Wirus UKASH

[lukaszd96]

Witam!

Mam wirusa Ukash, proszę o pomoc, z góry dziękuję. Oto logi:

Extras.Txt

OTL.Txt

[Landuss]

1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.certified-toolbar.com?si=41179&bs=true&tid=397&q={searchTerms}"
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = "http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q="
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = "http://search.certified-toolbar.com?si=41179&home=true&tid=397"
IE - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2241185306-3804432299-1997595055-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
 
:Files
C:\ProgramData\lsass.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\user\AppData\Roaming\BrowserCompanion
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

2. Przez Panel sterowania odinstaluj: Complitly / Certified Toolbar / BrowserCompanion

 

3. Uruchom AdwCleaner z opcji Delete

 

4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras)

Edytowane 1 Lutego 2013 przez picasso
1.02.2013 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso