Wyskakuje mi ten recycler.exe nie wiem co z nim zrobic, komuter jest zamulony i wolniej się wlacza.
Nizej zamieszczam 2 skany z OTLa. Prosze o pomoc;(
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL
IE - HKU\S-1-5-21-436374069-329068152-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2530240
IE - HKU\S-1-5-21-436374069-329068152-725345543-1003…\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-436374069-329068152-725345543-1003…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
FF - prefs.js…browser.search.defaultthis.engineName: “Softonic-Polska Customized Web Search”
FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}”
FF - prefs.js…browser.startup.homepage: “http://search.conduit.com/?ctid=CT2530240&SearchSource=13”
FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - HKLM\software\mozilla\Firefox\extensions\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011-01-20 00:59:28 | 000,000,000 | —D | M]
[2011-01-20 00:59:19 | 000,000,000 | —D | M] (Softonic-Polska Community Toolbar) – C:\Documents and Settings\as\Dane aplikacji\Mozilla\Firefox\Profiles\u6b98vf1.default\extensions{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2011-01-09 12:41:12 | 000,000,000 | —D | M] (free-downloads.net Toolbar) – C:\Documents and Settings\as\Dane aplikacji\Mozilla\Firefox\Profiles\u6b98vf1.default\extensions{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011-01-20 00:59:18 | 000,000,000 | —D | M] (Conduit Engine) – C:\Documents and Settings\as\Dane aplikacji\Mozilla\Firefox\Profiles\u6b98vf1.default\extensions\engine@conduit.com
[2011-01-20 00:59:28 | 000,000,000 | —D | M] (RelevantKnowledge) – C:\PROGRAM FILES\RELEVANTKNOWLEDGE
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM…\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Run: [ALLUpdate] File not found
O4 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Run: [sFRCalculator] File not found
O4 - HKU\S-1-5-21-436374069-329068152-725345543-1003…\Run: [wsctf.exe] File not found
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - File not found
O33 - MountPoints2{34dec333-cbe0-11df-962c-e0cb4ee2e0ae}\Shell\AutoRun\command - “” = F:\EXPLORER.EXE
O33 - MountPoints2{34dec333-cbe0-11df-962c-e0cb4ee2e0ae}\Shell\explore\Command - “” = F:\EXPLORER.EXE
O33 - MountPoints2{34dec333-cbe0-11df-962c-e0cb4ee2e0ae}\Shell\open\Command - “” = F:\EXPLORER.EXE
O33 - MountPoints2{3aaf17c0-175f-11e0-9b37-e0cb4ee2e0ae}\Shell\AutoRun\command - “” = dhrhyje.bat
O33 - MountPoints2{3aaf17c0-175f-11e0-9b37-e0cb4ee2e0ae}\Shell\open\Command - “” = dhrhyje.bat
[2011-01-09 12:41:13 | 000,000,000 | —D | C] – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\Conduit
[2011-01-24 11:39:58 | 000,000,260 | ---- | M] () – C:\WINDOWS\tasks\WGASetup.job
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\as\Pulpit\binaryfile . bin.exe:SummaryInformation
:Commands
[emptytemp]
Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
odinstaluj:
ask toolbar i softsonic toolbar
zaktualizuj IE o wersji 8 i zainstaluj SP3
poaj lokalizacje tego pliku
w otl w białe okno wklej:
kliknij wykonaj skrypt i zatwierź restart
podaj log z usuwania i nowy, wklej go na wklej.to
pobierz jeszcze MBAM i zrób pełny skan i usuń co znajdzie poaj z niego loga i wklej na wklej.to
log z usuwania
nowy skan
log z malwarebytes
W porządku.W OTL użyj opcji Sprzątanie.
Dziekuje bardzo za pomoc.