Wirus UKASH jak usunać z win XP?

matikitli · 17 Sierpień 2012 07:17

Witam, mam ten sam problem wlasnie z tym trojanem…próbowałem trochę pogmerać w tym patrząc na poprzednie wpisy, ale jednak nic to nie dało…prosiłbym o pomoc z tym problemem:

OTL.txt -> http://wklej.org/id/812421/

Extras.txt -> http://wklej.org/id/812424/

z góry dziękuje: Mateusz

Acorus · 17 Sierpień 2012 08:15

Odinstaluj Dealio Toolbar v6.2,DAEMON Tools Toolbar,HyperCam Toolbar,Norton Security Scan,vShare.tv plugin 1.3.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL SRV - File not found [On_Demand | Unknown] – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – (NMIndexingService) SRV - File not found [On_Demand | Unknown] – C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe – (FirebirdServerMAGIXInstance) SRV - [2012-07-26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Unknown] – C:\Program Files\Application Updater\ApplicationUpdater.exe – (Application Updater) DRV - File not found [Kernel | On_Demand | Unknown] – C:\WINDOWS\system32\vsdatant.sys – (vsdatant) DRV - File not found [Kernel | On_Demand | Unknown] – D:\PROGRA~1\WINSNI~1\PCANDIS5.SYS – (PCANDIS5) DRV - File not found [Kernel | On_Demand | Unknown] – C:\WINDOWS\system32\drivers\EagleNT.sys – (EagleNT) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=a71a5532- … 12cad456ac IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=66019 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=9aa62d68- … 12cad456ac IE - HKCU…\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll (Spigot, Inc.) IE - HKCU…\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKCU…\SearchScopes{15F4A2FA-D1C1-4B13-8CD9-FF4750FA3F65}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=9a … ad456ac&q={searchTerms} IE - HKCU…\SearchScopes{88BBE208-2B4F-42BA-9176-F09FDF108BAF}: “URL” = http://search.yahoo.com/search?fr=chr-g … =766371&p={searchTerms} FF - prefs.js…browser.search.defaultengine: “Web Search” FF - prefs.js…browser.search.defaultthis.engineName: “InnoGames Polska Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2832599&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Web Search” FF - prefs.js…browser.search.param.yahoo-fr: “chr-greentree_ff&type=766371&ilc=12” FF - prefs.js…browser.startup.homepage: “http://vshare.toolbarhome.com/?hp=df” FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js…keyword.URL: “http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=766371&p=” [2010-12-31 08:37:28 | 000,000,000 | —D | M] (InnoGames Polska Community Toolbar) – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\extensions{14f6a182-4c6f-45ae-9f5a-aa3ccbb1cfa3} [2011-01-06 14:08:10 | 000,000,000 | —D | M] (HyperCam Toolbar) – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\extensions{75656794-AB59-4712-BFBC-5D816D56F3BC} [2010-12-31 08:37:28 | 000,000,000 | —D | M] (Conduit Engine) – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\extensions\engine@conduit.com [2011-02-20 22:15:25 | 000,000,000 | —D | M] (vShare) – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\extensions\vshare@toolbar [2010-11-25 13:02:52 | 000,000,935 | ---- | M] () – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\searchplugins\conduit.xml [2011-01-06 14:24:53 | 000,002,378 | ---- | M] () – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\searchplugins\search.xml [2003-09-06 22:20:17 | 000,000,792 | ---- | M] () – C:\Documents and Settings\Gość\Dane aplikacji\Mozilla\Firefox\Profiles\ohy9stok.default\searchplugins\startsear.xml O3 - HKLM…\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM…\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU…\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [belferC] C:\Adalex\BelferCommander2\Belfer.exe File not found O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime File not found O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime File not found [2003-08-30 23:55:58 | 000,057,344 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\sazmfvrg.exe [2003-08-30 23:55:14 | 000,000,051 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\ojxzsrjjmddvvzy :Commands [emptytemp]

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.

Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete

Pokaż nowy OTL.txt