Ukash na Windows XP

[horrida]

Komputer kolegi. Niemozliwa praca w trybie awaryjnym - komputer odrazu się zamyka. Udało się uruchomić w trybie normalnym uruchamiając zaraz załadowaniu pulpitu Menadżera zadań i przypadkowe wyłączenie jakiegoś procesu - ukash cudem nie wystartował.

Próba wykonania skanu FRST skończyła się 3-krotnie niepowodzeniem:

Line 17539 (File "G:\FRST.exe")
Error: Error in Expresion

Raporty z OTL w załączniku.
 

OTL.Txt

Extras.Txt

[picasso]

FRST ma prawdopodobnie jakiś błąd, który uniemożliwia zrobienie skanu. Nie ma do tego obejścia, więc muszę bazować tylko na raportach OTL. Nie został podany obowioązkowy log z GMER.

 

System w stanie tragicznym, jest znacznie bardziej zainfekowany niż jest to tu zgłaszane (kilka infekcji oraz ogłuszająca ilość adware). Przeprowadź następujące działania:

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters]
"ServiceDll"=hex(2):"%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
""="@SYS:DoesNotExist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableLUA"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
"Default_Page_URL"=-
"Search Bar"=-
"Search Page"=-
"Search Page Before"=-
"Start Page"="about:blank"
"Start Page Before"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
 
:OTL
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013-03-01 14:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012-12-07 10:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013-03-01 14:17:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013-02-12 14:42:53 | 000,000,000 | ---D | M]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=421&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8202535018314925&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/08&hid=250844824&lg=EN&cc=PL
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^pl&si=pconverter&ptb=FF749F3F-0EC6-44EC-9A42-CAAA943598BE&ind=2013012603&n=77fc227b&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&barid={2665030B-0EE3-4680-A640-8C79A12E7567}&q={searchTerms}&barid={2665030B-0EE3-4680-A640-8C79A12E7567}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120324191152265&tb_oid=24-03-2012&tb_mrud=24-03-2012
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=0c7bcab400000000000090e6ba54a4e1
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GX&apn_dtid=YYYYYYBEPL&apn_uid=71E45B68-5B34-42BA-A73B-B38F74C12BCF&apn_sauid=DF358558-D992-48B6-B88D-996428A63A3F
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}: "URL" = http://find.localstrike.net/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{6D64A226-CBAB-46A5-9B88-93D6784CCE10}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=421&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8202535018314925&q={searchTerms}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/08&hid=250844824&lg=EN&cc=PL
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^pl&si=pconverter&ptb=FF749F3F-0EC6-44EC-9A42-CAAA943598BE&ind=2013012603&n=77fc227b&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb203?a=6Oz8WpzCvX&search={searchTerms}&i=26
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&barid={2665030B-0EE3-4680-A640-8C79A12E7567}&q={searchTerms}&barid={2665030B-0EE3-4680-A640-8C79A12E7567}
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120324191152265&tb_oid=24-03-2012&tb_mrud=24-03-2012
IE - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\SearchScopes\{F46E7FAF-DCCA-4F29-90F4-A8C9F58569AF}: "URL" = http://www.mysearchresults.com/search?&c=3507&t=07&q={searchTerms}
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (SearchAmong Toolbar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll ()
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O2 - BHO: (BrotherSoft Extreme3 Toolbar) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files\BrotherSoft_Extreme3\prxtbBro0.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Tomek\Dane aplikacji\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (ST-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (holasearch Helper Object) - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (SearchAmong Toolbar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme3 Toolbar) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - C:\Program Files\BrotherSoft_Extreme3\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Holasearch Toolbar) - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
O3 - HKLM\..\Toolbar: (ST-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\ShellBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (SearchAmong Toolbar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll ()
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (BrotherSoft Extreme3 Toolbar) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - C:\Program Files\BrotherSoft_Extreme3\prxtbBro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (ST-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\prxtbSof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-527237240-1708537768-839522115-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [l33t] C:\WINDOWS\system\iexplore.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [tuto4pc_pl_6] C:\Program Files\tuto4pc_pl_6\tuto4pc_pl_6.exe ()
O4 - HKLM..\Run: [Tutorials] C:\Program Files\TUTO4PC\tuto4pc_pl_1.exe ()
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [_svhost] C:\WINDOWS\logon.vbs ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [api32] C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\apiqq.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [cdoosoft] C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\herss.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [dso32] C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\dsoqq.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [King_ar] C:\WINDOWS\system32\arking.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [Kookos] C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Kookos\kookos.exe silent File not found
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [nod32] C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\nodqq.exe ()
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [Ovmyvav] C:\Documents and Settings\Tomek\Dane aplikacji\Vepai\yxhi.exe (Корпорация Майкрософт)
O4 - HKU\S-1-5-21-527237240-1708537768-839522115-1003..\Run: [wsctf.exe] wsctf.exe File not found
O8 - Extra context menu item: &Search - http://tbedits.videodownloadconverter.com/one-toolbaredits/menusearch.jhtml?s=205320000&p2=^HJ^xdm073^YY^pl&si=pconverter&a=FF749F3F-0EC6-44EC-9A42-CAAA943598BE&n=2013012603&cv=2 File not found
O8 - Extra context menu item: &SearchAmong - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\daneap~1\browse~3\261095~1.52\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
SRV - [2008-04-14 23:50:36 | 000,168,371 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\vlqszdq.dll -- (xfzpbtjox)
SRV - [2013-06-30 11:39:29 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\adblock.exe -- (BannerBlocker2)
SRV - [2013-04-07 10:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013-01-29 15:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013-01-25 19:46:30 | 003,057,512 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_6\supt4pc_pl_6.exe -- (supt4pc_pl_6)
SRV - [2013-01-16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012-12-07 10:35:53 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2012-11-05 12:57:12 | 003,055,976 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_1\supt4pc_pl_1.exe -- (supt4pc_pl_1)
SRV - [2012-10-26 19:20:58 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Tomek\Dane aplikacji\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
DRV - [2013-09-22 17:20:00 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\08.tmp -- (xqrji)
DRV - [2013-09-22 16:46:28 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\07.tmp -- (ngtggfsh)
DRV - [2013-09-22 16:31:18 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\06.tmp -- (nxbooqoi)
DRV - [2013-09-22 16:00:57 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\05.tmp -- (nbgaqjkz)
DRV - [2013-09-18 22:09:33 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\0545.tmp -- (mqbbq)
DRV - [2013-08-27 14:43:23 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\04.tmp -- (xualqaqf)
DRV - [2013-08-22 12:16:49 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\04E6.tmp -- (ywnymydes)
DRV - [2013-08-18 10:01:33 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\0528.tmp -- (ixwwu)
DRV - [2013-08-11 12:55:19 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\0327.tmp -- (icacc)
DRV - [2013-06-17 19:57:30 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\03A6.tmp -- (fxaebi)
DRV - [2013-05-14 15:16:47 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\03A7.tmp -- (hycsnpm)
DRV - [2013-04-29 08:27:25 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\03.tmp -- (vraomwr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
NetSvcs: xfzpbtjox - File not found
 
