Aktualizacje na programosy.pl:
Exportizer • reaConverter Lite • Grammarly for Chrome • FileZilla Portable • FileZilla • W10Privacy • Paint.NET • BurnAware Free • K7 AntiVirus Premium
-
- Ogłoszenie:
1wirus cyberprzestępczość departament policji
7 posty(ów) • Strona 1 z 1
1wirus cyberprzestępczość departament policji
przez Petronas 10 Sty 2013, 16:13
- Załączniki
-
Gmer.txt- (13.56 KiB) Ściągnięto 15 razy
-
- Extras.Txt
- (39.35 KiB) Ściągnięto 17 razy
-
- OTL.Txt
- (97.08 KiB) Ściągnięto 16 razy
1wirus cyberprzestępczość departament policji
przez ordynat 10 Sty 2013, 16:26
1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
2) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt
3) Zrób to:
>>C:\WINDOWS\system32\drivers\etc\HOSTS >> otwórz jako Notatnik>>usuń wszystkie wpisy , zostaw tylko:
127.0.0.1 localhost
# ::1 localhost oraz te wpisy, które sam tam dodałeś.
:Files
C:\Users\Paulina\wgsdgsdgdsgsd.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\dsgsdgdsgdsgw.js
C:\Users\Paulina\AppData\Local\Temp*.html
C:\Windows\unrar.exe
C:\Windows\loader2.exe_ok
:OTL
DRV - File not found [Kernel | System | Stopped] -- -- (ntiomin)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bcbus.sys -- (bcbus)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/facesmooch3/{F669252E-62AF-41C3-998B-6CCD1560B677}
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\SearchScopes\{8E4792EC-9CF7-416E-9E36-D99B330592DE}: "URL" = http://search.avg.com/route/?d=4e256ffa&v=7.5.30.4&i=27&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/facesmooch3/{F669252E-62AF-41C3-998B-6CCD1560B677}?q={searchTerms}
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\SearchScopes\{FD1B523F-9CEB-45C1-AB80-78DC96C0A6D4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=0CEEAAB2-FDC9-4D96-A977-D3E6EC201F36&apn_sauid=DAED6385-A57B-49CB-892B-E3EA01EBD858
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2012-11-22 07:32:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-11-07 16:10:26 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013-01-06 00:45:35 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011-03-27 09:36:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com
[2011-02-26 09:30:27 | 000,002,059 | ---- | M] () -- C:\Users\Paulina\AppData\Roaming\mozilla\firefox\profiles\u0tyjxah.default\searchplugins\daemon-search.xml
[2011-03-27 15:43:34 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-4129260249-340497170-1701674342-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
[2012-10-19 22:50:16 | 000,000,000 | -HSD | M] -- C:\Users\Paulina\AppData\Roaming\.#
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
2) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt
3) Zrób to:
>>C:\WINDOWS\system32\drivers\etc\HOSTS >> otwórz jako Notatnik>>usuń wszystkie wpisy , zostaw tylko:
127.0.0.1 localhost
# ::1 localhost oraz te wpisy, które sam tam dodałeś.
- ordynat
- ~user
- Posty: 4765
- Dołączenie: 02 Kwi 2010, 11:18
- Pochwały: 866
1wirus cyberprzestępczość departament policji
przez Petronas 10 Sty 2013, 17:43
[code][/code]All processes killed
========== FILES ==========
C:\Users\Paulina\wgsdgsdgdsgsd.exe moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Paulina\AppData\Local\TempAvJ600.html moved successfully.
C:\Users\Paulina\AppData\Local\TempaW3572.html moved successfully.
C:\Users\Paulina\AppData\Local\TempBR3508.html moved successfully.
C:\Users\Paulina\AppData\Local\TempCB3168.html moved successfully.
C:\Users\Paulina\AppData\Local\TempcU3832.html moved successfully.
C:\Users\Paulina\AppData\Local\TempDD4480.html moved successfully.
C:\Users\Paulina\AppData\Local\TempDG3716.html moved successfully.
C:\Users\Paulina\AppData\Local\TempdN2508.html moved successfully.
C:\Users\Paulina\AppData\Local\TempeH3168.html moved successfully.
C:\Users\Paulina\AppData\Local\TempEX1428.html moved successfully.
C:\Users\Paulina\AppData\Local\TempFk4144.html moved successfully.
C:\Users\Paulina\AppData\Local\TempFm3136.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGI3456.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGT3464.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGW4480.html moved successfully.
C:\Users\Paulina\AppData\Local\Temple3144.html moved successfully.
C:\Users\Paulina\AppData\Local\TempnB3684.html moved successfully.
C:\Users\Paulina\AppData\Local\TempNh1892.html moved successfully.
C:\Users\Paulina\AppData\Local\TempoE1892.html moved successfully.
C:\Users\Paulina\AppData\Local\Temppb1012.html moved successfully.
C:\Users\Paulina\AppData\Local\TempQm1928.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempqy3324.html moved successfully.
C:\Users\Paulina\AppData\Local\TemprA3652.html moved successfully.
C:\Users\Paulina\AppData\Local\TemprV3600.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempsm3752.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempso2940.html moved successfully.
C:\Users\Paulina\AppData\Local\TempTD3260.html moved successfully.
C:\Users\Paulina\AppData\Local\TempTr3508.html moved successfully.
C:\Users\Paulina\AppData\Local\TemptX1892.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempws5276.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempxc3980.html moved successfully.
C:\Users\Paulina\AppData\Local\TempYn7880.html moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
========== OTL ==========
Service ntiomin stopped successfully!
Service ntiomin deleted successfully!
Service eamonm stopped successfully!
Service eamonm deleted successfully!
