Ukash -pomocy

[brajan299]

Witam, tak jak napisałem temacie, proszę serdecznie o pomoc w usunięciu ukash'a.

[wojtas]

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1329167750_665235
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/ins/ins_1329167750_665235
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/ins/ins_1329167750_665235
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1054DAAA-5C39-4841-963C-2E490ADD5264}&mid=d3e5802abedb47d0a06d41affca72ad7-fc7464263d031b341bb90d9ceb7ac54bc52bb304&lang=pl&ds=is015&pr=sa&d=2012-04-17 22:04:43&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=a4acefee00000000000090e6ba43c324
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{23FC45EB-26F3-4BE8-BFC4-973370A7EBA8}: "URL" = http://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms}
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1054DAAA-5C39-4841-963C-2E490ADD5264}&mid=d3e5802abedb47d0a06d41affca72ad7-fc7464263d031b341bb90d9ceb7ac54bc52bb304&lang=pl&ds=is015&pr=sa&d=2012-04-17 22:04:43&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{A5FDF593-3E94-4635-AD9D-5DF71902D5F0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NRO&o=101913&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=EW&apn_dtid=YYYYYYYYPL&apn_uid=852C7BD2-32C1-4FFE-BDFE-0D98ACE99CE3&apn_sauid=3111A65B-33DE-4AC1-B9B3-75DF40530761
IE - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/412"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=412&sr=0&q="
[2012-07-15 14:21:03 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\Kras\AppData\Roaming\mozilla\Firefox\Profiles\qnjchqwm.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}
[2012-07-17 14:21:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Kras\AppData\Roaming\mozilla\Firefox\Profiles\qnjchqwm.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011-11-06 19:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Kras\AppData\Roaming\mozilla\Firefox\Profiles\qnjchqwm.default\extensions\ffxtlbr@babylon.com
[2012-02-17 12:57:07 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Kras\AppData\Roaming\mozilla\Firefox\Profiles\qnjchqwm.default\extensions\ffxtlbr@funmoods.com
[2012-05-12 15:15:20 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Kras\AppData\Roaming\mozilla\Firefox\Profiles\qnjchqwm.default\extensions\toolbar@ask.com
[2012-05-12 15:15:20 | 000,002,325 | ---- | M] () -- C:\Users\Kras\AppData\Roaming\Mozilla\Firefox\Profiles\qnjchqwm.default\searchplugins\askcom.xml
[2012-02-17 12:57:04 | 000,001,797 | ---- | M] () -- C:\Users\Kras\AppData\Roaming\Mozilla\Firefox\Profiles\qnjchqwm.default\searchplugins\funmoods.xml
[2012-07-10 15:23:07 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012-07-10 15:22:57 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-01-09 20:00:37 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [hobzjqhvzdrshnb] C:\ProgramData\hobzjqhv.exe ()
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000..\Run: [Akamai NetSession Interface] "C:\Users\Kras\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000..\Run: [DriverMax_RESTART] File not found
O4 - HKU\S-1-5-21-1648247844-2561480533-2062368466-1000..\Run: [hobzjqhvzdrshnb] C:\ProgramData\hobzjqhv.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012-07-29 00:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\cbvhrdpdzykroja
[2012-07-29 00:38:42 | 000,000,051 | ---- | M] () -- C:\ProgramData\jtrykinirltsnge
[2012-07-29 00:38:22 | 000,061,440 | ---- | M] () -- C:\ProgramData\hobzjqhv.exe
[2012-07-29 00:38:22 | 000,061,440 | ---- | M] () -- C:\Users\Kras\0.018897470543719375.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

odinstaluj : Ask Toolbar, AVG Security Toolbar, Babylon toolbar on IE, = Windows Searchqu Toolbar, SFT_Polska Toolbar, Conduit Engine i jak nie znasz to SearchCore for Browsers

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

[brajan299]

Wielkie dzięki, nie ma śladu po ukash (dziwna sprawa bo osunęło mi profil na gg).

log otl
http://www.wklej.org/id/799793/

raport z czyszczenia
http://www.wklej.org/id/799794/

AdwCleaner raport
http://www.wklej.org/id/799795/

[wojtas]

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .


*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu