Skocz do zawartości

Wirus "Policja"


Rekomendowane odpowiedzi

Mój komputer zostal zaatakowany przez tzw. "Wirus Policja". Aby go usunąć skorzystałam z programu ComboFix. Wygląda na to, że wszystko skończyło sie pomyślnie. Na koniec pojawił się log wygenerowany przez ComboFix i zostałam "poproszona" o umieszczenie go na forum w celu analizy wyników skanowania i ewentualnych dalszych instrukcji. Wygenerowany log jest w załączniku. Bardzo proszę o pomoc.

ComboFix.txt

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Załączam wymagane raporty:

 

"Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 15

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````"

Extras.Txt

OTL.Txt

Odnośnik do komentarza

O ile infekcja zasadnicza usunięta, to system nie jest czysty, gdyż jest zainstalowane adware. ComboFix "lizał" ten temat pobieżnie i w mało elegancki / prawidłowy sposób (brutalne usuwanie niektórych składników). Przeprowadź następujące działania:

 

1. Przez Panel sterowania odinstaluj: Ashampoo PO Toolbar, BrowserProtect, Conduit Engine, Delta toolbar, Delta Chrome Toolbar, FoxTab FLV Player, FoxTab Music Converter, FoxTab PDF Converter, IncrediMail MediaBar 2 Toolbar, Norton Security Scan, Softonic-Polska Toolbar, SweetIM for Messenger 3.6, SweetIM Toolbar for Internet Explorer 4.2, Update for Video Converter, uTorrentBar Toolbar.

 

2. Otwórz Google Chrome i wejdź do ustawień. W Rozszerzeniach odinstaluj DealPly, Delta Toolbar. W zarządzaniu wyszukiwarkami ustaw Google jako domyślną, bo aktualnie wyszukiwarka "pusta".

 

3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
IE - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=7C6188AE1D7CC9A7
IE - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marzena\AppData\Local\Temp\catchme.sys -- (catchme)
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
"Default_Search_URL"=-
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[-HKEY_CURRENT_USER\Software\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
 
:Files
C:\Windows\System32\searchplugins
C:\Windows\System32\Extensions
C:\ProgramData\Babylon
C:\Users\Marzena\AppData\Roaming\BabSolution
C:\Users\Marzena\AppData\Roaming\Babylon
C:\Users\Marzena\AppData\Roaming\mozilla
C:\Program Files\mozilla firefox
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

 

4. Uruchom AdwCleaner i zastosuj Usuń. Na dysku C powstanie log z usuwania.

 

5. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner.

 

 

 

.

Odnośnik do komentarza

Witam,

niestety nie zdążyłam odinstalować wszystkich programów z pkt 1, gdyż odinstalowując któryś z programów: (Softonic-Polska Toolbar, SweetIM for Messenger 3.6, SweetIM Toolbar for Internet Explorer 4.2) włączył mi się ten sam wirus i znów zablokował mi komputer. 

 

Po restarcie pojawiał się biały ekran więc właczyłam tryb awaryjny z wierszem poleceń. 

 

Moje działania:

1. z innego komputera nagrałam program OTL.exe na pendrivie i z wiersza poleceń go uruchomiłam.

2. zrestartowałam komputer i nadal ten sam biały ekran.

OTL.Txt

Odnośnik do komentarza

Tym razem nabyłaś inny wariant tej infekcji...

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O4 - HKLM..\Run: [AdFNyehJMxJUC] C:\Users\Marzena\AppData\Local\build.exe (Корпорация Майкрософт)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marzena\AppData\Local\Temp\catchme.sys -- (catchme)
 
:Files
C:\dhrhyje.bat
C:\Windows\System32\searchplugins
C:\Windows\System32\Extensions
C:\ProgramData\Babylon
C:\Program Files\Mozilla Firefox
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu. Blokada powinna ustąpić. Narzędzie wygeneruje log z usuwania. Przedstaw go.

