Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Wirus Facebook'owy

Rozpoczęty przez szynek258 , 24 01 2013 14:23

Temat jest zamknięty

13 odpowiedzi w tym temacie

#1 szynek258

Obserwator

7 postów

Napisano 24 01 2013 - 14:23

Dodałem 2 załączniki.
Bardzo proszę o sprawdzenie tych logów. Jeżeli jest coś nie tak to proszę wytłumaczyć jak rozwiązać ten problem, ponieważ po raz pierwszy spotykam się z takim czymś i nie za bardzo jestem jeszcze w tym ogarnięty, więc proszę nie rzucać mnie zaraz na głęboką wodę i wytłumaczyć co i jak

[uwaga=pawel315]
Temat przenoszę do dobrego działu
[/uwaga]

Załączone pliki

Extras.Txt 133,23 KB 304 Ilość pobrań
OTL.Txt 220,21 KB 354 Ilość pobrań

Użytkownik pawel315 edytował ten post 24 01 2013 - 19:39

0

Do góry

#2 pawel315

Uzależniony od forum

1 553 postów

Napisano 24 01 2013 - 19:51

Witaj.
Odinstaluj:

BabylonObjectInstaller
Ask Toolbar
Babylon toolbar on IE
Alawar Ask Toolbar Updater
Funmoods Web Search
Sweet IM

Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej:

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEyB0EyDyB0DyE0A0DyC0DzztAtN0D0TzutBtDtCtBtDyCtDyB&cr=1169311081
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRman000&ptnrS=GRman000&ptb=v2MIopxFSNxYPSGlATAFbA&ind=2012022007&n=77ed04f7&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEyB0EyDyB0DyE0A0DyC0DzztAtN0D0TzutBtDtCtBtDyCtDyB&cr=1169311081
IE - HKLM\..\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A7B41634-6EE4-11E1-9250-00247E57D4AD}
 IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/ins/ins_1331846689_644141
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110819&tt=060612_6_&babsrc=HP_ss&mntrId=29176d830000000000000022fa4d261a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/ins/ins_1331846689_644141
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1955&gct=hp
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&affID=115131&tt=3912_2&babsrc=SP_iclro&mntrId=29176d830000000000000022fa4d261a
IE - HKCU\..\SearchScopes\{0F80DD49-1C52-4ABD-BD7A-25C16B467ECC}: "URL" = http://isearch.WhiteSmoke.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AWR&o=1955&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A17&apn_dtid=^YYYYYY^YY^PL&apn_uid=baae31be-a9f3-49ce-99a3-ac071d806e7e&apn_sauid=3C1D047E-61C3-4D85-8F6E-72CDA16FE887
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRman000&ptnrS=GRman000&ptb=v2MIopxFSNxYPSGlATAFbA&ind=2012022007&n=77ed04f7&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2832599
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEyB0EyDyB0DyE0A0DyC0DzztAtN0D0TzutBtDtCtBtDyCtDyB&cr=1169311081
IE - HKCU\..\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&barid={A7B41634-6EE4-11E1-9250-00247E57D4AD}&q={searchTerms}&barid={A7B41634-6EE4-11E1-9250-00247E57D4AD}
FF - prefs.js..backup.old.browser.search.selectedEngine: "iSearch"
FF - prefs.js..browser.startup.homepage: "http://isearch.babylon.com/?affID=115131&tt=3912_2&babsrc=HP_iclro&mntrId=29176d830000000000000022fa4d261a"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=1955&gct=hp"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@whitesmoke.com:1.1.8
FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.3
FF - prefs.js..extensions.enabledAddons: uprotectit@reputation.com:0.17.3
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRman000&ptnrS=GRman000&ptb=v2MIopxFSNxYPSGlATAFbA&ind=2012022007&n=77ed04f7&psa=&st=kwd&searchfor="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "My Web Search"
 CHR - homepage: http://search.babylon.com/?affID=112555&tt=2912_8&babsrc=HP_ss&mntrId=29176d830000000000000022fa4d261a
CHR - homepage: http://search.babylon.com/?affID=112555&tt=2912_8&babsrc=HP_ss&mntrId=29176d830000000000000022fa4d261a
O4:[b]64bit:[/b] - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe (MyWebSearch.com)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [MSConfig] C:\Users\Vista\sacu.exe ()
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe (MyWebSearch.com)

:Files
C:\Users\Vista\sacu.exe
C:\Users\Vista\AppData\Local\Temp*.html

:Commands
[emptytemp]

Kliknij Wykonaj skrypt daj log z usuwania.
Następnie:

Podłącz wszystkie pendrivy jakie masz i użyj USB Fix z opcją "Deletion" ( jesli masz folder muza muzyka itp. to zmień nazwę bo się nimi zajmie USBFix ) -> /USBFix-t42061/
Użyj AdwCleaner ( opcja "Delete" ) -> /Usuwanie-Adware-Babylon-SweetIM-itp-czyli-program-AdwCleaner-t51855/
Wrzuć nowe logi z OTL'a

0

Do góry

#3 szynek258

Obserwator

7 postów

Napisano 24 01 2013 - 21:58

To co na liście do odinstalowania, odinstalowałem, lecz przy wykonywaniu skryptu wyskakuje taka oto informacja:
http://img688.imageshack.us/img688/7012/oltprzestadziaac.png

0

Do góry

#4 Qauke

Expert

5 156 postów

Napisano 24 01 2013 - 22:01

Po włączeniu programu kliknąłeś "uruchom jako administrator"?

1

Do góry

#5 pawel315

Uzależniony od forum

1 553 postów

Napisano 24 01 2013 - 22:07

lub w trybie awaryjnym spróbuj go wykonać

1

Do góry

#6 szynek258

Obserwator

7 postów

Napisano 24 01 2013 - 22:22

Kolega wżej miał rację, wystarczyło uruchomic jako administrator.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F80DD49-1C52-4ABD-BD7A-25C16B467ECC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F80DD49-1C52-4ABD-BD7A-25C16B467ECC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "iSearch" removed from backup.old.browser.search.selectedEngine
Prefs.js: "[url="http://isearch.babylon.com/?affID=115131&tt=3912_2&babsrc=HP_iclro&mntrId=29176d830000000000000022fa4d261a"]http://isearch.babyl...000022fa4d261a"[/url] removed from browser.startup.homepage
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "[url="http://www.ask.com/?l=dis&o=1955&gct=hp"]http://www.ask.com/?...&o=1955&gct=hp"[/url] removed from browser.startup.homepage
Prefs.js: ffxtlbr@whitesmoke.com:1.1.8 removed from extensions.enabledAddons
Prefs.js: m3ffxtbr@mywebsearch.com:1.3 removed from extensions.enabledAddons
Prefs.js: uprotectit@reputation.com:0.17.3 removed from extensions.enabledAddons
Prefs.js: foxyproxy@eric.h.jung:3.6.2 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@funmoods.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@babylon.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: "[url="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRman000&ptnrS=GRman000&ptb=v2MIopxFSNxYPSGlATAFbA&ind=2012022007&n=77ed04f7&psa=&st=kwd&searchfor="]http://search.mywebs...kwd&searchfor="[/url] removed from keyword.URL
Prefs.js: "My Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
File C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator not found.
File C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
C:\Users\Vista\sacu.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe not found.
========== FILES ==========
File\Folder C:\Users\Vista\sacu.exe not found.
File\Folder C:\Users\Vista\AppData\Local\Temp*.html not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vista
->Temp folder emptied: 839302 bytes
->Temporary Internet Files folder emptied: 1769606 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 2033029 bytes
->Opera cache emptied: 2881278 bytes
->Flash cache emptied: 58509 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 223145202 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6884849879 bytes

Total Files Cleaned = 6 786,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01242013_210522

Files\Folders moved on Reboot...
File\Folder C:\Users\Vista\AppData\Local\Temp\ehmsas.txt not found!
C:\Users\Vista\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPFZQA7G\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CETT8Z4Q\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GNT2CN1\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WZHHX6R\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Użytkownik pawel315 edytował ten post 24 01 2013 - 22:25

0

Do góry

#7 pawel315

Uzależniony od forum

1 553 postów

Napisano 24 01 2013 - 22:26

Wykonałeś kroki o których wyżej mówiłem, jak tak to nowe logi z OTL'a wrzuć.

1

Do góry

#8 szynek258

Obserwator

7 postów

Napisano 24 01 2013 - 23:40

ok, to tutaj jest, ale tym razem samo OLT.txt.

Załączone pliki

OTL.Txt 115,93 KB 280 Ilość pobrań

0

Do góry

#9 pawel315

Uzależniony od forum

1 553 postów

Napisano 24 01 2013 - 23:50

ten sacu.exe nadal siedzi trzeba go inaczej wywalić
pobierz the aveger ->http://swandog46.geekstogo.com/avenger2/avenger.zip
do okienka wklej:

Files to delete:
C:\Users\Vista\sacu.exe

kliknij "Execute" i podaj raport z avenger'a

2

Do góry

#10 szynek258

Obserwator

7 postów

Napisano 25 01 2013 - 00:13

Zrobiłem tak i system samoczynnie się wyłączył.
Po włączeniu na pulpicie pojawiła się taka informacja... Nie wiem czy to dotyczy tego, ale takie coś mi wywaliło.

http://img14.imageshack.us/img14/4634/nieznalezionopunktuwyjc.png

0

Do góry

#11 pawel315

Uzależniony od forum

1 553 postów

Napisano 25 01 2013 - 00:20

dobra jeszcze inaczej:
Wejdź w tryb awaryjny ( koniecznie ) i:
Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej:

:Files
C:\Users\Vista\sacu.exe

:Commands
[emptytemp]

Kliknij Wykonaj skrypt daj log z usuwania.

Użytkownik pawel315 edytował ten post 25 01 2013 - 00:21

3

Do góry

#12 szynek258

Obserwator

7 postów

Napisano 25 01 2013 - 19:48

Ok. wykonałem skrypt w Trybie awaryjnym, lecz Log z usówania jest zrobiony w normalnym trybie.

All processes killed
========== FILES ==========
C:\Users\Vista\sacu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vista
->Temp folder emptied: 2857498 bytes
->Temporary Internet Files folder emptied: 2001048 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 45847998 bytes
->Opera cache emptied: 3332704 bytes
->Flash cache emptied: 886 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 672065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 55089941 bytes

Total Files Cleaned = 105,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01252013_175427

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPFZQA7G\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CETT8Z4Q\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GNT2CN1\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WZHHX6R\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Załączone pliki

OTL.Txt 129,02 KB 277 Ilość pobrań
Extras.Txt 132,54 KB 269 Ilość pobrań

Użytkownik pawel315 edytował ten post 26 01 2013 - 18:37

0

Do góry

#13 pawel315

Uzależniony od forum

1 553 postów

Napisano 25 01 2013 - 20:44

Dobra kończymy
Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej:

:Services
cincqwjj

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzutDtDtByEyB0EyDyB0DyE0A0DyC0DzztAtN0D0TzutBtDtCtBtDyCtDyB&cr=1169311081
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{BFCF78C3-B9D0-4248-ADE5-748009EC0DD5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2832599
O4 - HKCU..\Run: [MSConfig] "C:\Users\Vista\sacu.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[reboot]

Kliknij Wykonaj skrypt
Następnie: