pongo
29 Lipiec 2012 10:24
#1
Witam,
problem z blokadą jakich tutaj wiele już widizałem. Bardzo proszę o pomoc. Z góry dziękuję. oto log:
http://wklej.org/id/799792/
Acorus
29 Lipiec 2012 10:47
#2
Odinstaluj My Global Search Bar,Babylon Toolbar,BearShare MediaBar,The blinkx Toolbar,free-downloads.net Toolbar,Family Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - File not found [Auto | Stopped] – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe – (Nero BackItUp Scheduler 4.0) DRV - File not found [Kernel | Disabled | Stopped] – C:\Windows\system32\drivers\blbdrive.sys – (blbdrive) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com IE - HKLM…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfre1.dll (Conduit Ltd.) IE - HKLM…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKLM…\SearchScopes{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKCU…\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKCU…\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfre1.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll () IE - HKCU…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=112457&tt=220512_53all&babsrc=SP_ss&mntrId=44d1a566000000000000001167000000 IE - HKCU…\SearchScopes{72A1A00B-12D8-4488-6D15-C5A40642CA}: “URL” = http://toolbar.blinkx.com/search?query={searchTerms}&refer=toolbar_ie7&domainid=PIN05&version=0.5.64&toolbarid=26cb1752-743f-4a31-8bcc-73aaea1aa439 IE - HKCU…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: “URL” = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKCU…\SearchScopes{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms} FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…browser.startup.homepage: “http://domredi.com/1/ ” FF - prefs.js…keyword.URL: “http://search.babylon.com/?affID=112457&tt=220512_53all&babsrc=KW_ss&mntrId=44d1a566000000000000001167000000&q= ” O3 - HKLM…\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKLM…\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll () O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net \tbfre1.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKCU…\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKCU…\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net \tbfre1.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause File not found O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKCU…\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - HKCU…\Run: [WinSATAPI] C:\Users\Danek\AppData\Local\Microsoft\Windows\2126\WinSATAPI.exe () [2012-07-26 05:21:00 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2012-07-25 16:31:42 | 000,000,000 | —D | C] – C:\Users\Danek\AppData\Roaming\hellomoto :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Files C:\Users\Danek\AppData\Local\Microsoft\Windows\2126 :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt.
Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
pongo
29 Lipiec 2012 11:42
#3
Wyglada ze wszystko ok, dziekuję bardzo za pomoc. Podaje logi ze skanowania i raport:
http://wklej.org/id/799833/
http://wklej.org/id/799837/
pozdrawiam
Acorus
29 Lipiec 2012 11:53
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - [2012-02-23 00:56:29 | 000,111,632 | ---- | M] (TMRG, Inc.) [Auto | Running] – C:\Program Files\RelevantKnowledge\rlservice.exe – (RelevantKnowledge) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions [2010-10-05 10:37:07 | 000,000,000 | —D | M] [2012-05-25 15:57:48 | 000,000,000 | —D | M] (Babylon) – C:\Users\Danek\AppData\Roaming\mozilla\Firefox\Profiles\vy8qafj2.default\extensions\ffxtlbr@babylon.com O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReports.dll (SmartShopper Inc.) [2012-07-29 13:15:23 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2012-07-29 12:53:49 | 000,225,280 | ---- | C] (My Global Search) – C:\Program Files\Uninstall My Global Search Bar.dll :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW Malwarebytesa “Uruchom Malwarebytes, przejdź do zakładki Aktualizacja, Sprawdź aktualizacje.”
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.