 

2. Nie przechodź dalej do czyszczenia adware, bo pojawiło się nowe uszkodzenie systemowe upostaciowane jako widoczne wpisy tego typu:

 

 

 

O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT ()

O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT.LOG1 ()

O4 - Startup: C:\Windows\System32\config\RegBack\DEFAULT.LOG2 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SAM ()

O4 - Startup: C:\Windows\System32\config\RegBack\SAM.LOG1 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SAM.LOG2 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY ()

O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY.LOG1 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SECURITY.LOG2 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE ()

O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE.LOG1 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SOFTWARE.LOG2 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM ()

O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM.LOG1 ()

O4 - Startup: C:\Windows\System32\config\RegBack\SYSTEM.LOG2 ()

O4 - Startup: C:\Windows\System32\config\systemprofile\AppData [2009-07-14 06:36:39 | 000,000,000 | --SD | M]

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2 ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{a796a750-25f8-11e0-a962-806e6f6e6963}.TM.blf ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{a796a750-25f8-11e0-a962-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\systemprofile\ntuser.dat{a796a750-25f8-11e0-a962-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.blf ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d6-57c9-11e0-b770-ab58591cee4f}.TxR.0.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d6-57c9-11e0-b770-ab58591cee4f}.TxR.1.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d6-57c9-11e0-b770-ab58591cee4f}.TxR.2.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d6-57c9-11e0-b770-ab58591cee4f}.TxR.blf ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d7-57c9-11e0-b770-ab58591cee4f}.TM.blf ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d7-57c9-11e0-b770-ab58591cee4f}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Windows\System32\config\TxR\{ecad92d7-57c9-11e0-b770-ab58591cee4f}.TMContainer00000000000000000002.regtrans-ms ()

 

 

 

To oznacza uszkodzenie ścieżek specjalnych folderów i przekłamania skanu OTL (bieżący użytkownik nie jest przeskanowany poprawnie). Potrzebny dodatkowy skan. Uruchom SystemLook i w oknie wklej:

 

:reg

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

 

Klik w Look.

 

 

.

Odnośnik do komentarza

1. log z usuwania:

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdFNyehJMxJUC deleted successfully.

C:\Users\Marzena\AppData\Local\build.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\Users\Marzena\AppData\Local\Temp\catchme.sys not found.

========== FILES ==========

File\Folder C:\dhrhyje.bat not found.

C:\Windows\System32\searchplugins folder moved successfully.

C:\Windows\System32\Extensions folder moved successfully.

C:\ProgramData\Babylon folder moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

Folder move failed. C:\Program Files\Mozilla Firefox scheduled to be moved on reboot.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Journal

-> No Temporary Internet Files cache folder defined!

 

User: RegBack

-> No Temporary Internet Files cache folder defined!

 

User: systemprofile

-> No Temporary Internet Files cache folder defined!

 

User: TxR

-> No Temporary Internet Files cache folder defined!

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 113876 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 726 bytes

RecycleBin emptied: 452036 bytes

 

Total Files Cleaned = 1,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05022013_214853

 

Files\Folders moved on Reboot...

C:\Program Files\Mozilla Firefox folder moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

2. SystemLook wygenerował plik:

SystemLook.txt

Odnośnik do komentarza

Skrypt pomyślnie wykonany. Hmmm, skan z SystemLook nie wykazuje błędów... Nie wiem o co chodzi, ale powinno być w porządku.

 

1. Wykonaj zaległe czynności. Dokończ deinstalacje. Wg ostatniego raportu został jeszcze do ubicia uTorrentBar Toolbar. Następnie zastosuj AdwCleaner (opcja Usuń).

 

2. Zrób nowe logi: OTL z opcji Skanuj (już bez Extras) oraz USBFix z opcji Listing przy podpiętym pendrive, który był ostatnio obecny, bo są tu subtelne ślady infekcji z tego urządzenia (w ostatnim logu widniał podejrzany plik C:\dhrhyje.bat). Dołącz log utworzony przez AdwCleaner.

 

 

 

.

Odnośnik do komentarza

1. Usunięte.

( Zastanawiam się czy Opera nie jest zainfekowana, bo prawie na każdej stronie wwww, którą przez nią otwieram, pojawia się "ruska reklama", którą chciałam (dwa dni temu zamknąć), a ściągnęłam na kompa wirusa).

