Trojan, explorer.exe samoistnie się wyłącza

Armon · 2 Lipiec 2012 15:19

Witam,

Mam zainfekowany komputer, antywirus krzyczy, że jest jakiś trojan.

Wchodząc do panelu sterowania, a właściwie korzystając z jakiegokolwiek elementu, który wywołuje explorer.exe np. “mój komputer”, natychmiast zamyka się explorer.exe, po czym po chwili się uruchamia.

Logi OTL:

http://wklej.org/id/783068/

http://wklej.org/id/783070/

Bardzo proszę o pomoc.

Pozdrawiam

Acorus · 2 Lipiec 2012 16:08

Odinstaluj SweetPacks Toolbar for Internet Explorer 4.4,Softonic Toolbar,Babylon toolbar on IE,BrotherSoft Extreme Toolbar,DAEMON Tools Toolbar,DealPly,Dll-Files.com Fixer,Facemoods Toolbar,Norton Security Scan,Windows iLivid Toolbar,SearchYa Toolbar on IE and Chrome,Share Accelerator MM Toolbar,Softonic-Eng7 Toolbar,V9 HomeTool.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] – G:\INSTALL\GMSIPCI.SYS – (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] – D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys – (EraserUtilDrvI13) DRV - File not found [Kernel | On_Demand | Stopped] – D:\WINDOWS\system32\drivers\EagleNT.sys – (EagleNT) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337579266_909359 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1337579266_909359 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchya.com/?chnl=ft-100&s=1&cr … DtBtDzy&q= IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1573A79E-9B31-11E0-BE97-000E2ED1C6EF} IE - HKU\S-1-5-21-220523388-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337579266_909359 IE - HKU\S-1-5-21-220523388-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MON1205T22/t … rce=10&cc= IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - D:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {4596013b-6c31-408b-a266-deae5c086dc2} - D:\Program Files\Share_Accelerator_MM\tbShar.dll (Conduit Ltd.) IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - D:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.) IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - No CLSID value found IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4 IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=IP&apn_dtid=YYYYYYYYPL&apn_uid=45353059-50E4-4161-A1D5-A4E782C01652&apn_sauid=91BB94B1-9F0B-4B17-BF3C-0B31D309561C IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: “URL” = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=0c530802000000000000000e2ed1c6ef&tlver=1.4.19.19&affID=17160 IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{5B291E6C-9A74-4034-971B-A4B007A0B315}: “URL” = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420}: “URL” = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q={searchTerms}&crm=1&toolbar=FXT IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1573A79E-9B31-11E0-BE97-000E2ED1C6EF} IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: “URL” = http://searchya.com/?chnl=ft-100&s=1&cr … DtBtDzy&q={searchTerms} FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Facemoods Search” FF - prefs.js…browser.search.defaultthis.engineName: “BrotherSoft Extreme Customized Web Search” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…browser.search.selectedEngine: “BrotherSoft Extreme Customized Web Search” FF - prefs.js…extensions.enabledItems: toolbar@ask.com:3.12.2.100006 FF - prefs.js…extensions.enabledItems: ffxtlbr@babylon.com:1.1.8 FF - prefs.js…keyword.URL: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=STC&o=15570&locale=en_US&apn_uid=45353059-50E4-4161-A1D5-A4E782C01652&apn_ptnrs=IP&apn_sauid=91BB94B1-9F0B-4B17-BF3C-0B31D309561C&apn_dtid=YYYYYYYYPL&&q=” FF - prefs.js…sweetim.toolbar.previous.browser.search.selectedEngine: “BrotherSoft Extreme Customized Web Search” FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=STC&o=15570&locale=en_US&apn_uid=45353059-50E4-4161-A1D5-A4E782C01652&apn_ptnrs=IP&apn_sauid=91BB94B1-9F0B-4B17-BF3C-0B31D309561C&apn_dtid=YYYYYYYYPL&q=” [2010-08-10 17:44:45 | 000,000,000 | —D | M] (Winamp Toolbar) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012-05-31 17:37:54 | 000,000,000 | —D | M] (ST-Eng7 Community Toolbar) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} [2012-06-06 14:02:47 | 000,000,000 | —D | M] (BrotherSoft Extreme Community Toolbar) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012-05-31 17:38:16 | 000,000,000 | —D | M] (gry Community Toolbar) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{8532a8b7-c06a-41bb-936a-8ce73e4711ed} [2011-10-14 09:17:59 | 000,000,000 | —D | M] (Searchqu Toolbar) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{99079a25-328f-4bd4-be04-00955acaa0a7} [2011-07-20 15:44:33 | 000,000,000 | —D | M] (DealPly) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-06-05 13:17:27 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\DTToolbar@toolbarnet.com [2012-06-06 14:02:45 | 000,000,000 | —D | M] (Babylon) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\ffxtlbr@babylon.com [2011-08-25 07:31:23 | 000,000,000 | —D | M] (Facemoods) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\ffxtlbr@Facemoods.com [2012-02-10 11:48:00 | 000,000,000 | —D | M] (searchya.com) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\ffxtlbr@searchya.com [2012-06-11 15:36:18 | 000,000,000 | —D | M] (Yontoo) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\plugin@yontoo.com [2012-06-24 11:11:52 | 000,000,000 | —D | M] (“Softonic Toolbar”) – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\extensions\toolbar@ask.com [2010-08-27 12:46:19 | 000,001,761 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\ask.uk.xml [2012-07-02 16:44:52 | 000,002,572 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\askcom.xml [2011-12-20 14:06:08 | 000,000,941 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\conduit.xml [2011-11-09 16:42:34 | 000,002,395 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\daemon-search.xml [2011-10-14 09:17:48 | 000,002,520 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\SearchResults.xml [2012-02-09 11:58:32 | 000,001,497 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\searchya.xml [2012-05-22 13:53:30 | 000,002,062 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\softonic.xml [2012-03-01 17:03:58 | 000,004,147 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\SweetIM Search.xml [2012-02-24 11:02:34 | 000,003,915 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\sweetim.xml [2011-05-28 21:01:48 | 000,001,196 | ---- | M] () – D:\Documents and Settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\jqo6wrhi.default\searchplugins\winamp-search.xml O3 - HKLM…\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - D:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (Share Accelerator MM Toolbar) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - D:\Program Files\Share_Accelerator_MM\tbShar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - D:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (Little Fighter 2 Toolbar) - {C11483F7-D7D8-4804-98D8-6055470BB989} - D:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll () O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - D:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (Share Accelerator MM Toolbar) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - D:\Program Files\Share_Accelerator_MM\tbShar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - D:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (Little Fighter 2 Toolbar) - {C11483F7-D7D8-4804-98D8-6055470BB989} - D:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll () O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [ApnUpdater] D:\Program Files\Ask.com\Updater\Updater.exe (Ask) [2012-07-02 17:06:00 | 000,000,234 | ---- | M] () – D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-08-27 10:35:02 | 000,558,775 | ---- | C] () – D:\Documents and Settings\Rafał\nfh2.exe [2010-08-16 17:36:06 | 000,050,981 | ---- | C] () – D:\WINDOWS\System32\slrmjbpcflnqai.exe [2012-06-30 18:02:37 | 000,000,260 | ---- | M] () – D:\WINDOWS\Tasks\DLL-files.com Fixer_MONTHLY.job [2012-06-27 18:01:51 | 000,000,280 | ---- | M] () – D:\WINDOWS\Tasks\DLL-files.com Fixer_UPDATES.job :Commands [emptytemp]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete

Nowy log pokaż po użyciu AdwCleanera

Armon · 2 Lipiec 2012 16:43

Tylko jak usunąć te programy, kiedy próbując wejść do panelu sterowania, aby wybrać opcję dodaj usuń / programy, resetuje się explorer.exe?

Acorus · 2 Lipiec 2012 17:00

Zostaw to i wykonaj resztę.

Armon · 4 Lipiec 2012 15:39

Raport z usuwania:

http://wklej.org/id/784257/

Log z Awdcleaner:

http://wklej.org/id/784264/

Nowy log OTL:

http://wklej.org/id/784274/

http://wklej.org/id/784275/

Po wejściu do dodaj /usuń programy otrzymuje komunikat:

“rundll32.exe nie jest prawidłową aplikacją Windows.”

Dzięki, pozdrawiam

system · 4 Lipiec 2012 16:09

Co robi ten wpis w pliku HOSTS?

Acorus · 4 Lipiec 2012 16:10

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL IE - HKU\S-1-5-21-220523388-115176313-725345543-1003…\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: “URL” = http://searchya.com/?chnl=ft-100&s=1&cr … DtBtDzy&q={searchTerms} FF - prefs.js…browser.search.defaultenginename: “SweetIM Search” FF - prefs.js…browser.search.selectedEngine: “SweetIM Search” FF - prefs.js…browser.startup.homepage: “http://home.sweetim.com/?crg=3.1010000&st=10&barid={1573A79E-9B31-11E0-BE97-000E2ED1C6EF}” FF - prefs.js…keyword.URL: “http://search.sweetim.com/search.asp?src=2&q=” FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “” O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O2 - BHO: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - No CLSID value found. O2 - BHO: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O2 - BHO: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll File not found O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found. O3 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Toolbar\ShellBrowser: (no name) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - No CLSID value found. O4 - HKU\S-1-5-21-220523388-115176313-725345543-1003…\Run: [RDReminder] D:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (Dll-FIles.com) O20 - AppInit_DLLs: (D:\PROGRA~1\SEARCH~2\SEARCH~1\datamngr.dll) - D:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (D:\PROGRA~1\SEARCH~2\SEARCH~1\IEBHO.dll) - D:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found [2011-12-21 08:32:16 | 000,460,624 | ---- | C] () – D:\Documents and Settings\Rafał\Ustawienia lokalne\Dane aplikacji\promo.exe :Commands [emptytemp]

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.W AdwCleaner użyj opcji Uninstall.

Wyłącz i włącz przywracanie systemu.

http://www.searchengines.pl/Czyszczenie … 41981.html

Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”

Zainstaluj aktualizacje do programow wskazanych przez Security Check

analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.