Wirus ukash, komputer wolno działa

**Posty:** 11 · przez **adam1581** 09 Wrz 2012, 22:56

Dobry wieczór

Mam problem z wirusem ukash (każą zapłacić 500zł ) . Do tego komputer w ogóle wolno chodzi (nawet w trybie awaryjnym)... Jest to laptop już dosyć stary na dole zapodam logi z OTL. Mam nadzieje, że mi pomożecie rozwiązać mój problem.

**Posty:** 72 · przez **ytaszey** 09 Wrz 2012, 23:23

W Panelu sterowania odinstaluj "Searchqu 406 MediaBar" = Windows iLivid Toolbar oraz "StartNow Toolbar" = StartNow Toolbar. W razie problemów kontynuuj.

Zobacz na pozycje O2 i O3 - wywal te programy w dodatkach do przegladarek. Poszukaj tych programów na liście programów w Panelu sterowania i odinstaluj. Chodzi o Lago Toolbar, Babylon toolbar, StartNow Toolbar, Searchqu Toolbar, SearchCore for Browsers.

Uruchom OTL. W okno Własne opcje skanowana / skrypt wklej (zaczynając od dwukropka)

Kod: Zaznacz wszystko: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/sli ... 685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_s ... 60b33f1625 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://flv.asksearch.com/?cfg=2-113-11-1l1dt IE - HKCU\..\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}: "URL" = http://flv.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-113-11-1mdTu IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=5cd9f9270000000000000060b33f1625 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=D7A76E88-CCB0-491F-8889-D0ED7AFE9B37&apn_sauid=E165A635-AFE3-4AEE-9C6A-7C5ABD4E5889 IE - HKCU\..\SearchScopes\{1FA9C8C5-FB1F-42B7-A829-B0026F0CDED2}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=81187A9001CC0AE7000CFD9F&install_time=2011-05-05T05:44:32Z&src_id=12251&camp_id=2556&tb_version=2.5.18000.3 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1362312 IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/sli ... 685&query={searchTerms}&invocationType=tb50winampie7 FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8 FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=" [2012-05-06 20:13:43 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012-09-01 19:50:37 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [2010-12-31 14:30:14 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} [2011-10-12 21:25:10 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-07-02 19:10:09 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\crossriderapp4479@crossrider.com [2012-05-13 02:28:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\ffxtlbr@babylon.com [2012-04-08 10:50:46 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\extensions\ffxtlbr@funmoods.com [2010-06-13 22:27:47 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\ask.uk.xml [2012-05-05 18:31:33 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\askcom.xml [2010-03-28 11:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\BearShareWebSearch.xml [2012-03-01 15:58:16 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\conduit.xml [2012-04-07 21:27:42 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\funmoods.xml [2011-10-12 21:25:01 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\SearchResults.xml [2010-11-21 16:05:48 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\Mozilla\Firefox\Profiles\bf1uqya1.default\searchplugins\web-search.xml [2012-07-02 19:10:04 | 000,002,298 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml CHR - plugin: Babylon ToolBar (Enabled) = C:\Documents and Settings\TopazGrazka\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll O2 - BHO: (Lago Toolbar) - {225a30ed-199d-41ff-9454-aa3fb18a10bc} - C:\Program Files\Lago\tbLago.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - Reg Error: Value error. File not found O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Lago Toolbar) - {225a30ed-199d-41ff-9454-aa3fb18a10bc} - C:\Program Files\Lago\tbLago.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [crrss] C:\WINDOWS\system32\crrss.exe () O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) O4 - HKCU..