:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=imb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=imb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=imb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=imb
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
[2012/04/01 17:50:04 | 000,002,415 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2011/06/08 18:49:25 | 000,000,000 | ---D | M]
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
[2012/04/01 17:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v9Soft
[2012/04/01 17:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
:Commands
[emptytemp]
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandasecurity.com/activescan\ deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\v9Soft folder moved successfully.
C:\Program Files (x86)\pazera-software\MP4_to_AVI_Converter\profiles folder moved successfully.
C:\Program Files (x86)\pazera-software\MP4_to_AVI_Converter folder moved successfully.
C:\Program Files (x86)\pazera-software folder moved successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
ADS C:\ProgramData\Temp:2B11E0DF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gość
->Temp folder emptied: 750848 bytes
->Temporary Internet Files folder emptied: 64044 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 139062248 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1943 bytes
User: Lukasz
User: Public
User: úukasz
User: Łukasz
->Temp folder emptied: 1355777 bytes
->Temporary Internet Files folder emptied: 1592993 bytes
->Java cache emptied: 515135 bytes
->FireFox cache emptied: 49406896 bytes
->Google Chrome cache emptied: 19561796 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57873 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 150467 bytes
Total Files Cleaned = 203.00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_063020
Files\Folders moved on Reboot...
C:\Users\Łukasz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\sqlite_41iqM1vBntJbjlX moved successfully.
C:\windows\temp\sqlite_5KdEwFTRVvdc4OV moved successfully.
C:\windows\temp\sqlite_i5tYQhIcVHweQzs moved successfully.
Registry entries deleted on Reboot...
V9Software" = Deinstalator Strony V9
V9 uruchamia się poprzez dopisanie do skrótu przeglądarki internetowej.
Najlepiej jest usunąć V9 z opcji przeglądarki a następnie kliknąć prawym na skrócie przeglądarki w menu start i w oknie które się nam pojawiło w polu Element docelowy usuwamy wszystko po .exe pewnie będzie to coś w stylu http://www.v9.com&.......
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
:Reg
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="about:blank"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"="about:blank"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
:Commands
[emptytemp]
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
:Reg
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{B5C7055E-7998-4180-8F2A-3D5817EC95AD}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="about:blank"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"="about:blank"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
:Commands
[emptytemp]
Windows Registy Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\CHROME.EXE\shell\open\command]
@="C:\\Users\Łukasz\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@="C:\\Users\\Łukasz\\AppData\\Local\Google\\Chrome\\Application\\chrome.exe"
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 8 gości