Zaatakował mnie wirus “Ukash”. Bardzo proszę o pomoc.
Logi z OTL:
OTL.txt: http://wklej.to/nddzY
Extras.txt: http://wklej.to/mcTGm
Atis
19 Sierpień 2012 13:11
#2
Odinstaluj:
SweetPacks Toolbar for Internet Explorer
Ask Toolbar
Babylon toolbar on IE
Incredibar Toolbar on IE
McAfee Security Scan Plus
Deinstalator Strony V9
Softonic toolbar on IE and Chrome
Norton Security Scan
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=ins IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={179EC0F5-52F5-4A00-8726-B49D3CDD69F9} IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 0&st=12&q={searchTerms}&barid={179EC0F5-52F5-4A00-8726-B49D3CDD69F9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=ins IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111366 … 04a6910daf IE - HKCU…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&affID=111366&tt=060612_8_&babsrc=SP_ss&mntrId=f04a31160000000000005404a6910daf IE - HKCU…\SearchScopes{C5B3CB11-C3E0-412D-A68C-F0FC6D86B38E}: “URL” = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=6PQzsbl8cs&i=26 IE - HKCU…\SearchScopes{E6C5C742-AE98-426E-B665-CE8F2CC1B19B}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=7B3DDDE9-80FE-45B5-8EFE-7C71FBE80713&apn_sauid=EE54BE68-3E70-4BB7-A638-5C3CAD43018A IE - HKCU…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … 0&st=12&q={searchTerms}&barid={179EC0F5-52F5-4A00-8726-B49D3CDD69F9} IE - HKCU…\SearchScopes{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: “URL” = http://slirsredirect.search.aol.com/sli … 685&query={searchTerms}&invocationType=tb50winampie7 FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…keyword.URL: “http://search.babylon.com/?affID=111366&tt=060612_8_&babsrc=KW_ss&mntrId=f04a31160000000000005404a6910daf&q= ” FF - prefs.js…sweetim.toolbar.previous.browser.search.defaultenginename: “Ask.com ” FF - prefs.js…browser.startup.homepage: “http://pl.v9.com/?utm_source=b&utm_medium=ins ” FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “http://search.sweetim.com/search.asp?src=2&q= ” [2012-06-14 13:39:21 | 000,000,000 | —D | M] (DownloadnSave) – C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wqe48fz5.default\extensions\4fd9cb3fdad28@4fd9cb3fdad62.info [2012-06-04 15:04:57 | 000,000,000 | —D | M] (incredibar.com ) – C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wqe48fz5.default\extensions\ffxtlbr@incredibar.com [2012-03-27 20:04:01 | 000,000,000 | —D | M] (Softonic Toolbar) – C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wqe48fz5.default\extensions\ffxtlbra@softonic.com [2012-04-20 21:12:41 | 000,000,000 | —D | M] (Ask Toolbar) – C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\wqe48fz5.default\extensions\toolbar@ask.com [2012-01-03 16:27:44 | 000,002,333 | ---- | M] () – C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wqe48fz5.default\searchplugins\askcom.xml [2012-06-04 15:04:38 | 000,002,203 | ---- | M] () – C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wqe48fz5.default\searchplugins\MyStart Search.xml [2012-03-27 20:04:01 | 000,002,060 | ---- | M] () – C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wqe48fz5.default\searchplugins\softonic.xml [2012-06-01 17:08:12 | 000,004,107 | ---- | M] () – C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wqe48fz5.default\searchplugins\sweetim.xml [2012-06-14 13:39:29 | 000,002,352 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-04-24 10:27:38 | 000,002,415 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml O4 - HKLM…\Run: [] File not found O4 - HKCU…\Run: [mzlwlsapfdwabeb] C:\ProgramData\mzlwlsap.exe (Origin PC) [2012-08-13 14:52:51 | 000,089,088 | ---- | C] (Origin PC) – C:\ProgramData\mzlwlsap.exe [2012-08-13 14:52:50 | 000,000,000 | —D | C] – C:\ProgramData\pmvwtnshfefbomg [2012-08-13 14:52:46 | 000,089,088 | ---- | C] (Origin PC) – C:\Users\user\0.8017866430721027.exe [2012-08-13 14:52:51 | 000,000,051 | ---- | M] () – C:\ProgramData\ugjvwaqcbtcofps [2012-08-04 10:31:10 | 000,000,446 | -H-- | M] () – C:\Windows\tasks\Norton Security Scan for user.job :Reg [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum] :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Nie mogę odinstalować SweetPacks Toolbar for Internet Explorer i Ask Toolbar.
Wyświetla się błąd:
“Nie można uzyskać dostępu do usługi Instalator Windows. Może mieć to miejsce, jeśli Instalator Windows jest niepoprawnie zainstalowany. Skontaktuj się z działem Pomocy technicznej, aby uzyskać pomoc.”
Czy może to mieć związek z tym, że jestem na trybie awaryjnym?
Atis
20 Sierpień 2012 08:03
#4
Wykonaj skrypt i później odinstaluj w normalnym trybie.
Atis
20 Sierpień 2012 16:38
#6
Uruchom system w normalnym trybie i odinstaluj wszystkie śmieci.
Pobierz AdwCleaner
Zamknij przeglądarkę internetową.
Uruchom AdwCleaner i kliknij Delete
Na koniec pokaż nowy log z OTL.