Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Relevant Knowledge - pomoc

akw 13 Lut 2011 15:04 1602 9
  • #1 13 Lut 2011 15:04
    akw
    Poziom 8  

    Witam serdecznie,
    To mój pierwszy post na forum. Jestem laikiem jeżeli chodzi prawidłowe użytkowane komputera. Chciałbym to zmienić. I w tym momencie chciałbym was gorąco prosić o pomoc.

    Poniżej screen z menadżera zadań.
    http://www.fotosik.pl/pokaz_obrazek/9a8edec8522b94ad.html
    Kilka procesów zwróciło moją uwagę, wy na pewno zobaczycie więcej. Między innymi relevant knowledge. Czytałem na innych forach, na tym też - ale nie wiem jak sobie poradzić.

    Bardzo proszę o poprowadzenie mnie za "rączkę" i o to żeby były to sposoby w miare bezpieczne dla systemu do przeprowadzenie przez laika.

    0 9
  • Pomocny post
    #2 13 Lut 2011 15:14
    Kolobos
    Spec od komputerów

    Zrob skan przy pomocy mbam oraz cureit (oba znajdziesz na google). Daj tez logi z OTL (program znajdziesz na google) w zalaczniku (otl.txt oraz extras.txt).

    0
  • #3 13 Lut 2011 19:15
    akw
    Poziom 8  

    Oto pliki, które polecił mi Pan skompletować. Screen z CureIt i logi z mbam w załączniku. Cureit wykryło tylko adware Relevant Knowledge, wiem że go nie chcę, więc już za pomocą tego programu usunąłem go z systemu. Wygląda na to że skutecznie. Skan mbam wykonywałem wcześniej więc tam Relevant jeszcze się znajduje. Jednak mbam wykrył dużo więcej niepożądanych plików ale ich nie ruszłałem jeszcze bo nie wiem czy nie usunę czegoś niepotrzebnie. Dlatego prosiłbymbym o pomoc w tej kwestii. Co do OTL, skan wykonywany był jako ostatni więc tu są aktualne dane.

    Dziękuję za chęci i Pozdrawiam

    0
  • Pomocny post
    #4 13 Lut 2011 20:33
    Kolobos
    Spec od komputerów

    Mozesz usunac w mbam wszystko co wykryl.

    Odinstaluj: Babylon toolbar, Conduit Engine, DAEMON Tools Toolbar, FreeSoundRecorder Toolbar, HyperCam Toolbar, Norton Security Scan, QuickStores-Toolbar, PHPNukeEN Toolbar i pamietaj, jezeli podczas instalacji program proponuje zainstalowanie swojego paska to odmawiaj/odznaczaj.

    Wykonaj skrypt w OTL:

    :OTL
    SRV - File not found [Unknown | Stopped] -- -- (RelevantKnowledge)
    IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15627
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
    O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
    [2011-02-13 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    [2011-02-11 19:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
    [2011-02-11 19:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
    [2011-02-11 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\PHPNukeEN

    :Files
    C:\Users\Adm\AppData\Local\Temp*.html

    :Commands
    [emptytemp]

    Po wykonaniu wybierz w OTL Sprzatanie.

    Uzyj SecurityCheck: http://screen317.spywareinfoforum.org/SecurityCheck.exe i sprawdz do czego musisz zainstalowac aktualizacje.

    0
  • #5 13 Lut 2011 21:46
    akw
    Poziom 8  

    Dzięki za odpowiedź. Zrobię pokolei jak piszesz tylko proszę, wytłumacz mi co dokładniej znaczy: Wykonaj skrypt w OTL: ''(dalej kod)(...)''. Co mam zrobić. Gdzieś skopiować? Niestety nie obyty jeszcze jestem, wybacz a nie chce czegoś zrobić źle.

    0
  • Pomocny post
    #6 13 Lut 2011 22:40
    Kolobos
    Spec od komputerów

    Wklej do OTL to co podalem i nacisnij "Wykonaj skrypt".

    0
  • #7 13 Lut 2011 23:00
    akw
    Poziom 8  

    Otrzymałem:

    Code:
    All processes killed
    
    ========== OTL ==========
    Error: No service named RelevantKnowledge was found to stop!
    Service\Driver key RelevantKnowledge not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
    File C:\Program Files\FreeSoundRecorder\tbFree.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
    File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    File C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
    File C:\Program Files\FreeSoundRecorder\tbFree.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
    File C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
    File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.




    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32b29df0-2237-4370-9a29-37cebb730e9b} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
    File C:\Program Files\FreeSoundRecorder\tbFree.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    File C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\ not found.
    File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
    File C:\Program Files\FreeSoundRecorder\tbFree.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}\ not found.
    File C:\Program Files\PHPNukeEN\tbPHPN.dll not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\ not found.
    Folder C:\Program Files\RelevantKnowledge\ not found.
    Folder C:\Program Files\ConduitEngine\ not found.
    Folder C:\Program Files\PHPNukeEN\ not found.
    ========== FILES ==========
    C:\Users\Adm\AppData\Local\TempaV6052.html moved successfully.
    C:\Users\Adm\AppData\Local\TempAz7868.html moved successfully.
    C:\Users\Adm\AppData\Local\TempB10468.html moved successfully.
    C:\Users\Adm\AppData\Local\TempBb6884.html moved successfully.
    C:\Users\Adm\AppData\Local\TempbT2764.html moved successfully.
    C:\Users\Adm\AppData\Local\TempcX6008.html moved successfully.
    C:\Users\Adm\AppData\Local\Tempdfu676.html moved successfully.
    C:\Users\Adm\AppData\Local\TempDJ6008.html moved successfully.
    C:\Users\Adm\AppData\Local\Tempgp2764.html moved successfully.
    C:\Users\Adm\AppData\Local\TempjL4036.html moved successfully.
    C:\Users\Adm\AppData\Local\TempJV5884.html moved successfully.
    C:\Users\Adm\AppData\Local\TempkmS676.html moved successfully.
    C:\Users\Adm\AppData\Local\Tempmc5348.html moved successfully.
    C:\Users\Adm\AppData\Local\TempNu6884.html moved successfully.
    C:\Users\Adm\AppData\Local\TempSI6292.html moved successfully.
    C:\Users\Adm\AppData\Local\TempSPA676.html moved successfully.
    C:\Users\Adm\AppData\Local\TempTY9860.html moved successfully.
    C:\Users\Adm\AppData\Local\TempuI2764.html moved successfully.
    C:\Users\Adm\AppData\Local\TempXw6292.html moved successfully.
    C:\Users\Adm\AppData\Local\TempyN5348.html moved successfully.
    C:\Users\Adm\AppData\Local\TempZE9860.html moved successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: Adm
    ->Temp folder emptied: 164787578 bytes
    ->Temporary Internet Files folder emptied: 32515763 bytes
    ->Java cache emptied: 4199938 bytes
    ->FireFox cache emptied: 46558365 bytes
    ->Opera cache emptied: 7003502 bytes
    ->Flash cache emptied: 15754 bytes
     
    User: Alek
    ->Temp folder emptied: 278684637 bytes
    ->Temporary Internet Files folder emptied: 153740570 bytes
    ->Java cache emptied: 52819752 bytes
    ->FireFox cache emptied: 47608767 bytes
    ->Opera cache emptied: 125999980 bytes
    ->Flash cache emptied: 145270 bytes
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: dom
    ->Temp folder emptied: 1075473533 bytes
    ->Temporary Internet Files folder emptied: 267208639 bytes
    ->Java cache emptied: 112525813 bytes
    ->FireFox cache emptied: 84730268 bytes
    ->Flash cache emptied: 1169273 bytes
     
    User: Public
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 1564672 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 77145357 bytes
    RecycleBin emptied: 20027127 bytes
     
    Total Files Cleaned = 2 436,00 mb
     
     
    OTL by OldTimer - Version 3.2.20.5 log created on 02132011_224512

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Wszystko wporządku? Czy to koniec?

    0
  • Pomocny post
    #8 13 Lut 2011 23:14
    Kolobos
    Spec od komputerów

    Jezeli wykonales wszystko co napisalem to tak.

    0
  • #9 13 Lut 2011 23:29
    akw
    Poziom 8  

    W takim razie bardzo dziękuję. Profesjonalna pomoc. Ostatnie pytanie:

    Code:
     Results of screen317's Security Check version 0.99.8  
    
     Windows Vista Service Pack 2 (UAC is enabled)
     Internet Explorer 7 [color=red][b]Out of date![/b][/color]
    [b]``````````````````````````````
    [u]Antivirus/Firewall Check:[/u][/b]
     Adobe After Effects CS3 Presets 
     McAfee Internet Security Suite   
     [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
    [b]```````````````````````````````
    [u]Anti-malware/Other Utilities Check:[/u][/b]
     Malwarebytes' Anti-Malware   
     Java(TM) 6 Update 23 
     Adobe Flash Player 10.1.102.64 
    Adobe Reader 9.4.1
    [color=red][b]Out of date Adobe Reader installed![/b][/color]
    [b]````````````````````````````````
    Process Check: 
    [u]objlist.exe by Laurent[/u][/b]
     Windows Defender MSASCui.exe
     Windows Defender MSASCui.exe   
    [b]``````````End of Log````````````[/b]

    Tu są wymienione wszystkie programy które muszę zaktualizować czy wystarczy jak zaktualizuję te o które tak krzyczy że są "out of date"?

    0
  • #10 13 Lut 2011 23:57
    Kolobos
    Spec od komputerów

    Tylko te z Out of date, Adobe Reader oraz IE.

    0