Brak połączenia z serwerem TeamSpeak - Guard Guard w logach, co robić?

Witam,

Mam problemy z połączeniem się do serwera TeamSpeak(gdy wpisuje ping ip+port w cmd ten nie znajduje posta, a gdy wpisuje samo ip mam informacje "upłynal limit żądania" pomimo wyłączenia firewalla oraz wszystkich programów które mogą blokować). Postanowiłem zrobić scan i wysłać koledze który stwierdził że mam jakiegoś Guard-Guard. Stwierdził takżę, że powinienem tu ów log zamieścić. Prosze o szybką odpowiedź i skrypt.

Zrob skan przy pomocy mbam oraz cureit. Daj extras.txt, ktory utworzyl OTL oraz nowy log z OTL bez klikania na "Wszystkie".

Prosze logi z mbam.

Przeczytaj jeszcze raz to co napisalem i wykonaj WSZYSTKO.

Usun to co wykryl mbam.

Prosze oto extras.

Oraz otl, nie zaznaczalem "wszystko"
Scany wykonane.

Odinstaluj: IObit Toolbar v4.3, Ask Toolbar, MarketResearch, AF-HSS Toolbar, Avira AntiVir Personal, Conduit Engine, ICQ Toolbar, IObit Security 360, QuickStores-Toolbar 1.1.0, Search Toolbar, Softonic-Polska Toolbar, XfireXO Toolbar, Adobe Reader 8 - Zmien go na Foxit Reader: http://ninite.com/foxit/

Nie wiem jak mozna zainstalowac tyle smieci, prawie wszystko co masz zainstalowane nadaje sie do wyrzucenia.

Nie instaluj nigdy wiecej niz jednego antywirusa!

Mail.Ru korzystasz z tego?


Wykonaj skrypt w OTL:

:OTL
PRC - [2011-04-23 15:00:17 | 000,284,880 | ---- | M] () -- C:\WINDOWS\Temp\GuardGuard.exe
PRC - [2011-01-28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011-01-28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2011-01-28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.pl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://shop.thefreevpn.com/home.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=15573&l=dis
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledItems: support(_at_)platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar(_at_)ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: support(_at_)real-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: searchtoolbar(_at_)zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: iobit(_at_)mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom(_at_)mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin
[2010-06-26 21:24:00 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010-10-28 14:25:24 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011-01-20 16:32:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011-04-06 16:01:26 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-07-29 14:49:19 | 000,000,000 | ---D | M] (Softonic-Polska Toolbar) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2010-09-29 16:38:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\searchtoolbar@zugo.com
[2011-03-21 15:01:18 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\extensions\toolbar@ask.com
[2011-04-06 15:56:49 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\searchplugins\askcom.xml
[2010-09-29 16:38:10 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\searchplugins\bing-zugo.xml
[2010-10-23 11:42:42 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\usek\Dane aplikacji\Mozilla\Firefox\Profiles\v6tidg1x.default\searchplugins\conduit.xml
[2011-04-22 21:53:05 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011-02-12 21:54:47 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011-02-25 17:20:20 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AF-HSS Toolbar) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [HideMyIP] File not found
O33 - MountPoints2\{351d631e-e578-11dd-995a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{351d631e-e578-11dd-995a-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{b23cb38f-e56e-11dd-b6b9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b23cb38f-e56e-11dd-b6b9-806d6172696f}\Shell\AutoRun\command - "" = E:\Run.exe
[2011-04-22 21:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\usek\Dane aplikacji\QuickStoresToolbar
[2011-03-30 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\usek\Ustawienia lokalne\Dane aplikacji\AF-HSS
[2011-03-30 16:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\AF-HSS
[2011-04-23 15:01:12 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-04-22 21:53:56 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\usek\Pulpit\QuickStores.url

:Commands
[emptytemp]

Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe

Po wykonaniu daj nowy log.

Daj tez logi z MbrCheck oraz TDSSKiller:
http://ad13.geekstogo.com/MBRCheck.exe
http://support.kaspersky.com/viruses/solutions?qid=208280684
Nie nie usuwaj przy pomocy tych programow!

Wykonane, nowe logi.

Log z MbrCheck.

Log z tdsskillera.
Mam nadzieje ze wszystko wykonalem dobrze.
GuardGuard zostal usuniety.
Dziekuje za Pomoc

Zainstalowales aktualizacje do programow podanych przez SecurityCheck ?

Nowy skrypt, przed wykonaniem wylacz FF:

:OTL
FF - prefs.js..extensions.enabledItems: toolbar(_at_)ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: searchtoolbar(_at_)zugo.com:1.2
FF - prefs.js..extensions.enabledItems: wtxpcom(_at_)mybrowserbar.com:4.3
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
[2011-04-23 18:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\usek\Ustawienia lokalne\Dane aplikacji\Softonic-Polska


Czy problem nadal wystepuje?

Tak wszystko dziala jak pownino.
Dziękuję.

W takim razie wybierz w OTL Sprzatanie.