File system32\DRIVERS\eamonm.sys not found.
Service bcbus stopped successfully!
Service bcbus deleted successfully!
File system32\DRIVERS\bcbus.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E4792EC-9CF7-416E-9E36-D99B330592DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E4792EC-9CF7-416E-9E36-D99B330592DE}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD1B523F-9CEB-45C1-AB80-78DC96C0A6D4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD1B523F-9CEB-45C1-AB80-78DC96C0A6D4}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\firefox\profiles\u0tyjxah.default\searchplugins\daemon-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Users\Paulina\AppData\Roaming\.# folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Paulina
->Temp folder emptied: 3757326 bytes
->Temporary Internet Files folder emptied: 1515110 bytes
->Java cache emptied: 4685145 bytes
->FireFox cache emptied: 68339871 bytes
->Flash cache emptied: 4366 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_153115
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== FILES ==========
C:\Users\Paulina\wgsdgsdgdsgsd.exe moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\Paulina\AppData\Local\TempAvJ600.html moved successfully.
C:\Users\Paulina\AppData\Local\TempaW3572.html moved successfully.
C:\Users\Paulina\AppData\Local\TempBR3508.html moved successfully.
C:\Users\Paulina\AppData\Local\TempCB3168.html moved successfully.
C:\Users\Paulina\AppData\Local\TempcU3832.html moved successfully.
C:\Users\Paulina\AppData\Local\TempDD4480.html moved successfully.
C:\Users\Paulina\AppData\Local\TempDG3716.html moved successfully.
C:\Users\Paulina\AppData\Local\TempdN2508.html moved successfully.
C:\Users\Paulina\AppData\Local\TempeH3168.html moved successfully.
C:\Users\Paulina\AppData\Local\TempEX1428.html moved successfully.
C:\Users\Paulina\AppData\Local\TempFk4144.html moved successfully.
C:\Users\Paulina\AppData\Local\TempFm3136.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGI3456.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGT3464.html moved successfully.
C:\Users\Paulina\AppData\Local\TempGW4480.html moved successfully.
C:\Users\Paulina\AppData\Local\Temple3144.html moved successfully.
C:\Users\Paulina\AppData\Local\TempnB3684.html moved successfully.
C:\Users\Paulina\AppData\Local\TempNh1892.html moved successfully.
C:\Users\Paulina\AppData\Local\TempoE1892.html moved successfully.
C:\Users\Paulina\AppData\Local\Temppb1012.html moved successfully.
C:\Users\Paulina\AppData\Local\TempQm1928.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempqy3324.html moved successfully.
C:\Users\Paulina\AppData\Local\TemprA3652.html moved successfully.
C:\Users\Paulina\AppData\Local\TemprV3600.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempsm3752.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempso2940.html moved successfully.
C:\Users\Paulina\AppData\Local\TempTD3260.html moved successfully.
C:\Users\Paulina\AppData\Local\TempTr3508.html moved successfully.
C:\Users\Paulina\AppData\Local\TemptX1892.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempws5276.html moved successfully.
C:\Users\Paulina\AppData\Local\Tempxc3980.html moved successfully.
C:\Users\Paulina\AppData\Local\TempYn7880.html moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\loader2.exe_ok moved successfully.
========== OTL ==========
Service ntiomin stopped successfully!
Service ntiomin deleted successfully!
Service eamonm stopped successfully!
Service eamonm deleted successfully!
File system32\DRIVERS\eamonm.sys not found.
Service bcbus stopped successfully!
Service bcbus deleted successfully!
File system32\DRIVERS\bcbus.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E4792EC-9CF7-416E-9E36-D99B330592DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E4792EC-9CF7-416E-9E36-D99B330592DE}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD1B523F-9CEB-45C1-AB80-78DC96C0A6D4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD1B523F-9CEB-45C1-AB80-78DC96C0A6D4}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\Firefox\Profiles\u0tyjxah.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Paulina\AppData\Roaming\mozilla\firefox\profiles\u0tyjxah.default\searchplugins\daemon-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-4129260249-340497170-1701674342-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Users\Paulina\AppData\Roaming\.# folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Paulina
->Temp folder emptied: 3757326 bytes
->Temporary Internet Files folder emptied: 1515110 bytes
->Java cache emptied: 4685145 bytes
->FireFox cache emptied: 68339871 bytes
->Flash cache emptied: 4366 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_153115
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- Załączniki
-
- AdwCleaner[S1].txt
- (33.96 KiB) Ściągnięto 13 razy
-
- OTL1.Txt
- (59.99 KiB) Ściągnięto 20 razy
1wirus cyberprzestępczość departament policji
przez ordynat 10 Sty 2013, 17:48
Nie zapomnij wykonać punktu 3 z mojego poprzedniego postu.
Chodzi o usunięcie wpisów z pliku HOSTS, pochodzących od infekcji z Facebooka.
Poza tym - OK.
W Adw-Cleaner kliknij na przycisk Odinstaluj
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.
Chodzi o usunięcie wpisów z pliku HOSTS, pochodzących od infekcji z Facebooka.
Poza tym - OK.
W Adw-Cleaner kliknij na przycisk Odinstaluj
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.
- ordynat
- ~user
- Posty: 4765
- Dołączenie: 02 Kwi 2010, 11:18
- Pochwały: 866
-
1wirus cyberprzestępczość departament policji
przez Petronas 10 Sty 2013, 17:57
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Tak wyglda ten plik czy cos tu usunac?
[code][/code]
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Tak wyglda ten plik czy cos tu usunac?
[code][/code]
1wirus cyberprzestępczość departament policji
przez Petronas 10 Sty 2013, 18:14
Serdecznie dziękuje.Pozdrawiam.
7 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 5 gości