 

2. Logi w załączniku.

 

3. Wczoraj wieczorem zgrałam sobie moje dokumenty na dysk zewnętrzny. Robiąc powyższe raporty był on podpięty do kompa.

OTL.Txt

UsbFix Listing 1 MARZENA-PC.txt

AdwCleanerR1.txt

Odnośnik do komentarza

Niewiadomym dla mnie sposobem omawiana wcześniej usterka "sama" się naprawiła i teraz skan z OTL pokazuje prawidłowy wygląd i skan kluczy konta. Wymagane poprawki na to co nie było widoczne poprzednio. A Twój pendrive jest zainfekowany, leży na nim ukryty plik:

[05/07/2009 - 11:17:52 | RSH | 107692] J:\dhrhyje.bat


1. W AdwCleaner miałaś zastosować opcję Usuń, a tu podany log to Szukaj. Tak więc: Usuń.

2. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
J:\dhrhyje.bat
J:\RECYCLER

:OTL
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found.
O4 - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000..\Run: [AdFNyehJMxJUC] C:\Users\Marzena\AppData\Local\build.exe File not found
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2874456408-1430136784-2133399366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
[2013-05-02 09:35:04 | 000,192,907 | ---- | C] () -- C:\Users\Marzena\AppData\Local\163d6437-46be-42fd-8a14-a461eb3bf84e

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=-
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

:Commands
[emptytemp]


Klik w Wykonaj skrypt. Zatwierdź restart.

3. Zrób nowy log OTL z opcji Skanuj (bez Extras).

 

Zastanawiam się czy Opera nie jest zainfekowana, bo prawie na każdej stronie wwww, którą przez nią otwieram, pojawia się "ruska reklama", którą chciałam (dwa dni temu zamknąć), a ściągnęłam na kompa wirusa

 
Tylko w Operze, w Google Chrome "ruskiej" nie widać? Jeśli tyczy to tylko Opery, to pokaż spis zainstalowanych dodatków, czyli obrazki z tych ustawień:
- Rozszerzenia: CTRL+SHIFT+E
- Wtyczki: w pasku adresów wklep opera:plugins i ENTER




.

Odnośnik do komentarza

1. Przepraszam, pomyliłam. Poprawny plik w załączniku.

 

2. Wykonanie skryptu z OTL:

 

All processes killed

========== FILES ==========

J:\dhrhyje.bat moved successfully.

J:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 folder moved successfully.

J:\RECYCLER folder moved successfully.

========== OTL ==========

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}\ not found.

Registry value HKEY_USERS\S-1-5-21-2874456408-1430136784-2133399366-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdFNyehJMxJUC deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-2874456408-1430136784-2133399366-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2874456408-1430136784-2133399366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.

C:\Users\Marzena\AppData\Local\163d6437-46be-42fd-8a14-a461eb3bf84e moved successfully.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Marzena

->Temp folder emptied: 31011801 bytes

->Temporary Internet Files folder emptied: 20209389 bytes

->Java cache emptied: 9785960 bytes

->Google Chrome cache emptied: 161198080 bytes

->Opera cache emptied: 51281555 bytes

->Flash cache emptied: 182581 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 524288 bytes

RecycleBin emptied: 313769 bytes

 

Total Files Cleaned = 262,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05032013_182434

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

Tylko w Operze, w Google Chrome "ruskiej" nie widać?

 

Tak, tylko w Operze.

 

 

 

-Rozszerzenia: "Brak zainstalowanych rozszerzeń"

 

-Wtyczki:

 

Adobe Acrobat - 9.5.4.268

Opis: Adobe PDF Plug-In For Firefox and Netscape "9.5.4"

C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllapplication/pdf Acrobat Portable Document Format pdf

application/vnd.adobe.xdp+xml Acrobat XML Data Package xdp

application/vnd.adobe.xfd+xml Adobe FormFlow99 Data File xfd

application/vnd.adobe.pdfxml Adobe PDF in XML Format pdfxml

application/vnd.adobe.x-mars Adobe PDF in XML Format mars

application/vnd.fdf Acrobat Forms Data Format fdf

application/vnd.adobe.xfdf XML Version of Acrobat Forms Data Format xfdf

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin.dllaudio/wav audio WAVE wav,bwf

audio/x-wav audio WAVE wav,bwf

video/quicktime QuickTime Movie qt,mov,mqv

application/sdp deskryptor strumienia SDP sdp

application/x-sdp deskryptor strumienia SDP sdp

application/x-rtsp deskryptor strumienia RTSP rtsp,rts

video/flc AutoDesk Animator (FLC) flc,fli,cel

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin2.dllaudio/midi MIDI midi,mid,smf,kar

audio/mid MIDI mid,midi,smf,kar

audio/x-midi MIDI mid,midi,smf,kar

audio/basic audio uLaw/AU au,snd,ulw

audio/x-aiff audio AIFF aiff,aif,aifc,cdda

audio/aiff audio AIFF aiff,aif,aifc,cdda

audio/vnd.qcelp QUALCOMM PureVoice audio qcp

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin3.dllvideo/mpeg mpeg,mpg,mpe,m2v,m1v,mpa,m1s,m1a,m75,m15,mp2,mpm,mpv

