Blokada komputera.wirus policji

[patryk1095]

Mam problem z wirusen policji od wczoraj. Przeskanowałem go programem OLT. Przesylam załączniki ze skanowania. Z góry dzięki.

[ordynat]

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\ctfmon.lnk = C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe (Microsoft Corporation)
[2012-11-05 08:29:55 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-11-04 14:16:25 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\User\Menu Start\Programy\Autostart\ctfmon.lnk
MOD - [2012-10-14 20:00:10 | 000,058,880 | ---- | M] () -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll
MOD - [2012-10-11 12:17:59 | 002,312,216 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012-10-11 12:17:06 | 002,069,528 | ---- | M] () -- c:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
SRV - [2012-10-11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1200JB-00GVA0_WD-WCALA1495724&ts=1351360499
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1200JB-00GVA0_WD-WCALA1495724&ts=1351360499
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=940a2538-4f63-11e1-b573-0020edb6be8e&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=110824&tt=4412_5&babsrc=HP_ss&mntrId=a03f8a81000000000000004f6a01b9a9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1200JB-00GVA0_WD-WCALA1495724&ts=1351360499
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={C3B17554-AC91-4135-89F3-FCDB3FA9A856}&mid=1abba798de6747d1bd66d169ab52577d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=pl&ds=AVG&pr=fr&d=2011-12-13 17:50:52&v=12.2.5.32&sap=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4412_5&babsrc=SP_ss&mntrId=a03f8a81000000000000004f6a01b9a9
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=1ECDB150-2C6B-4A8F-BF9C-54DA0ADBA403&apn_sauid=0EF728A9-CF94-4424-B388-57C6F5D968C7
IE - HKCU\..\SearchScopes\{18C01083-70B9-499E-8718-195F167F74C6}: "URL" = http://isearch.avg.com/search?cid={C3B17554-AC91-4135-89F3-FCDB3FA9A856}&mid=1abba798de6747d1bd66d169ab52577d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=pl&ds=AVG&pr=fr&d=2011-12-13 17:50:52&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C3B17554-AC91-4135-89F3-FCDB3FA9A856}&mid=1abba798de6747d1bd66d169ab52577d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=pl&ds=AVG&pr=fr&d=2011-12-13 17:50:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.1: "v9"
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\12.2.5.32\ [2012-09-04 14:59:49 | 000,000,000 | ---D | M]
[2012-07-09 18:52:23 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ld7oegnn.default\extensions\{8b9fe9be-f7dd-451e-ac96-0e568e0ecc10}
[2012-11-01 20:09:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ld7oegnn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-11-04 12:09:13 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ld7oegnn.default\extensions\ffxtlbr@babylon.com
[2012-04-20 14:23:26 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ld7oegnn.default\searchplugins\askcom.xml
[2012-11-04 11:38:05 | 000,002,536 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ld7oegnn.default\searchplugins\browsemngr.xml
[2012-09-04 15:12:05 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-11-04 11:37:24 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-10-27 18:55:09 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Winamp Toolbar Loader) - {4accc990-3dc7-4456-a734-5cb4b610a7f5} - C:\Program Files\Winamp Toolbar\winamppltb.dll (AOL Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {a0b1221c-a3ff-4f7c-a393-dc63af5301e9} - C:\Program Files\Winamp Toolbar\winamppltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} - C:\Program Files\Winamp Toolbar\winamppltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\DOCUME~1\ALLUSE~1\DANEAP~1\BROWSE~1\23796~1.11\{16CDF~1\BROWSE~1.DLL) - c:\Documents and Settings\All Users\Dane aplikacji\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
[2012-11-04 11:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Menu Start\Programy\Browser Manager
[2012-11-04 11:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\BabylonToolbar
[2012-11-04 11:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Browser Manager
[2012-08-11 22:04:52 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\vlwdmgiglzccpfv
[2012-07-27 23:24:17 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\oumvsdplpkwwbsn

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

2) Użyj >Adw-cleaner. Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt

3) Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://java.com/pl/download/windows_xpi.jsp?locale=pl
Przy instalacji usuń zaznaczenie przy "Install the AskToolbar ..."
.

[patryk1095]

Nie moge wkleić log z restartu komputera ponieważ wyskakuje "Rozszerzenie log jest zabronione".

[MaTi]

Rozszerzenie log jest zabronione

zamień na txt albo wklej w tagi code.

[patryk1095]

jest raport po restarcie kompa

[ordynat]

Wg mnie - jest już OK.
W Adw-Cleaner kliknij na przycisk Uninstall
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
Jednocześnie zniknie ComboFix.
.