Relevant Knowledge

Kondzios · 26 Grudnia 2012

Witam. Do mojego kompa dostał się wirus o nazwie Relevant Knowledge. Nie da się dziada wyłączyć a wiem, że jest to wirus.

Ponadto nie mogę włączyć zapory windows i na starcie systemu wyskakuje o braku klucz odnoszącego się do ADVAPI32.dll>

Wrzucam logi z OTL'a

Extras.Txt

OTL.Txt

picasso · 10 Stycznia 2013

To nie wirus tylko adware. Zainstalowane wraz z innym programem. Konkretnie: KC Softwares VideoInspector.

[2012-12-26 14:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge[2012-12-24 15:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2012-12-24 15:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Konrad\Application Data\Complitly
[2012-12-24 15:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Konrad\Application Data\2YourFace
[2012-12-24 15:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2012-12-24 15:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Konrad\Application Data\KC Softwares
[2012-12-24 15:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KC Softwares
[2012-12-24 15:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\KC Softwares

Ten program to siedlisko samych syfów. Kiedyś to instalowałam i aż strach się bać co on narobił. W Twoim systemie działa nie tylko RelevantKnowledge, ale i inne adware wprowadzone "inspektorem". Na stronie domowej programu powinno być kilka pozycji do pobrania, jedną z nich jest wersja czysta niesponsorowana.

Przechodząc do usuwania śmietnika:

1. Rozpocznij od najprostszej rzeczy, czyli deinstalacji adware. W Dodaj/Usuń Programy powinny być pozycje: 2YourFace 1.0, Complitly, Pandora Service, RelevantKnowledge, Softonic toolbar on IE and Chrome, Viewpoint Media Player, vShare.tv plugin 1.3, LiveVDO plugin 1.3.

2. Otwórz Google Chrome i w Rozszerzeniach odinstaluj LiveVDO plugin, vshare plugin.

3. Wyczyść Firefox z adware: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox.

4. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Backup.Old.Start Page"=-
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"Backup.Old.DefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"Backup.Old.DefaultScope"=-
 
:Files
C:\Documents and Settings\Konrad\Local Settings\Application Data\funmoods-speeddial.crx
C:\Documents and Settings\Konrad\Local Settings\Application Data\funmoods.crx
netsh firewall reset /C
 
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtCtCtDyDzyzztBtC0DtCtN0D0Tzu0CtByCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=456146339"
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = "http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp"
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = "http://start.facemoods.com/?a=ost&s={searchTerms}&f=4"
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=4cb921d10000000000000013024f6012"
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = "http://supertoolbar.ask.com/redirect?client=ie&tb=FF&o=&src=crm&q={searchTerms}&locale={locale.underscore}"
IE - HKCU\..\SearchScopes\{1B2D8BA7-424C-0522-CEF0-5140A1754A67}: "URL" = "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
IE - HKCU\..\SearchScopes\{9C0AFA44-BF48-4629-A914-ED9DD6A67DDA}: "URL" = "http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc="
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = "http://www.daemon-search.com/search/web?q={searchTerms}"
IE - HKCU\..\SearchScopes\{B56984FB-5C8C-4314-AEA1-A77C9699161E}: "URL" = "http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtCtCtDyDzyzztBtC0DtCtN0D0Tzu0CtByCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=456146339"
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = "http://www.ask.com/web?o=15710&l=dis&q={searchTerms}"
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "http://search.sweetim.com/search.asp?src=6&q={searchTerms}"
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7C207950-B633-40B8-95B3-E3E08502BE44} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: []  File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@2yourface.com: C:\Documents and Settings\Konrad\Application Data\2YourFace\ffextension [2012-12-24 15:16:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Documents and Settings\Konrad\Application Data\2YourFace\ffextension [2012-12-24 15:16:38 | 000,000,000 | ---D | M]
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56DEF162-62F7-4B06-9F48-BBD37929623F}\MpKslfd74de76.sys -- (MpKslfd74de76)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9849FEC3-A583-41BF-8868-839FF0CA009F}\MpKslf847ba64.sys -- (MpKslf847ba64)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56DEF162-62F7-4B06-9F48-BBD37929623F}\MpKslea31932f.sys -- (MpKslea31932f)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7011E858-56DB-4967-93C8-1B82FD0DC8B2}\MpKsle669a75b.sys -- (MpKsle669a75b)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E3E6C24-FEE6-4A8A-A8DA-13D1B6229499}\MpKsle05f5c8d.sys -- (MpKsle05f5c8d)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56DEF162-62F7-4B06-9F48-BBD37929623F}\MpKsl90418bfe.sys -- (MpKsl90418bfe)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{414DF8A4-FE6F-485E-918A-AECD09DD70F1}\MpKsl8fdacb5b.sys -- (MpKsl8fdacb5b)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F6D6B5C-915C-42A5-96F1-4212381001C9}\MpKsl807560e3.sys -- (MpKsl807560e3)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56DEF162-62F7-4B06-9F48-BBD37929623F}\MpKsl5e59560a.sys -- (MpKsl5e59560a)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F6D6B5C-915C-42A5-96F1-4212381001C9}\MpKsl225a4419.sys -- (MpKsl225a4419)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Konrad\LOCALS~1\Temp\esihdrv.sys -- (esihdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Konrad\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010-03-25 20:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010-03-25 20:06:26 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
 
:Commands
[emptytemp]

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Wykonaj skrypt. Zatwierdź restart.

5. Uruchom AdwCleaner i zastosuj Usuń. Na dysku C powstanie log z usuwania.

6. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner.

.

Edytowane 18 Lutego 2013 przez picasso
18.02.2013 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Relevant Knowledge

Rekomendowane odpowiedzi

Kondzios

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność