Wirus departament policji

dzidek · 26 Grudnia 2012

Witam. Mam problem tak jak wiekszosc ludzi dzisiaj. Po usunieciu wirusa "departament..." po uruchomieniu systemu wyskakuje blad z wgsdgsdgdsgsd.dll. Prosze o pomoc

Extras.Txt

OTL.Txt

picasso · 10 Stycznia 2013

Błąd się ujawnia, ponieważ infekcja nie została usunięta w sposób kompletny. System jest także okropnie zaśmiecony adware.

1. Przez Panel sterowania odinstaluj adware Ashampoo PO Toolbar, Ask Toolbar, Ask Toolbar Updater, AVG Security Toolbar, Complitly, DealPly, DVDVideoSoftTB Toolbar, Internet Explorer Toolbar 4.6 by SweetPacks, SweetIM for Messenger 3.7, SweetPacks bundle uninstaller, Update Manager for SweetPacks 1.1, Wincore MediaBar.

2. Otwórz Google Chrome i wejdź do ustawień. W Rozszerzeniach odinstaluj Ashampoo PO, AVG Secure Search, Complitly plugin for chrome, DealPly, DVDVideoSoftTB, SweetIM for Facebook, SweetPacks Chrome Extension.

3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\Users\x\AppData\Roaming\Babylon
C:\Users\x\AppData\Roaming\DownloaderGold
C:\Users\x\AppData\Roaming\OpenCandy
C:\Program Files\Mozilla Firefox
C:\END
netsh advfirewall reset /C
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F41B3F68-C137-477A-9DD5-E231F512D84F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=-
"Start Page"="about:blank"
[-HKEY_CURRENT_USER\Software\Mozilla]
[-HKEY_CURRENT_USER\Software\MozillaPlugins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
 
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=329&systemid=2&sr=0&q={searchTerms}"
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}"
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029"
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={4C51C543-CE51-11E1-97DA-002258E22656}"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/?q={searchTerms}&affID=110819&tl=gcn33201&tt=3012_8&babsrc=SP_ss&mntrId=e23711e9000000000000002258e22656"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{663A13EF-34AC-4150-A7F8-43FFC2112DCE}: "URL" = "http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=DBA9821B-6EED-4AF2-9405-35D936C2A8A0&apn_sauid=04109329-8DE4-4E79-9288-461671688F9F"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = "http://isearch.avg.com/search?cid={32EF2722-DF76-49A3-8B41-B18FABEC7073}&mid=0213e6b8e7c247d0b6dcd1577544abbf-b4c56da0f1873af84458869cc671ddfd960d69e1&lang=pl&ds=AVG&pr=pr&d=2012-12-04 12:05:07&v=13.2.0.4&sap=dsp&q={searchTerms}"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=329&systemid=2&sr=0&q={searchTerms}"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{A9EAACFA-E4A7-4079-8E0C-277F4AC5F3DA}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm007YYpl&ptnrS=HJxdm007YYpl&si=CJi-pMz5l7ICFcgm3godUloA2g&ptb=0EE3C6E3-A10C-4A87-A4AD-E555CD3DEF27&ind=2012090218&n=77ee0f6a&psa=&st=sb&searchfor={searchTerms}"
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={4C51C543-CE51-11E1-97DA-002258E22656}"
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
O2 - BHO: (TinyBHO Class) - {00e71626-0bef-11dc-8314-0800200c9a66} - C:\Users\x\AppData\Roaming\DownloaderGold\ieplug.dll ()
O2 - BHO: (TinyBHO Class) - {00e71626-0bef-11dc-8314-0864264c9a64} - C:\Users\x\AppData\Roaming\DownloaderGold\ieplug.dll ()
O2 - BHO: (no name) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - No CLSID value found.
O2 - BHO: (no name) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-91784625-659246694-3654467853-1000\..\Toolbar\WebBrowser: (no name) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - No CLSID value found.
O4 - HKU\S-1-5-21-91784625-659246694-3654467853-1000..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\UIWatcher.exe File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BearShare Applications\MediaBar\Datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BearShare Applications\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

4. Uruchom AdwCleaner i zastosuj Usuń. Na dysku C powstanie log z usuwania.

5. Zresetuj plik HOSTS do postaci domyślnej za pomocą automatycznego narzędzia Fix-it z artykułu: KB972034.

6. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner.

.

Edytowane 18 Lutego 2013 przez picasso
18.02.2013 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Wirus departament policji

Rekomendowane odpowiedzi

dzidek

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność