Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Proszę o sprawdzenie logów

blanthauer 11 Nov 2013 16:55 1374 14
  • #1
    blanthauer
    Level 13  
    Witam
    Proszę o sprawdzenie logów.
    Nie mogę odinstalować kilka toolbarów wyskakuje błąd
    Wystąpił problem z aplikacją ${PRDCT_DSP} i zostanie ona zamknięta. Przepraszamy za kłopoty.
    Komputer po kilkunastu minutach bardzo się muli.
  • #3
    blanthauer
    Level 13  
    A czy musze wyłączyć przywracanie systemu?
    Bo kolega kiedyś mówił, że się wyłącza przed skanowaniem
  • #4
    mati211p
    HDD and data recovery specialist
    Nie musisz.
  • #5
    Kolobos
    IT specialist
    Kiepsko to wyglada.

    Odinstaluj:
    Conduit Engine
    MixiDJ Toolbar
    Windows iLivid Toolbar
    FoxTab PDF Reader
    Mipony Download Accelerator Packages

    Wykonaj skrypt w OTL:

    :OTL
    SRV - [2008-04-14 22:50:36 | 000,167,765 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\uqobcw.dll -- (czzkiolem)
    DRV - [2013-08-01 19:57:03 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (zjhmgpohr)
    DRV - [2013-08-01 19:57:03 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (atfwknal)
    DRV - [2013-07-30 19:54:15 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\01.tmp -- (dabwkblin)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/?utm_source=b&utm_mediu...from=cor&uid=ST360015A_3KC0D80B&ts=1363260782
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={9E6EA884-BD93-4152-8B76-7BFEDE61DC26}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/?utm_source=b&utm_mediu...from=cor&uid=ST360015A_3KC0D80B&ts=1363260782
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss_sps&m...DB6BB181&affID=119357&tt=040713_ctrl&tsp=4935
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0CFC0019DB6BB181&affID=119357&tt=040713_ctrl&tsp=4935
    IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=0cfc63950000000000000019db6bb181&tlver=1.4.19.19&affID=18606
    IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/bsprpc/{63553CA3-3E8E-443B-A26C-12736C85E2E3}?q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2247187
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={9E6EA884-BD93-4152-8B76-7BFEDE61DC26}
    IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110601172716796&tb_oid=01-06-2011&tb_mrud=01-06-2011
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
    [2011-01-13 15:02:26 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
    [2011-05-01 12:30:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\extensions\ffxtlbr@babylon.com
    [2013-07-06 20:23:05 | 000,006,546 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\babylon.xml
    [2013-07-06 20:23:05 | 000,006,546 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\BitGuard.xml
    [2013-07-06 20:26:27 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\delta.xml
    [2013-04-07 18:54:30 | 000,001,296 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\mixidj.xml
    [2011-09-13 18:46:41 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\SweetIM Search.xml
    [2012-05-19 09:57:01 | 000,003,997 | ---- | M] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Mozilla\Firefox\Profiles\ebu8553x.default\searchplugins\sweetim.xml
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
    O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
    O4 - HKLM..\Run: [Diagnostic System] C:\WINDOWS\csrss.exe ()
    O4 - HKLM..\Run: [Diagnostics Microsoft Windows] C:\WINDOWS\svchost.exe ()
    O4 - HKLM..\Run: [windata] C:\Documents and Settings\Martusia\Dane aplikacji\bshades53\bot.exe ()
    O4 - HKCU..\Run: [jbot31] C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [MSConfig] C:\Documents and Settings\Martusia\vazcsufm.exe (CamStudio Group)
    O4 - HKCU..\Run: [njsij] C:\Documents and Settings\Martusia\njsij.exe ()
    O4 - HKCU..\Run: [windata] C:\Documents and Settings\Martusia\Dane aplikacji\bshades53\bot.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: x = C:\RECYCLER\svchosl.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: solitude = C:\Recycler\solitude.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: windata = C:\Documents and Settings\Martusia\Dane aplikacji\bshades53\bot.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: xtreme36 = C:\WINDOWS\system32\Bots\gg.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: xrat36 = C:\WINDOWS\Bots\csrss.exe ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\GroupPolicy\svchlost.exe
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: xtreme36 = C:\WINDOWS\system32\Bots\gg.exe ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: xrat36 = C:\WINDOWS\Bots\csrss.exe ()
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\svchost.exe) - C:\WINDOWS\svchost.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\csrss.exe) - C:\WINDOWS\csrss.exe ()
    O33 - MountPoints2\{004375c2-cfcd-11e0-9b48-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{004375c2-cfcd-11e0-9b48-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{084011c3-fb47-11e0-9c41-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{084011c3-fb47-11e0-9c41-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{3d250efc-816b-11e0-9987-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d250efc-816b-11e0-9987-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{4f33f1a4-f2aa-11e0-9c1d-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f33f1a4-f2aa-11e0-9c1d-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{53e6294b-789d-11e0-9966-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{53e6294b-789d-11e0-9966-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{8013ad1e-0528-11e0-97fe-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{8013ad1e-0528-11e0-97fe-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{b638ce0e-65dd-11e0-98e3-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{b638ce0e-65dd-11e0-98e3-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{cb809dd2-984a-11e1-9f7a-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb809dd2-984a-11e1-9f7a-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\xrat32.exe
    O33 - MountPoints2\{cb809dd2-984a-11e1-9f7a-0019db6bb181}\Shell\Open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\xrat32.exe
    O33 - MountPoints2\{db03f72a-84b0-11e1-9f14-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{db03f72a-84b0-11e1-9f14-0019db6bb181}\Shell\AutoRun\command - "" = F:\iStudio.exe
    O33 - MountPoints2\{df4eebe0-37c2-11e1-9db3-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{df4eebe0-37c2-11e1-9db3-0019db6bb181}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kaPEf.ExE
    O33 - MountPoints2\{fe33284f-a812-11e1-9ff1-0019db6bb181}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe33284f-a812-11e1-9ff1-0019db6bb181}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
    [2013-11-09 16:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDealsLive
    [2013-11-09 16:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martusia\Ustawienia lokalne\Dane aplikacji\BonanzaDealsLive
    [2013-11-09 16:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
    [2013-11-09 16:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDeals
    [2013-11-09 16:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martusia\Dane aplikacji\OpenSong
    [2013-11-09 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSong
    [2013-11-09 16:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martusia\Dane aplikacji\0D0S1L2Z1P1B0T1P1B2Z
    [2013-11-09 16:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martusia\Dane aplikacji\DigitalSite
    [2013-10-02 18:00:24 | 000,246,272 | ---- | C] (fVetrewrt Vere) -- C:\Documents and Settings\Martusia\khmm.exe
    [2013-07-03 09:23:23 | 000,261,120 | ---- | C] (Ilient Ltd.) -- C:\Documents and Settings\Martusia\pgq.exe
    [2013-07-03 09:21:15 | 044,355,584 | -H-- | C] (GameRanger Technologies) -- C:\Documents and Settings\Martusia\ophffzre.exe
    [2013-11-11 15:58:19 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
    [2013-11-09 16:52:07 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
    [2013-10-31 16:23:36 | 000,246,272 | ---- | M] (fVetrewrt Vere) -- C:\Documents and Settings\Martusia\ynkdl.exe
    [2013-10-31 16:17:03 | 049,500,160 | -H-- | M] (CamStudio Group) -- C:\Documents and Settings\Martusia\vazcsufm.exe
    [2013-11-04 16:21:46 | 000,041,472 | ---- | C] () -- C:\WINDOWS\saveURLS.dll
    [2013-11-04 16:21:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\rpsS.dll
    [2013-11-04 16:21:30 | 000,410,624 | ---- | C] () -- C:\WINDOWS\ClipMgrS.dll
    [2013-11-04 16:21:22 | 000,237,568 | ---- | C] () -- C:\WINDOWS\WebcamSpyS.dll
    [2013-11-04 16:21:13 | 000,022,016 | ---- | C] () -- C:\WINDOWS\ScreenSpyS.dll
    [2013-11-04 16:15:39 | 000,118,272 | ---- | C] () -- C:\WINDOWS\csrss.exe
    [2013-11-04 16:01:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\iunsas.exe
    [2013-10-31 15:25:58 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2013-07-22 21:23:52 | 000,118,272 | ---- | C] () -- C:\WINDOWS\svchost.exe
    [2013-03-22 16:08:00 | 000,049,152 | RHS- | C] () -- C:\Documents and Settings\Martusia\kapef.exe
    [2013-02-19 19:28:51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\P0150N.exe
    [2013-02-16 13:00:53 | 000,049,152 | RHS- | C] () -- C:\Documents and Settings\Martusia\njsij.scr
    [2013-02-16 13:00:53 | 000,049,152 | RHS- | C] () -- C:\Documents and Settings\Martusia\njsij.exe
    [2013-01-12 16:57:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Martusia-wchelper.dll
    [2013-01-08 18:50:31 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Martusia\Dane aplikacji\Martusiav3.4.2.2.vbs
    [2013-01-07 20:27:33 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Martusia\err.dat
    [2013-01-07 19:52:39 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\saveURLS.dll
    [2012-12-29 15:29:27 | 000,673,852 | ---- | C] () -- C:\Documents and Settings\Martusia\Dane aplikacji\1RV6V1Z5CKmin.exe
    [2012-05-12 10:31:03 | 000,000,134 | RHS- | C] () -- C:\Documents and Settings\Martusia\autorun.inf
    [2012-05-12 09:51:46 | 000,049,152 | RHS- | C] () -- C:\Documents and Settings\Martusia\kapef.scr
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\Video.lnk
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\Pictures.lnk
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\Passwords.lnk
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\New Folder.lnk
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\Music.lnk
    [2011-12-19 15:05:14 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Martusia\Documents.lnk
    [2011-10-30 17:59:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martusia\youtube_video_download.user.js
    [2011-10-13 09:37:41 | 000,005,028 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\cgatmfqq.mbd
    [2011-11-28 16:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
    [2013-11-09 16:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
    [2011-11-01 13:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
    [2012-10-13 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
    [2013-10-22 19:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
    [2011-11-13 18:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru
    [2013-01-12 16:55:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\0CFC6395
    [2013-11-09 16:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\0D0S1L2Z1P1B0T1P1B2Z
    [2013-07-06 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\BabSolution
    [2011-11-28 16:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\Babylon
    [2013-11-09 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\DigitalSite
    [2013-09-23 14:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\File Scout
    [2013-03-14 12:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\OpenCandy
    [2011-11-13 15:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\searchquband
    [2012-03-06 20:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\Toolbar4
    [2012-02-27 20:21:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Martusia\Dane aplikacji\winn
    @Alternate Data Stream - 1725604 bytes -> C:\Documents and Settings\Martusia\Local Settings:init
    @Alternate Data Stream - 1682512 bytes -> C:\WINDOWS\Temp:temp

    :Files
    C:\Documents and Settings\Martusia\Dane aplikacji\bshades53\
    C:\WINDOWS\system32\Bots\
    C:\Documents and Settings\Martusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ajbfjlbjonnckokbmkeiammcgkdciial\
    C:\Documents and Settings\Martusia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\

    :Commands
    [emptytemp]


    Zrob tez skan przy pomocy http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu daj nowy log z OTL, ze skanowania oraz log z TDSSKiller.
  • #7
    Kolobos
    IT specialist
    Dlaczego nie wykonales tego co napisalem?
  • #8
    blanthauer
    Level 13  
    "Dlaczego nie wykonales tego co napisalem? "

    Ponieważ wiadomość odczytałem po przeskanowaniu tamtymi programami.
  • #9
    mati211p
    HDD and data recovery specialist
    Wykonaj to co napisał Kolobos w poście 5. Infekcja dalej jest aktywna.
  • #12
    Kolobos
    IT specialist
    Nie widze zebys dal log z TDSSKiller o ktory prosilem.

    Wykonaj skrypt w OTL:

    :OTL
    SRV - [2013-09-25 09:32:20 | 004,380,968 | -HS- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\dllcache\Microsoft\svchost.exe -- (Microsoft Machine Control)
    O4 - HKCU..\Run: [MSConfig] "C:\Documents and Settings\Martusia\vazcsufm.exe" File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    [2013-11-11 19:06:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013-11-11 17:09:28 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Martusia\Pulpit\Continue Codec Package Installation.lnk
    [2012-05-10 11:53:46 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\ClipMgrS.dll
    [2012-05-10 11:53:17 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\DLFileS.dll
    [2012-05-10 11:52:50 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Poison_FunS.dll
    [2012-05-10 11:52:44 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\PowerS.dll
    [2012-05-10 11:52:39 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\PwS.dll
    [2012-05-10 11:50:45 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ScreenSpyS.dll
    [2012-05-10 11:50:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\WebcamSpyS.dll
    [2012-05-06 18:21:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martusia\filmweb_szukajka.user.js
    [2011-08-31 18:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martusia\TeamViewer5_Setup.exe
  • #13
    blanthauer
    Level 13  
    Log z programu TDSSKIller ( nie wiem czy dobrze zrobiłem kliknełem na report i skopiowałem do notatnika.
    Skrypt wykonałem w OTL
    Wygląda, że wszystko ok błędów już nie ma komputer szybko chodzi:)
  • #14
    Kolobos
    IT specialist
    Wybierz w OTL Sprzatanie i to wszystko.
  • #15
    blanthauer
    Level 13  
    Dziękuje wszystkim za pomoc:)