\Run: [vvpymliuwhmaeqj] C:\WINDOWS\vvpymliu.exe (Zion) O33 - MountPoints2\{2fd4d86c-6845-11e0-83d8-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{2fd4d86c-6845-11e0-83d8-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{4cb6f18c-09a3-11df-9c99-0060b3ffce66}\Shell\AutoRun\command - "" = nlblkhq.com O33 - MountPoints2\{4cb6f18c-09a3-11df-9c99-0060b3ffce66}\Shell\explore\Command - "" = nlblkhq.com O33 - MountPoints2\{4cb6f18c-09a3-11df-9c99-0060b3ffce66}\Shell\open\Command - "" = nlblkhq.com O33 - MountPoints2\{5ddf5141-ec3a-11e1-bf1f-0060b33f1625}\Shell - "" = AutoRun O33 - MountPoints2\{5ddf5141-ec3a-11e1-bf1f-0060b33f1625}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{7b959e58-a805-11e1-8702-0060b33f1625}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe O33 - MountPoints2\{8dab8448-6b7a-11e0-83e6-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{8dab8448-6b7a-11e0-83e6-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b0464d52-37e8-11de-9a4b-9e32132dd838}\Shell - "" = AutoRun O33 - MountPoints2\{b0464d52-37e8-11de-9a4b-9e32132dd838}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{c9663830-6c70-11de-9ada-d14e7760b73c}\Shell\AutoRun\command - "" = Install.exe O33 - MountPoints2\{c9663830-6c70-11de-9ada-d14e7760b73c}\Shell\open\command - "" = Install.exe O33 - MountPoints2\{e2d66e48-9827-11e0-847e-0060b33f1625}\Shell - "" = AutoRun O33 - MountPoints2\{e2d66e48-9827-11e0-847e-0060b33f1625}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{e6d26944-6347-11df-8103-0060b3ffce66}\Shell - "" = AutoRun O33 - MountPoints2\{e6d26944-6347-11df-8103-0060b3ffce66}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{ec43bfc8-509f-11e0-8384-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ec43bfc8-509f-11e0-8384-4d6564696130}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{fde88ae2-6f98-11de-9ae4-f38264204239}\Shell\AutoRun\command - "" = Install.exe O33 - MountPoints2\{fde88ae2-6f98-11de-9ae4-f38264204239}\Shell\open\command - "" = Install.exe O33 - MountPoints2\{ff154faf-7dee-11de-9b0e-0060b3ffce66}\Shell - "" = AutoRun O33 - MountPoints2\{ff154faf-7dee-11de-9b0e-0060b3ffce66}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setupSNK.exe -- [2004-08-04 00:44:30 | 000,028,672 | ---- | M] (Microsoft Corporation) [2012-09-09 12:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\mivyakaawghbrss [2012-09-09 12:29:37 | 000,156,160 | ---- | C] (Zion) -- C:\WINDOWS\vvpymliu.exe [2012-09-09 12:29:37 | 000,156,160 | ---- | C] (Zion) -- C:\Documents and Settings\All Users\Dane aplikacji\vvpymliu.exe [2012-09-09 12:29:28 | 000,162,816 | ---- | C] (Cybernet Manufacturing) -- C:\Documents and Settings\TopazGrazka\0.7565136071516712.exe [2012-09-08 14:13:05 | 000,156,160 | ---- | C] (Zion) -- C:\Documents and Settings\TopazGrazka\0.5310405794042544.exe [2012-09-01 19:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\StartNow Toolbar [2010-10-26 19:23:19 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [2012-09-09 12:29:39 | 000,078,022 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\nqrrpbixopmosdg [2012-09-09 12:29:28 | 000,162,816 | ---- | M] (Cybernet Manufacturing) -- C:\Documents and Settings\TopazGrazka\0.7565136071516712.exe [2012-09-08 14:13:05 | 000,156,160 | ---- | M] (Zion) -- C:\WINDOWS\vvpymliu.exe [2012-09-08 14:13:05 | 000,156,160 | ---- | M] (Zion) -- C:\Documents and Settings\All Users\Dane aplikacji\vvpymliu.exe [2012-09-08 14:13:05 | 000,156,160 | ---- | M] (Zion) -- C:\Documents and Settings\TopazGrazka\0.5310405794042544.exe [2012-09-08 14:13:09 | 000,078,022 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\nqrrpbixopmosdg [2012-09-09 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\mivyakaawghbrss [2012-07-31 16:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\BabylonToolbar [2011-10-26 20:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\searchquband [2011-10-29 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\searchqutoolbar [2012-09-01 19:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TopazGrazka\Dane aplikacji\StartNow Toolbar @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B2836CDB @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05A9EC70 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A73B0434 :Commands [emptytemp]

Kliknij Wykonaj skrypt. Zgódź się na ponowne uruchomienie (restart).

Użyj AdwCleaner (opcja Delete).
Po wszystkim pokazujesz nowy log Skanuj, raport z usuwania OTL i raport z AdwCleaner.