Wirus Ukash- okropność

[zaboobin]

cześć. a więc i ja padłem ostatnimi czasy bardzo popularnemu wirusowi. potrzebuje waszej pomocy, mam nadzieję, że mogę na was liczyć?

 

OTL:

http://www.wklej.org/id/869514/txt/

 

Extras:

http://www.wklej.org/id/869513/txt/

 

 

[picasso]

Raporty umieszczaj w bardziej dostępny sposób. Przeniosłam na wklej.org.

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\ProgramData\lsass.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\User\AppData\Roaming\Babylon
C:\Users\User\AppData\Local\DownTango
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
netsh advfirewall reset /C
 
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}"
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}"
IE - HKU\S-1-5-21-805169310-890166441-4085753004-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/?q={searchTerms}&affID=44444&tt=120912_ccp_3712_7&babsrc=SP_ss&mntrId=b63e746d000000000000f46d049b71e7"
IE - HKU\S-1-5-21-805169310-890166441-4085753004-1000\..\SearchScopes\{1B71CA51-8D21-42c2-BFD6-98AB5A7B98DD}: "URL" = "http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
IE - HKU\S-1-5-21-805169310-890166441-4085753004-1000\..\SearchScopes\{22E31030-4FBA-4134-B7A8-7A5892860B96}: "URL" = "http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=96FB4157-6BFA-4E63-AA8D-932725A6F749&apn_sauid=2E849C6A-81CF-4EE6-8C49-2D17A73006AB"
IE - HKU\S-1-5-21-805169310-890166441-4085753004-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = "http://search.v9.com/web/?q={searchTerms}"
IE - HKU\S-1-5-21-805169310-890166441-4085753004-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (MapsGalaxy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012-10-11 10:09:54 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-805169310-890166441-4085753004-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: ????3?? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: ????3?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: ????3?? - Reg Error: Value error. File not found
O8 - Extra context menu item: ????3?????? - Reg Error: Value error. File not found
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
"BrowserMngr Start Page"=-
"Default_Page_URL"=-
"Default_Search_URL"=-
"Search Bar"=-
"Search Page"=-
"Start Default_Page_URL"=-
"Start Page"="about:blank"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"=-
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"=-
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
"BrowserMngrDefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search]
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. System zostanie zrestartowany i odblokowany.

 

2. Przez Panel sterowania odinstaluj adware Browser Manager, Protected Search 1.1, uTorrentControl_v2 Toolbar.

 

3. Uruchom AdwCleaner i zastosuj Delete. Na dysku C powstanie log z usuwania.

 

4. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner.

 

 

 

.

Edytowane 14 Grudnia 2012 przez picasso
14.12.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso