sheep88
11 Marzec 2014 19:21
#1
Witam,
podczas uruchamiania programów pojawia się błąd:
“Program C:\PROGRA~2\Win32C~1.DLL nie jest przeznaczony do uruchamiania w systemie Windows albo zawiera błąd. Zainstaluj program ponownie, używając oryginalnego nośnika instalacyjnego, albo skontaktuj się z administratorem systemu lub z dostawcą oprogramowania w celu uzyskania pomocy”.
Ale mimo to programy działają.
Antywirusy nic nie wykryły.
Bardzo proszę o szybką pomoc.
OTL.Txt: https://www.dropbox.com/s/x4v2b1hxqd01aff/OTL.Txt
Exstras.Txt: https://www.dropbox.com/s/o2rucugh06w53k9/Extras.Txt
Acorus
11 Marzec 2014 19:35
#2
Odinstaluj SweetIM for Messenger 3.5,SweetIM Toolbar for Internet Explorer 4.1,AVG Security Toolbar,Conduit Engine,IncrediMail MediaBar 2 Toolbar,McAfee Security Scan Plus,Mobogenie,V9 Homepage Uninstaller.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Pokaż nowy OTL.txt
sheep88
11 Marzec 2014 20:52
#3
Acorus:
Odinstaluj SweetIM for Messenger 3.5,SweetIM Toolbar for Internet Explorer 4.1,AVG Security Toolbar,Conduit Engine,IncrediMail MediaBar 2 Toolbar,McAfee Security Scan Plus,Mobogenie,V9 Homepage Uninstaller.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator). Pokaż nowy OTL.txt
Nie udało mi się usunąć SweetIM for Messenger 3.5 i SweetIM Toolbar for Internet Explorer 4.1.
Nowy OTL: https://www.dropbox.com/s/x4v2b1hxqd01aff/OTL.Txt
Atis
11 Marzec 2014 21:39
#4
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\xxx\AppData\Local\Temp\003669~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0036691255881635mcinstcleanup)
SRV - [2011-11-10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
rsvlock.sys IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110825&tt=0213_1&babsrc=SP_ss&mntrId=6170d3300000000000000025b37b90e9
IE - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6170d3300000000000000025b37b90e9&tlver=1.4.19.19&affID=17160
IE - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823312713366928
IE - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
[2011-06-09 16:02:52 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1050457575-285157336-3125794968-1004..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O8 - Extra context menu item: Ściągaj z Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found
O36 - AppCertDlls: x64 - (c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll) - File not found
[2014-03-11 14:16:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabSolution
[2012-07-12 21:40:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
:File
C:\Program Files\AVG\AVG8
C:\Users\xxx\AppData\Local\Temp*.html
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Pobierz Farbar Recovery Scan Tool 32-Bit Version
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
sheep88
12 Marzec 2014 07:11
#5
Atis
12 Marzec 2014 07:55
#6
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
CHR DefaultSearchKeyword: babylon.com
CHR DefaultNewTabURL:
CHR DefaultSearchURL: http://search.babylon.com/?q={searchTerms}&affID=110825&tt=0213_1&babsrc=SP_ss&mntrId=6170d3300000000000000025b37b90e9
CHR Extension: (Facemoods) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2012-11-10]
CHR HKLM\...\Chrome\Extension: [aaaaifmhgonleehnkppkhhchcbhhigac] - C:\Users\xxx\AppData\Local\koyotesoftmoviestoolbarha\GC\toolbar.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2013-08-29]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2013-08-29]
HKU\S-1-5-21-1050457575-285157336-3125794968-1004\...\RunOnce: [Shockwave Updater] - C:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [468408 2009-07-21] (Adobe Systems, Inc.)
C:\AdwCleaner
C:\Users\xxx\AppData\Local\Torch
C:\Users\xxx\AppData\Local\koyotesoftmoviestoolbarha
C:\Program Files\v9Soft
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Task: {0212335A-9086-4C97-834B-C0F9EEAA2BC1} - System32\Tasks\{A4E87005-594E-423F-84EF-DE43FEF7FA28} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {0B4741EE-4157-4B27-88A1-4D89B7BBCC11} - System32\Tasks\{3F3F30BE-3E92-45D8-89EA-EE3F8650AD70} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.116.259/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {B96ECE09-4809-466B-B3B7-99083892D20C} - System32\Tasks\fbagent => C:\Users\xxx\AppData\Roaming\hgixr.exe
Task: {C5CD0ECD-C340-43BD-AB94-47B53E243067} - System32\Tasks\systems => C:\Users\xxx\AppData\Roaming\ddbj.exe
Uruchom FRST i kliknij Fix. Później skasuj folder C:\FRST.
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
http://windows.microsoft.com/pl-pl/windows/delete-restore-point#1TC=windows-vista
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.
http://wstaw.org/m/2012/12/29/2012-12-29_005346.png
sheep88
12 Marzec 2014 19:58
#7
Wszystko zrobione zgodnie z zaleceniami. Błędu już nie ma. Dzięki za pomoc
