OK oto logi:
OTL:
All processes killed
========== OTL ==========
Prefs.js: "express-files Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=3&q={searchTerms}&CUI=UN22587297638348126" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN22587297638348126&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1839905913-4017420215-2816154557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1839905913-4017420215-2816154557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1839905913-4017420215-2816154557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1839905913-4017420215-2816154557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1839905913-4017420215-2816154557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
C:\Windows\Downloaded Program Files\CabSA.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
File PTYTEMP]not found.
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_134159
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
AdwCleaner:
# AdwCleaner v2.300 - Log utworzony 30/04/2013 o 13:48:18
# Aktualizacja 28/04/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : Łukasz - ŁUKASZ-KOMPUTER
# Tryb uruchomienia : Tryb awaryjny
# Ścieżka : C:\Users\Łukasz\Downloads\AdwCleaner.exe
# Opcja [Usuń]
***** [Usługi]*****
***** [Pliki / Foldery]*****
Folder Usunięto : C:\Program Files (x86)\Conduit
Folder Usunięto : C:\Users\Łukasz\AppData\Local\Conduit
Folder Usunięto : C:\Users\Łukasz\AppData\Local\TempDir
Folder Usunięto : C:\Users\Łukasz\AppData\LocalLow\Conduit
Folder Usunięto : C:\Users\Łukasz\AppData\LocalLow\PriceGong
Plik Usunięto : C:\END
***** [Rejestr]*****
Klucz Usunięto : HKCU\Software\AppDataLow\Software\Conduit
Klucz Usunięto : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klucz Usunięto : HKCU\Software\AppDataLow\Software\PriceGong
Klucz Usunięto : HKCU\Software\AppDataLow\Software\SmartBar
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKCU\Software\StartSearch
Klucz Usunięto : HKLM\Software\Conduit
Klucz Usunięto : HKLM\Software\ExpressFiles
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Przeglądarki Internetowe]*****
-\\ Internet Explorer v10.0.9200.16537
[OK]Rejestr w porządku.
-\\ Mozilla Firefox v20.0.1 (pl)
Plik : C:\Users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\w1g30lhz.default\prefs.js
C:\Users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\w1g30lhz.default\user.js ... Usunięto !
Usunięto : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Usunięto : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=1[...]
Usunięto : user_pref("Smartbar.ConduitSearchEngineList", "express-files Customized Web Search");
Usunięto : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921[...]
Usunięto : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Usunięto : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
Usunięto : user_pref("ct3176921.UserID", "UN22587297638348126");
Usunięto : user_pref("extensions.browserprotect.searchProviderExceptions", "hxxp://en.wikipedia.org/wiki/Specia[...]
Usunięto : user_pref("extensions.browserprotect.urlBarEngine", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=[...]
Usunięto : user_pref("extensions.fasterfox.addit.remoteInstallItems", "{ \"software\": {\"94\": {\"id\": \"94\"[...]
Usunięto : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Usunięto : user_pref("extentions.y2layers.installId", "0617834b-26de-4935-a25e-9a34f8fbe721");
Usunięto : user_pref("smartbar.machineId", "4RYAWOTF+52MAHUE8UVN8SOTTUWPRF0A4ZNFZ4T/97FLR0LDHYSYQ5ST0NGNXRPBBZ6[...]
*************************
AdwCleaner[R1] .txt - [3112 octets]- [30/04/2013 13:48:08]
AdwCleaner[S1] .txt - [3085 octets]- [30/04/2013 13:48:18]
########## EOF - C:\AdwCleaner[S1] .txt - [3145 octets]##########
Dodano: 30 kwie 2013, 13:52
Java też już zaktualizowana
I jak zostały jakieś infekcje ?
Dodano: 30 kwie 2013, 14:02
hmm... TDSkiller już uruchamia się normalnie...
Ale GMER sypie błędami o co chodzi ;/ Pisze, że nie może uzyskać dostępu do pliu, bo ten jest używany przez inny proces...