:Files
autorun.inf /alldrives
w9.exe /alldrives
C:\WINDOWS\svhost.exe
C:\WINDOWS\System32\EXPLORER.EXE
C:\WINDOWS\System32\mgking*.dll
C:\WINDOWS\System32\arking*.dll
C:\WINDOWS\System32\custmon32i.dll
C:\WINDOWS\System32\libcurl-4.dll
C:\WINDOWS\System32\libidn-11.dll
C:\WINDOWS\System32\librtmp.dll
C:\WINDOWS\System32\libgcc_s_dw2-1.dll
C:\WINDOWS\System32\mingwm10.dll
C:\WINDOWS\System32\zlib1.dll
C:\WINDOWS\System32\adnav.exe
C:\WINDOWS\System32\adstop.exe
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\Documents and Settings\All Users\Dane aplikacji\dodb7ljz.plz
C:\Documents and Settings\All Users\Dane aplikacji\zjl7bdod.ctrl
C:\Documents and Settings\All Users\Dane aplikacji\zjl7bdod.pff
C:\Documents and Settings\All Users\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1
C:\Documents and Settings\All Users\Dane aplikacji\1E8C
C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
C:\Documents and Settings\All Users\Dane aplikacji\Premium
C:\Documents and Settings\All Users\Dane aplikacji\RightClick
C:\Documents and Settings\All Users\Dane aplikacji\TheBflix
C:\Documents and Settings\All Users\Dane aplikacji\~Browser Manager
C:\Documents and Settings\Tomek\artpclnt.dll.lz
C:\Documents and Settings\Tomek\Dane aplikacji\*.exe
C:\Documents and Settings\Tomek\Dane aplikacji\*.vbs
C:\Documents and Settings\Tomek\Dane aplikacji\B1Toolbar
C:\Documents and Settings\Tomek\Dane aplikacji\chrtmp
C:\Documents and Settings\Tomek\Dane aplikacji\File Scout
C:\Documents and Settings\Tomek\Dane aplikacji\Nyoq
C:\Documents and Settings\Tomek\Dane aplikacji\Onqua
C:\Documents and Settings\Tomek\Dane aplikacji\OpenCandy
C:\Documents and Settings\Tomek\Dane aplikacji\Optimizer Pro
C:\Documents and Settings\Tomek\Dane aplikacji\PerformerSoft
C:\Documents and Settings\Tomek\Dane aplikacji\PriceGong
C:\Documents and Settings\Tomek\Dane aplikacji\SendSpace
C:\Documents and Settings\Tomek\Dane aplikacji\Systweak
C:\Documents and Settings\Tomek\Dane aplikacji\Vepai
C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\zjl7bdod.lnk
C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\rundlll.exe
C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\Seagate NA45AM9Q Product Registration.lnk
C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\TorpedoCopy.lnk
C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome
C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\*.exe
C:\Program Files\Optimizer Pro
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
C:\Program Files\mozilla firefox\searchplugins\v9.xml
C:\found.*
netsh firewall reset /C
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu. W katalogu G:\_OTL powstanie log z wynikami usuwania.

 

2. Przez Dodaj/Usuń programy odinstaluj:

 

50 FREE MP3s +1 Free Audiobook!, Akamai NetSession Interface, Ask Toolbar, Babylon Chrome Toolbar, Babylon toolbar, BrotherSoft Extreme3 Toolbar, BrowserProtect, BrowseToSave 1.74, Claro Chrome Toolbar, Claro LTD toolbar, DAEMON Tools Toolbar, DealPly, DefaultTab, Delta Chrome Toolbar, Delta toolbar, Download Updater (AOL LLC), FoxTab PDF Reader, Funmoods on IE and Chrome, holasearch toolbar, IB Updater Service, IB Updater 2.0.0.574, Incredibar Toolbar on IE, My Global Search Bar, PrivitizeVPN, RegClean Pro, SearchAmong Toolbar version 1.0, Search Assistant WebSearch 1.74, Search-Results Toolbar, Softonic-Polska Toolbar, SweetIM for Messenger 3.6, SweetPacks Toolbar for Internet Explorer 4.4, TornTV, TUTO4PC, tuto4pc_pl_6, VideoDownloadConverter Toolbar, Vid-Saver, Winamp Toolbar, Yontoo 1.10.02

 

3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

 

4. Uruchom AdwCleaner. Zastosuj Szukaj, a po tym Usuń. Powstanie folder C:\AdwCleaner z raportem z usuwania.

 

5. Uruchom Norton Removal Tool.

 

6. Zrób nowe logi: OTL z opcji Skanuj (już bez Extras) + zaległy GMER + USBFix z opcji Listing. Dołącz log z usuwania OTL z punktu 1 oraz log utworzony przez AdwCleaner.

 

Przed uruchomieniem GMER należy odinstalować DAEMON Tools oraz pozbyć się sterownika SPTD: KLIK.

 

DRV - [2010-03-06 19:19:45 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
 

DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)

DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

 

 

.

[horrida]

Ok. wykonano

AdwCleanerS0.txt

GMER.txt

OTL_punkt_6.Txt

UsbFix Listing 1 .txt

OTL_log_z_usuwania.txt

[picasso]

Ten błąd FRST był wynikiem naruszonej przez infekcję usługi WMI. Zostało to już naprawione. Toteż pobierz najnowszą wersję FRST i zrób raporty z tego narzędzia.

 

 

.

[horrida]

Rzeczywiście

FRST.txt

Addition.txt

[horrida]

Proszę o info. dzięki

[jessica]

Źle trafiłeś, bo @Picasso nie ma teraz możliwości zbyt dużo czasu poświęcać na pomaganie (kłopoty osobiste)

 

Otwórz Notatnik i wklej w nim:

 

C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\uninst1.exe
S4 IntelIde; No ImagePath
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\zjl7bdod.lnk
ShortcutTarget: zjl7bdod.lnk -> C:\DOCUME~1\ALLUSE~1\DANEAP~1\dodb7ljz.plz (No File)
HKCU\...\Run: [Ovmyvav] - "C:\Documents and Settings\Tomek\Dane aplikacji\Vepai\yxhi.exe"
C:\Documents and Settings\Tomek\Dane aplikacji\Vepai
HKLM\...\Run: [tuto4pc_pl_6] - [x]

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj go.

 

Zrób nowe logi z FRST.

 

jessi

[horrida]

Ok, wykonano.

Fixlog.txt

FRST.txt

Addition.txt

[horrida]

OK. a ktoś po za Picasso może pomoże?

[muzyk75]

Odinstaluj jeszcze Bonjour-jest to zbędny dodatek od Apple.

Masz zainstalowaną Java 6 Update 26 (Version: 6.0.260)--> zaktualizuj do najnowszej wersji: Java 7u45

 

Firefox reset wtyczek: kliknij pomarańczowy napis "Firefox"-->"Pomoc"-->"Informacje dla pomocy technicznej'-->"Resetuj program Firefox"

 

Pobierz: TFC Temp File Cleaner by Oldtimer: "Dział pomocy doraźnej"-->"Dezynfekcja kroki finalizujące temat"-->"Czyszczenie lokalizacji tymczasowych" Naciśnij "start" i rozpocznie się usuwanie plików tymczasowych.

 

 

OK. a ktoś po za Picasso może pomoże?

Dalej problem występuje ? Co się dzieje ?