audio/mpeg mp3,mp2,mpga,mpeg,mpg,m1s,m1a,mpm,mpa,m2a

audio/x-gsm audio GSM gsm

audio/AMR audio AMR AMR

audio/aac audio AAC aac,adts

audio/x-aac audio AAC aac,adts

audio/x-caf audio CAF caf

audio/ac3 audio AC3 ac3

audio/x-ac3 audio AC3 ac3

video/x-mpeg noŠnik MPEG mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin4.dllvideo/mpeg noŠnik MPEG mpeg,mpg,mpe,m2v,m1v,mpa,m1s,m1a,m75,m15,mp2,mpm,mpv

audio/mpeg audio MPEG mp3,mp2,mpga,mpeg,mpg,m1s,m1a,mpm,mpa,m2a

video/3gpp media 3GPP 3gp,3gpp

video/x-mpeg mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa

audio/x-mpeg audio MPEG mpeg,mpg,m1s,m1a,mp2,mpm,mpa,m2a

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin5.dllvideo/mp4 noŠnik MPEG-4 mp4,mpg4

video/3gpp 3gp,3gpp

audio/3gpp media 3GPP 3gp,3gpp

video/3gpp2 media 3GPP2 3g2,3gp2

audio/3gpp2 media 3GPP2 3g2,3gp2

video/sd-video wideo SD sdv

application/x-mpeg noŠnik AMC amc

audio/mp4 noŠnik MPEG-4 mp4

audio/x-m4a audio AAC m4a

audio/x-m4p audio AAC (zabezpieczony) m4p

audio/x-m4b ksiłřka audio AAC m4b

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin6.dllimage/x-pict obrazek PICT pict,pic,pct

video/x-m4v Wideo (zabezpieczone) m4v

image/x-macpaint obrazek MacPaint pntg,pnt,mac

image/pict obrazek PICT pict,pic,pct

image/x-quicktime obrazek QuickTime qtif,qti

image/x-sgi obrazek SGI sgi,rgb

image/x-targa obrazek TGA targa,tga

image/jp2 obrazek JPEG2000 jp2

 

Wyłącz QuickTime Plug-in 7.7.3 - 7.7.3 (1680.64)

Opis: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

C:\Program Files\QuickTime\Plugins\npqtplugin7.dllimage/jp2 jp2

image/jpeg2000 obrazek JPEG2000 jp2

image/jpeg2000-image obrazek JPEG2000 jp2

image/x-jpeg2000-image obrazek JPEG2000 jp2

 

Wyłącz Shockwave Flash - 11,7,700,169

Opis: Shockwave Flash 11.7 r700

C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dllapplication/futuresplash FutureSplash movie spl

application/x-shockwave-flash Adobe Flash movie swf,swt

 

Wyłącz Google Update - 1.3.21.145

C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

 

 

AdwCleanerS1.txt

OTL.Txt

Odnośnik do komentarza

Akcje ze skryptem pomyślnie wykonane. Ale:

1. W Google Chrome widać wyszukiwarkę adware Delta Search, którą AdwCleaner przecież usuwał... Wejdź do ustawień przeglądarki, w zarządzaniu wyszukiwarkami ustaw Google jako domyślną, po tym skasuj z listy Delta Search. I nasuwa się pytanie: czy Google Chrome ma włączoną synchronizację z serwerem? Jeśli tak, czyszczenie nie będzie skuteczne, gdyż z serwera będą ładowane śmieci do lokalnego Google Chrome.

2. W skrypcie jeden wpis nieprzetworzony. Brakującą drobnostkę dołączam poniżej w nowym skrypcie do OTL.

 

Tak, tylko w Operze.

 
Nic tu podejrzanego nie widać... W związku z tym proponuję przeinstalowanie Opery.

1. Wyeksportuj z Opery zakładki, nie rób żadnej innej kopii zapasowej.

2. Odinstaluj Operę naturalną drogą przez Panel sterowania.

3. Doczyść elementy Opery. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
C:\Program Files\Opera
C:\Users\Marzena\AppData\Local\Opera
C:\Users\Marzena\AppData\Roaming\Opera

:Reg
[-HKEY_CURRENT_USER\Software\Opera Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]


Klik w Wykonaj skrypt.

4. Zainstaluj najnowszą wersję Opery i podaj czy reklamy na dobre zniknęły.




.

Odnośnik do komentarza

1. Wykonałam skrypt i zastosowałam się do twoich wskazówek. Nadal pojawiają się "ruskie reklamy" w Operze. W Gogle Chrome same otwierają się strony z różnymi grami( zmieniałam w gogle ustawienia - blokowałam okienka, ale to nic nie dało).

Załączam OTL:

 

========== FILES ==========

C:\Program Files\Opera\program\plugins folder moved successfully.

C:\Program Files\Opera\program folder moved successfully.

C:\Program Files\Opera folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\widgets folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0007 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0006 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0005 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0004 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0003 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0002 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0001 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps\0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\vps folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\thumbnails folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\migrate folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\GNU folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\fixes folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc\pdffiles folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc\htmlfiles\p7tm folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc\htmlfiles\includes folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc\htmlfiles\images folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc\htmlfiles folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\doc folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269\cleanup folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads\Dialogic_drivers_for_VoiceGuide_v7.3_win7_2k8_269 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\temporary_downloads folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\02\1B folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\02\0E folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\02\08 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\02\05 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\02 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1F folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1E folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1D folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1C folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1B folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\1A folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\19 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\18 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\17 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\16 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\15 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\14 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\13 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\12 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\11 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\10 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0F folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0E folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0D folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0C folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0B folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\0A folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\09 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\08 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\07 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\06 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\05 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\04 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\03 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\02 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00\00 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage\00 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\pstorage folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\sesn folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_006E folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0063 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_004A folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0033 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_002E folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0028 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0027 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0024 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0023 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache\g_0011 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\opcache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\mail\indexer folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\mail folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\logs folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\jumplist_icon_cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\icons\cache\sesn folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\icons\cache\g_0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\icons\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\icons folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\custom\defaults folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\custom folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\sesn folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\revocation\g_0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\revocation folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0028 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0027 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0024 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0023 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0022 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0021 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\g_0020 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\assoc002\g_0021 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache\assoc002 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\bt_metadata folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\application_cache\mcache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera\application_cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\Opera folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cef69-d483-07bd-0842-63b6d44b7b4b\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cef69-d483-07bd-0842-63b6d44b7b4b folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cecd2-b42c-0a61-0511-204db4e42762\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cecd2-b42c-0a61-0511-204db4e42762 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cb05b-aae4-051e-0822-72e5aa2c180c\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7cb05b-aae4-051e-0822-72e5aa2c180c folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8d84-ba50-07c1-0b6c-2f7dba984add\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8d84-ba50-07c1-0b6c-2f7dba984add folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8aec-de04-0a65-067b-6c14decc7743\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8aec-de04-0a65-067b-6c14decc7743 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8855-f9a8-0d09-0699-28acf960203e\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c8855-f9a8-0d09-0699-28acf960203e folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c85be-8aaf-0fac-04ad-65438a6752ea\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets\wuid-4e7c85be-8aaf-0fac-04ad-65438a6752ea folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\widgets folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\vps\0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\vps folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\thumbnails folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\temporary_downloads folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\opcache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\mail\indexer folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\mail folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\icons\cache\g_0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\icons\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\icons folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\sesn folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\revocation\g_0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\revocation folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\g_0002 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\g_0001 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache\g_0000 folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\application_cache\mcache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera\application_cache folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera\CProgram FilesOpera folder moved successfully.

C:\Users\Marzena\AppData\Local\Opera folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\webserver folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\toolbar folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\styles\user folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\styles folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\sessions folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\02\03 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\02\02 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\02\00 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\02 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\1E folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\1D folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\1C folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\1B folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\1A folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\19 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\18 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\16 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\15 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\12 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\11 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\0F folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\0E folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\0D folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\0B folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\09 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\07 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\06 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\05 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\04 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\02 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\01 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00\00 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage\00 folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\pstorage folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera\dictionaries folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\Opera folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\CProgram FilesOpera\webserver folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\CProgram FilesOpera\styles\user folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\CProgram FilesOpera\styles folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\CProgram FilesOpera\sessions folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera\CProgram FilesOpera folder moved successfully.

