UKASH

[Staszek]

Ten sam problem, co w większości postach - ukash.

Proszę o pomoc w dalszym postępowaniu...

ComboFix.txt

OTL.Txt

Extras.Txt

[picasso]

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games PL Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843462&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {5c81f57f-3cf7-4785-b4ef-11ace31aec4f}:3.3.3.2
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [sMBHelper] C:\Documents and Settings\AGULA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4281\SMBHelper.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab" (Reg Error: Key error.)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDCndis5.SYS -- (ZDCndis5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AGULA\USTAWI~1\Temp\catchme.sys -- (catchme)
 
:Files
C:\Documents and Settings\AGULA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4281
C:\Documents and Settings\AGULA\Dane aplikacji\hellomoto
C:\Documents and Settings\AGULA\Dane aplikacji\Mozilla\Firefox\Profiles\bg84do62.default\searchplugins\conduit.xml
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
 
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania.

 

2. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 1.

 

 

 

.

[Staszek]

Serdecznie dziękuję za pomoc

 

A to raport:

nie chciał się dodać w załączniku, więc dodaje tekst.

All processes killed

========== OTL ==========

Prefs.js: "Bigpoint Games PL Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843462&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems

Prefs.js: {5c81f57f-3cf7-4785-b4ef-11ace31aec4f}:3.3.3.2 removed from extensions.enabledItems

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMBHelper deleted successfully.

C:\Documents and Settings\AGULA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4281\SMBHelper.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Service ZDPSp50 stopped successfully!

Service ZDPSp50 deleted successfully!

File System32\Drivers\ZDPSp50.sys not found.

Service ZDCndis5 stopped successfully!

Service ZDCndis5 deleted successfully!

File C:\WINDOWS\system32\ZDCndis5.SYS not found.

Service vsdatant stopped successfully!

Service vsdatant deleted successfully!

File C:\WINDOWS\system32\vsdatant.sys not found.

Service upperdev stopped successfully!

Service upperdev deleted successfully!

File system32\DRIVERS\usbser_lowerflt.sys not found.

Service PCANDIS5 stopped successfully!

Service PCANDIS5 deleted successfully!

File C:\WINDOWS\system32\PCANDIS5.SYS not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\DOCUME~1\AGULA\USTAWI~1\Temp\catchme.sys not found.

========== FILES ==========

C:\Documents and Settings\AGULA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4281 folder moved successfully.

C:\Documents and Settings\AGULA\Dane aplikacji\hellomoto folder moved successfully.

C:\Documents and Settings\AGULA\Dane aplikacji\Mozilla\Firefox\Profiles\bg84do62.default\searchplugins\conduit.xml moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: AGULA

->Temp folder emptied: 359505 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 390903 bytes

->FireFox cache emptied: 75046214 bytes

->Flash cache emptied: 658 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 43350 bytes

RecycleBin emptied: 206440 bytes

 

Total Files Cleaned = 73,00 mb

 

 

OTL by OldTimer - Version 3.2.54.1 log created on 07252012_194033

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[picasso]

A gdzie główny log:

 

2. Zrób nowy log OTL z opcji Skanuj (już bez Extras).

Edytowane 26 Sierpnia 2012 przez picasso
27.08.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso