Komp zamulony - net szarpie niemilosiernie

[fluid]

Szwagierka przyniosla mi swojego laptopa zebym zobaczyl czemu muli bo nawet filmiku na yt nie da sie obejrzec na necie 10 megowym laczu
Co moglem i co umialem to powywalalem, poczyscilem rejestr jednak dalej cos siedzi gdzies glebiej.
Prosze o rzucenie okiem na log (gmera nie wrzucalem bo nie dziala na 64-bitowym systemie)




wiem ze nei ma antywira (jeszcze) bo dopiero bede go instalowal tak samo ogniomurek i cos na spyware

Dodano 29.09.2012 14:43:44:
dodam jeszcze ze na FF filmiki na yt strasznie mula (na chromie i ie problem nei wystepuje)
no i jest jakis dziadowski toolbar zainstalowany (http://search.conduit.com/?ctid=CT2269050) ktorego za nic nei moge wywalic

Dodano 29.09.2012 19:34:15:
i kolejny toolbar ktorego nei moge sie pozbyc sie jeszcze znalazl - babylon toolbar i z tego co widze po necie to strasznei oporne bydle jest

Jeszcze bym poprosil o sugestie co do jakiegos dobrego i free softu anty spyware

[wojtas]

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=6ac9c375-1d7a-11e1-938b-c44619c4bb9c&q={searchTerms}
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_nocpc_3712_5&babsrc=SP_ss&mntrId=285758c100000000000078e400f15532
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFB2&ctid=CT2269050&SearchSource=2&q="
[2011-02-13 14:50:40 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\Firefox\Profiles\k7tbvqbh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012-09-16 21:08:22 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\Firefox\Profiles\k7tbvqbh.default\extensions\ffxtlbr@babylon.com
[2012-09-16 21:08:28 | 000,000,949 | ---- | M] () -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\firefox\profiles\k7tbvqbh.default\searchplugins\conduit.xml
[2011-10-18 21:26:16 | 000,002,520 | ---- | M] () -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\firefox\profiles\k7tbvqbh.default\searchplugins\SearchResults.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\firefox\profiles\k7tbvqbh.default\searchplugins\startsear.xml
[2012-08-19 10:03:30 | 000,003,915 | ---- | M] () -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\firefox\profiles\k7tbvqbh.default\searchplugins\sweetim.xml
[2011-02-13 14:50:49 | 000,001,196 | ---- | M] () -- C:\Users\Ana&Mike\AppData\Roaming\mozilla\firefox\profiles\k7tbvqbh.default\searchplugins\winamp-search.xml
[2012-09-16 20:53:13 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011-10-18 21:26:16 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3806692902-670960297-2845697778-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
[2012-09-16 21:17:56 | 000,000,000 | ---D | C] -- C:\Users\Ana&Mike\AppData\Roaming\OpenCandy
[2012-09-16 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-09-16 21:07:56 | 000,000,000 | ---D | C] -- C:\Users\Ana&Mike\AppData\Local\Conduit
[2012-09-16 20:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012-09-16 20:52:58 | 000,000,000 | ---D | C] -- C:\Users\Ana&Mike\AppData\Roaming\Babylon
[2012-09-16 20:53:28 | 000,000,317 | ---- | M] () -- C:\user.js

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzyła się po restarcie).