Janek\AppData\Local\TempgQ2764.html moved successfully.

C:\Users\Janek\AppData\Local\TempGq3196.html moved successfully.

C:\Users\Janek\AppData\Local\TempgQ5336.html moved successfully.

C:\Users\Janek\AppData\Local\TempgS1704.html moved successfully.

C:\Users\Janek\AppData\Local\TempGS2908.html moved successfully.

C:\Users\Janek\AppData\Local\Tempgv2996.html moved successfully.

C:\Users\Janek\AppData\Local\TempHb2936.html moved successfully.

C:\Users\Janek\AppData\Local\Temphc3312.html moved successfully.

C:\Users\Janek\AppData\Local\TempHI2820.html moved successfully.

C:\Users\Janek\AppData\Local\TemphJ3196.html moved successfully.

C:\Users\Janek\AppData\Local\TempHO2168.html moved successfully.

C:\Users\Janek\AppData\Local\TempHP5320.html moved successfully.

C:\Users\Janek\AppData\Local\TempHs3532.html moved successfully.

C:\Users\Janek\AppData\Local\Temphw2908.html moved successfully.

C:\Users\Janek\AppData\Local\TempHx5312.html moved successfully.

C:\Users\Janek\AppData\Local\Temphy3160.html moved successfully.

C:\Users\Janek\AppData\Local\TempiC1700.html moved successfully.

C:\Users\Janek\AppData\Local\TempID1360.html moved successfully.

C:\Users\Janek\AppData\Local\TempiH1116.html moved successfully.

C:\Users\Janek\AppData\Local\Tempii1704.html moved successfully.

C:\Users\Janek\AppData\Local\TempiI3408.html moved successfully.

C:\Users\Janek\AppData\Local\Tempis2672.html moved successfully.

C:\Users\Janek\AppData\Local\TempIW2856.html moved successfully.

C:\Users\Janek\AppData\Local\Tempja3144.html moved successfully.

C:\Users\Janek\AppData\Local\TempjA5256.html moved successfully.

C:\Users\Janek\AppData\Local\Tempjc2464.html moved successfully.

C:\Users\Janek\AppData\Local\TempJc2504.html moved successfully.

C:\Users\Janek\AppData\Local\TempJC2816.html moved successfully.

C:\Users\Janek\AppData\Local\Tempje2288.html moved successfully.

C:\Users\Janek\AppData\Local\TempJH3688.html moved successfully.

C:\Users\Janek\AppData\Local\Tempjp2468.html moved successfully.

C:\Users\Janek\AppData\Local\TempjT3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempJx2168.html moved successfully.

C:\Users\Janek\AppData\Local\Tempjx2340.html moved successfully.

C:\Users\Janek\AppData\Local\Tempjx2516.html moved successfully.

C:\Users\Janek\AppData\Local\TempKE1840.html moved successfully.

C:\Users\Janek\AppData\Local\TempKG1860.html moved successfully.

C:\Users\Janek\AppData\Local\TempkG2332.html moved successfully.

C:\Users\Janek\AppData\Local\TempKK3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempKO4404.html moved successfully.

C:\Users\Janek\AppData\Local\Tempkou192.html moved successfully.

C:\Users\Janek\AppData\Local\TempkPM676.html moved successfully.

C:\Users\Janek\AppData\Local\TempkQ3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempKv2744.html moved successfully.

C:\Users\Janek\AppData\Local\TemplC2288.html moved successfully.

C:\Users\Janek\AppData\Local\TempLc3632.html moved successfully.

C:\Users\Janek\AppData\Local\Templd2652.html moved successfully.

C:\Users\Janek\AppData\Local\TempLP2800.html moved successfully.

C:\Users\Janek\AppData\Local\TemplR3320.html moved successfully.

C:\Users\Janek\AppData\Local\TempLS4764.html moved successfully.

C:\Users\Janek\AppData\Local\TemplT2908.html moved successfully.

C:\Users\Janek\AppData\Local\Templv2564.html moved successfully.

C:\Users\Janek\AppData\Local\Templw2288.html moved successfully.

C:\Users\Janek\AppData\Local\TempMa2632.html moved successfully.

C:\Users\Janek\AppData\Local\TempMa4976.html moved successfully.

C:\Users\Janek\AppData\Local\TempmD2280.html moved successfully.

C:\Users\Janek\AppData\Local\TempMD2976.html moved successfully.

C:\Users\Janek\AppData\Local\TempMg2276.html moved successfully.

C:\Users\Janek\AppData\Local\TempMM1300.html moved successfully.

C:\Users\Janek\AppData\Local\Tempmt2888.html moved successfully.

C:\Users\Janek\AppData\Local\TempMU2240.html moved successfully.

C:\Users\Janek\AppData\Local\TempMx3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempmY2504.html moved successfully.

C:\Users\Janek\AppData\Local\TempMZ3628.html moved successfully.

C:\Users\Janek\AppData\Local\TempnD3032.html moved successfully.

C:\Users\Janek\AppData\Local\TempnH3032.html moved successfully.

C:\Users\Janek\AppData\Local\TempNJ2820.html moved successfully.

C:\Users\Janek\AppData\Local\TempNR3544.html moved successfully.

C:\Users\Janek\AppData\Local\TempNs4548.html moved successfully.

C:\Users\Janek\AppData\Local\TempnV3068.html moved successfully.

C:\Users\Janek\AppData\Local\TempOH2964.html moved successfully.

C:\Users\Janek\AppData\Local\Tempoh3328.html moved successfully.

C:\Users\Janek\AppData\Local\TempoI4248.html moved successfully.

C:\Users\Janek\AppData\Local\TempoP1860.html moved successfully.

C:\Users\Janek\AppData\Local\TempoPG392.html moved successfully.

C:\Users\Janek\AppData\Local\Tempoq2964.html moved successfully.

C:\Users\Janek\AppData\Local\TempOS3568.html moved successfully.

C:\Users\Janek\AppData\Local\TempOv3144.html moved successfully.

C:\Users\Janek\AppData\Local\TempoW4404.html moved successfully.

C:\Users\Janek\AppData\Local\TemppA2612.html moved successfully.

C:\Users\Janek\AppData\Local\TempPe2564.html moved successfully.

C:\Users\Janek\AppData\Local\Temppk2760.html moved successfully.

C:\Users\Janek\AppData\Local\TempPR7392.html moved successfully.

C:\Users\Janek\AppData\Local\TempPt2744.html moved successfully.

C:\Users\Janek\AppData\Local\Temppv2752.html moved successfully.

C:\Users\Janek\AppData\Local\TempPz2804.html moved successfully.

C:\Users\Janek\AppData\Local\TempPZZ232.html moved successfully.

C:\Users\Janek\AppData\Local\TempqK1356.html moved successfully.

C:\Users\Janek\AppData\Local\TempqM5320.html moved successfully.

C:\Users\Janek\AppData\Local\TempQP1700.html moved successfully.

C:\Users\Janek\AppData\Local\TempQR3016.html moved successfully.

C:\Users\Janek\AppData\Local\TempqS2036.html moved successfully.

C:\Users\Janek\AppData\Local\Tempqw1356.html moved successfully.

C:\Users\Janek\AppData\Local\TempQw2280.html moved successfully.

C:\Users\Janek\AppData\Local\Tempqx1932.html moved successfully.

C:\Users\Janek\AppData\Local\TempqX2804.html moved successfully.

C:\Users\Janek\AppData\Local\TempQZ2832.html moved successfully.

C:\Users\Janek\AppData\Local\Temprd2936.html moved successfully.

C:\Users\Janek\AppData\Local\TempRm3320.html moved successfully.

C:\Users\Janek\AppData\Local\TempRQ2356.html moved successfully.

C:\Users\Janek\AppData\Local\TemprQ3448.html moved successfully.

C:\Users\Janek\AppData\Local\TempRv3136.html moved successfully.

C:\Users\Janek\AppData\Local\TemprW2568.html moved successfully.

C:\Users\Janek\AppData\Local\Tempry3048.html moved successfully.

C:\Users\Janek\AppData\Local\TempSh2984.html moved successfully.

C:\Users\Janek\AppData\Local\TempSI3056.html moved successfully.

C:\Users\Janek\AppData\Local\TempSj2708.html moved successfully.

C:\Users\Janek\AppData\Local\TempSK3688.html moved successfully.

C:\Users\Janek\AppData\Local\Tempst2948.html moved successfully.

C:\Users\Janek\AppData\Local\TempsX1920.html moved successfully.

C:\Users\Janek\AppData\Local\TempsX2340.html moved successfully.

C:\Users\Janek\AppData\Local\TempsY3416.html moved successfully.

C:\Users\Janek\AppData\Local\TempTb3068.html moved successfully.

C:\Users\Janek\AppData\Local\TempTc3632.html moved successfully.

C:\Users\Janek\AppData\Local\TempTE2716.html moved successfully.

C:\Users\Janek\AppData\Local\TempTf3192.html moved successfully.

C:\Users\Janek\AppData\Local\TemptH2568.html moved successfully.

C:\Users\Janek\AppData\Local\TempTM3508.html moved successfully.

C:\Users\Janek\AppData\Local\Temptm5176.html moved successfully.

C:\Users\Janek\AppData\Local\TemptQ2672.html moved successfully.

C:\Users\Janek\AppData\Local\TemptW2592.html moved successfully.

C:\Users\Janek\AppData\Local\Tempty3492.html moved successfully.

C:\Users\Janek\AppData\Local\Tempui2276.html moved successfully.

C:\Users\Janek\AppData\Local\TempUJ2916.html moved successfully.

C:\Users\Janek\AppData\Local\TempUl2720.html moved successfully.

C:\Users\Janek\AppData\Local\TempUL3508.html moved successfully.

C:\Users\Janek\AppData\Local\Tempum4548.html moved successfully.

C:\Users\Janek\AppData\Local\TempUt4364.html moved successfully.

C:\Users\Janek\AppData\Local\TempuV2828.html moved successfully.

C:\Users\Janek\AppData\Local\TempUW3132.html moved successfully.

C:\Users\Janek\AppData\Local\TempuW3628.html moved successfully.

C:\Users\Janek\AppData\Local\TempUY2948.html moved successfully.

C:\Users\Janek\AppData\Local\TempVA1468.html moved successfully.

C:\Users\Janek\AppData\Local\TempVd2900.html moved successfully.

C:\Users\Janek\AppData\Local\TempVD6032.html moved successfully.

C:\Users\Janek\AppData\Local\TempVE4800.html moved successfully.

C:\Users\Janek\AppData\Local\TempvI2760.html moved successfully.

C:\Users\Janek\AppData\Local\TempVN2488.html moved successfully.

C:\Users\Janek\AppData\Local\TempvO2272.html moved successfully.

C:\Users\Janek\AppData\Local\TempVS2720.html moved successfully.

C:\Users\Janek\AppData\Local\Tempvy3192.html moved successfully.

C:\Users\Janek\AppData\Local\TempWA2752.html moved successfully.

C:\Users\Janek\AppData\Local\TempWas676.html moved successfully.

C:\Users\Janek\AppData\Local\TempWb2988.html moved successfully.

C:\Users\Janek\AppData\Local\TempwC2692.html moved successfully.

C:\Users\Janek\AppData\Local\TempWd2964.html moved successfully.

C:\Users\Janek\AppData\Local\TempwF3048.html moved successfully.

C:\Users\Janek\AppData\Local\TempWg3344.html moved successfully.

C:\Users\Janek\AppData\Local\Tempwi1920.html moved successfully.

C:\Users\Janek\AppData\Local\TempWJ5256.html moved successfully.

C:\Users\Janek\AppData\Local\TempWm2708.html moved successfully.

C:\Users\Janek\AppData\Local\TempWp2816.html moved successfully.

C:\Users\Janek\AppData\Local\TempWP5336.html moved successfully.

C:\Users\Janek\AppData\Local\TempWs3328.html moved successfully.

C:\Users\Janek\AppData\Local\TempWT2760.html moved successfully.

C:\Users\Janek\AppData\Local\TempWV3568.html moved successfully.

C:\Users\Janek\AppData\Local\Tempwx2744.html moved successfully.

C:\Users\Janek\AppData\Local\TempXA2964.html moved successfully.

C:\Users\Janek\AppData\Local\TempXe3544.html moved successfully.

C:\Users\Janek\AppData\Local\TempxG4800.html moved successfully.

C:\Users\Janek\AppData\Local\TempXH3736.html moved successfully.

C:\Users\Janek\AppData\Local\TempXi3048.html moved successfully.

C:\Users\Janek\AppData\Local\Tempxk1260.html moved successfully.

C:\Users\Janek\AppData\Local\TempXL2728.html moved successfully.

C:\Users\Janek\AppData\Local\TempXm3312.html moved successfully.

C:\Users\Janek\AppData\Local\TempxN3160.html moved successfully.

C:\Users\Janek\AppData\Local\Tempxq3140.html moved successfully.

C:\Users\Janek\AppData\Local\Tempxr2800.html moved successfully.

C:\Users\Janek\AppData\Local\Tempxs3956.html moved successfully.

C:\Users\Janek\AppData\Local\TempxT2900.html moved successfully.

C:\Users\Janek\AppData\Local\TempXvc392.html moved successfully.

C:\Users\Janek\AppData\Local\Tempxz3136.html moved successfully.

C:\Users\Janek\AppData\Local\TempyE6032.html moved successfully.

C:\Users\Janek\AppData\Local\TempyG2448.html moved successfully.

C:\Users\Janek\AppData\Local\TempyK1556.html moved successfully.

C:\Users\Janek\AppData\Local\Tempyk5428.html moved successfully.

C:\Users\Janek\AppData\Local\Tempyp5176.html moved successfully.

C:\Users\Janek\AppData\Local\TempYs2988.html moved successfully.

C:\Users\Janek\AppData\Local\Tempyu5428.html moved successfully.

C:\Users\Janek\AppData\Local\Tempyx2928.html moved successfully.

C:\Users\Janek\AppData\Local\Tempza2468.html moved successfully.

C:\Users\Janek\AppData\Local\TempzA2596.html moved successfully.

C:\Users\Janek\AppData\Local\TempzA5312.html moved successfully.

C:\Users\Janek\AppData\Local\TempZe2828.html moved successfully.

C:\Users\Janek\AppData\Local\Tempzf2976.html moved successfully.

C:\Users\Janek\AppData\Local\Tempzh3140.html moved successfully.

C:\Users\Janek\AppData\Local\TempzL3532.html moved successfully.

C:\Users\Janek\AppData\Local\TempzN2932.html moved successfully.

C:\Users\Janek\AppData\Local\TempZR3140.html moved successfully.

C:\Users\Janek\AppData\Local\Tempzr3736.html moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

 

User: Default User

 

User: Janek

->Flash cache emptied: 324902 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Janek

->Temp folder emptied: 889412957 bytes

->Temporary Internet Files folder emptied: 101794237 bytes

->Java cache emptied: 1382436 bytes

->FireFox cache emptied: 65748219 bytes

->Google Chrome cache emptied: 386440873 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 98165497 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes

RecycleBin emptied: 138317646 bytes

 

Total Files Cleaned = 1 603,00 mb

 

 

OTL by OldTimer - Version 3.2.20.6 log created on 01272011_204418

 

Files\Folders moved on Reboot...

C:\Users\Janek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Janek\AppData\Local\Temp\WWW.rar not found!

 

Registry entries deleted on Reboot...

Extras.Txt

OTL.Txt

[picasso]

Po tej infekcji został jeszcze jeden wpis i DAEMON Tools Toolbar nie odinstalował się w sposób pełny. Nie odinstalowałeś też wszystkich pasków narzędziowych.

 

1. Odinstaluj free-downloads.net Toolbar (oparty na wątpliwym reputacją Conduit). Widzę taką pozycję u Ciebie na liście programów.

 

2. Przeglądarki mają być zamknięte. W OTL w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
IE - HKU\S-1-5-21-3910842946-1338297919-1448379615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.conduit.com?SearchSource=10&ctid=CT1098640"
O4 - HKU\S-1-5-21-3910842946-1338297919-1448379615-1001..\Run: [CE8SIIFGSU]  File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3:64bit: - HKU\S-1-5-21-3910842946-1338297919-1448379615-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
[2010-11-11 20:25:43 | 000,002,059 | ---- | M] () -- C:\Users\Janek\AppData\Roaming\Mozilla\Firefox\Profiles\rgbfify1.default\searchplugins\daemon-search.xml

Jak poprzednio: Wykonaj skrypt. Tym razem nie będzie restartu.

 

3. Wytwórz nowe logi z OTL.

 

 

 

.

[janek]

po wykonaniu skryptu:

========== OTL ==========

HKU\S-1-5-21-3910842946-1338297919-1448379615-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3910842946-1338297919-1448379615-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CE8SIIFGSU deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

64bit-Registry value HKEY_USERS\S-1-5-21-3910842946-1338297919-1448379615-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems

C:\Users\Janek\AppData\Roaming\Mozilla\Firefox\Profiles\rgbfify1.default\searchplugins\daemon-search.xml moved successfully.

 

OTL by OldTimer - Version 3.2.20.6 log created on 01272011_220303

Extras.Txt

OTL.Txt

[picasso]

1. Drobna powtórka do OTL:

 

:OTL
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
[2010-12-10 19:39:35 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Janek\AppData\Roaming\mozilla\Firefox\Profiles\rgbfify1.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011-01-27 20:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janek\AppData\Roaming\mozilla\Firefox\Profiles\rgbfify1.default\extensions\DTToolbar@toolbarnet.com
[2010-01-20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Janek\AppData\Roaming\Mozilla\Firefox\Profiles\rgbfify1.default\searchplugins\conduit.xml

Klik w Wykonaj skrypt. Po tym w OTL wywołaj funkcję Sprzątanie.

 

2. Wykonaj pełny skan przez Malwarebytes' Anti-Malware. Jeśli coś zostanie znalezione, zaprezentuj raport. Jeśli nic nie zostanie wykryte, przejdź do dalszych punktów:

 

3. Aktualizacja oprogramowania:

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish

Szczegóły aktualizacyjne w tym wątku: INSTRUKCJE.

 

4. Wyczyść foldery Przywracania systemu: INSTRUKCJE.

 

 

 

.

[janek]

znalazło 6 infekcji:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Wersja bazy: 5624

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2011-01-28 08:44:27

mbam-log-2011-01-28 (08-43-50).txt

 

Typ skanowania: Pełne skanowanie (C:\|D:\|)

Przeskanowano obiektów: 451129

Upłynęło: 1 godzin(y), 41 minut(y), 49 sekund(y)

 

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 4

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 2

 

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

 

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

 

Zainfekowanych kluczy rejestru:

HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

 

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

 

Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)

 

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

 

Zainfekowanych plików:

c:\Windows\System32\secushr.dat (Malware.Trace) -> No action taken.

c:\Windows\SysWOW64\secushr.dat (Malware.Trace) -> No action taken.

[picasso]

Wszystko usuń, są to ślady szkodników. Po ukończeniu tej operacji wykonaj dalsze punkty.

[janek]

Jest pewien problem nie ma umnie tego:

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22

"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish

przynajmniej nie w tej lokalizacji.

[picasso]

O jakiej lokalizacji mówisz? Mnie chodzi o wejście do Panel sterowania > Programy > Odinstaluj program.

[janek]

Dobra już jest. Ja szukałem tego w rejestrze: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Ale tak jak mowisz jest to w panelu sterowania dodaj usuń programy. Wielkie dzieki za pomoc

[picasso]

Ja szukałem tego w rejestrze: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

 

Ja tylko zakreśliłam to w celach pokazowych. Informacyjnie: nie możesz znaleźć tych wpisów w powyższym, ponieważ akurat to nie ten klucz należy sprawdzać w prawdziwym rejestrze. Tak wygląda dostęp do 64-bitowego klucza deinstalacji. Natomiast OTL oznaczył klucz należny do Java i Adobe jako 32-bitowy, czyli wpisy siedzą tu:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

 

 

 

.

[janek]

Ok wszystko przebiegło pozytywnie, system naprawiony i nie wyskakują niepożądane okienka. Raz jeszcze dziękuję picasso - jesteś wielka

Edytowane 28 Stycznia 2011 przez picasso
Problem rozwiązany. Temat zamykam. //picasso