C:\Users\Marzena\AppData\Roaming\Opera folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Opera Software\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

 

OTL by OldTimer - Version 3.2.69.0 log created on 05102013_174432

Odnośnik do komentarza

Picasso, czy mam operę i gogle odinstalować i zainstalować Mozillę lub IE tak jak sugerowała malutka? Czy to coś pomoże?

 

To jest omijanie problemu a nie jego rozwiązanie. I są tu następujące fakty:

- Zacznijmy od tego, że Opera została już kompletnie przeinstalowana w momencie, gdy ona to napisała. A IE nie da się zainstalować "na czysto", to zintegrowany z systemem składnik. Masz IE8 i co najwyżej to można zaktualizować do wersji IE9 lub IE10, ale to jest osobna sprawa nie związana z usterką.

- Odinstalowanie Opery nie pomaga, problem się rozszerza na Google Chrome = problem nie jest w konkretnej przeglądarce lub działa coś co ma wpływ na wszystkie.

 

 

There no disk in the drive. Please insert a disk into drive \Drive\Harddisk1\DR1

 

Spróbuj zrobić skan GMER po przeprowadzeniu tej akcji: w USB-set w karcie Cleaning Traces w bloku "Traces of previous connected removable drives" zaznacz wszystkie kwadraciki i klik w "Cleaning selected sections".

 

Z podanego tu raportu GMER nic nie wynika. Poproszę o kolejne raporty:

- Nowe logi OTL z opcji Skanuj.

- Odczyt z Kaspersky TDSSKiller. Jeśli coś wykryje, ustaw Skip i podaj log wynikowy. Jeśli nic nie wykryje, log zbędny.

 

 

 

.

Odnośnik do komentarza

Nie ma tu żadnych jawnych niepożądanych znaków, w Google Chrome nic nie widać, a danych Opery brak (OTL nie skanuje jej, ale i tak była przeinstalowana). Zaprezentuj mi dane tych reklam, obrazek jak wyglądają i gdzie są zlokalizowane na stronach, jakie adresy wywołują.

 

Dodatkowo, tak teraz patrzę i masz ustawione holenderskie IP 88.208.58.166 62.212.85.194 w wartości DhcpNameServer:

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 62.212.85.194

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE17FBB-28CF-4C32-91DF-EC752BDA1814}: DhcpNameServer = 88.208.58.166 62.212.85.194

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A55DEAE-ADCA-4026-913F-A5FAA54E3638}: DhcpNameServer = 192.168.1.1

 

To nie wygląda mi zdrowo w obliczu faktu, że na forum prezentujesz się pod IP polskiego dostawcy. O zmianie DhcpNameServer mówiłam w tym temacie przykładowo: KLIK. Czy masz dostęp do konfiguracji routera?

 

 

.

Odnośnik do komentarza

Kliknięcie obojętnie jakiego odcinka wywołuje otwarcie się na nowej karcie jakiejś Gry lub konkursu:
hxxp://serialnet.pl/serial/2-5001054/czas-honoru
 
Jeden z przykładowych okienek
hxxp://pl.balagana.net/pages/pl_PL/slot/?AFID=210003&AFCID=13927849441368594329
 
Przez ostatnie 4 dni w ogóle "ruska" reklama się nie pojawiała. Jakby wiedziała, że na nią czekam.


post-10588-0-43482200-1368798758_thumb.png
 

Czy masz dostęp do konfiguracji routera?

 
Mam dostęp do konfiguracji rutera.

Odnośnik do komentarza
  • 2 tygodnie później...

Wszystko wygląda dobrze. Wpisy DhcpNameServer teraz prezentują się następująco:

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE17FBB-28CF-4C32-91DF-EC752BDA1814}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A55DEAE-ADCA-4026-913F-A5FAA54E3638}: DhcpNameServer = 192.168.1.1

 

Nie zgłaszasz już problemu, więc kończymy temat:

 

1. Przez SHIFT+DEL dokasuj poniżej zakreślone foldery z dysku.

 

C:\Users\Marzena\AppData\Roaming\DSite

C:\Windows\erdnt

 

2. ComboFix nie został poprawnie odinstalowany. Pobierz go ponownie (KLIK) na Pulpit. Klawisz z flagą Windows + R i w polu Uruchom wklej komendę:

 

C:\Users\Marzena\Desktop\ComboFix.exe /uninstall

 

3. Następnie pozbądź się pozostałych narzędzi. Odinstaluj UsbFix i opcjonalnie USB-set (ten może zostać), w AdwCleaner uruchom Odinstaluj, w OTL uruchom Sprzątanie.

 

 

 

.

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...