Wirus ukash, jak usunąć?

[godzil]

Witam,

mam prawdopodobnie wirusa "ukash", mam sytem windows vista 32-bitowy, jestem totalnym laikiem w tym temacie, dlatego prosze o pomoc, jak moge sobie poradzić z tym wirusem? Proszę o wytłumaczenie w jak najprostrzy sposób i dokładny. Załączam logi, podobno są potrzebne. czekam na pomoc!

[defacto19]

Przez Panel sterowania odinstaluj:

BrotherSoft Extreme Toolbar
Softonic-Polska Toolbar
uTorrentBar Toolbar
Babylon toolbar
Conduit Engine
Ask Toolbar
Winamp Toolbar

Uruchom OTL i w sekcji Własne opcje skanowania/Skrypt wklej:

:OTL
MOD - [2012-09-25 20:20:48 | 000,065,536 | ---- | M] () -- C:\Users\lenovo\AppData\Local\Temp\wgsdgsdgdsgsd.exe
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\lenovo\AppData\Local\Temp\pxdirpog.sys -- (pxdirpog)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ad1yedsh)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e8578af100000000000000235acb76e3&tlver=1.4.19.19&ss=1&affID=17981
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MON00005/tb_v1?SearchSource=10&cc=
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e8578af100000000000000235acb76e3&tlver=1.4.19.19&ss=1&affID=17981
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
FF - prefs.js..browser.startup.homepage: "http://search.softonic.com/MON00005/tb_v1?SearchSource=13&cc="
FF - prefs.js..keyword.URL: "http://search.softonic.com/MON00005/tb_v1?SearchSource=2&cc=&q="
[2012-08-11 18:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\mozilla\Firefox\Profiles\h31aqfru.default\extensions
[2012-08-11 18:04:09 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\lenovo\AppData\Roaming\mozilla\Firefox\Profiles\h31aqfru.default\extensions\ffxtlbra@softonic.com
[2012-06-01 11:23:27 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\lenovo\AppData\Roaming\mozilla\Firefox\Profiles\h31aqfru.default\extensions\toolbar@ask.com
[2012-01-23 01:17:19 | 000,002,060 | ---- | M] () -- C:\Users\lenovo\AppData\Roaming\mozilla\firefox\profiles\h31aqfru.default\searchplugins\softonic.xml
[2011-04-04 21:53:05 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe File not found
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-21-1420540763-2557558475-2651175052-1000..\Run: [] C:\Users\lenovo\AppData\Local\Temp\wgsdgsdgdsgsd.exe ()
O33 - MountPoints2\{0fb6b97d-4262-11e0-b549-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{0fb6b97d-4262-11e0-b549-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{31f6f138-2891-11df-b6f6-00242cde30d4}\Shell - "" = AutoRun
O33 - MountPoints2\{31f6f138-2891-11df-b6f6-00242cde30d4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4b540fbc-288d-11df-8310-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{4b540fbc-288d-11df-8310-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{4cbf7f6a-c580-11df-9541-00235acb76e3}\Shell - "" = Autorun
O33 - MountPoints2\{4cbf7f6a-c580-11df-9541-00235acb76e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{64fd1b92-7947-11df-a5f1-00235acb76e3}\Shell - "" = AutoRun
O33 - MountPoints2\{64fd1b92-7947-11df-a5f1-00235acb76e3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{65054ff0-42fa-11df-be2d-00242cde30d4}\Shell - "" = AutoRun
O33 - MountPoints2\{65054ff0-42fa-11df-be2d-00242cde30d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a82b06cd-4ae8-11df-a1a6-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{a82b06cd-4ae8-11df-a1a6-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{b89f7fcb-68e5-11df-a1f9-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{b89f7fcb-68e5-11df-a1f9-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{c2e73fd5-29f1-11df-80cd-00242cde30d4}\Shell\AutoRun\command - "" = G:\2u923g01.exe
O33 - MountPoints2\{c2e73fd5-29f1-11df-80cd-00242cde30d4}\Shell\open\Command - "" = G:\2u923g01.exe
O33 - MountPoints2\{c931a48d-f5a3-11df-b064-00235acb76e3}\Shell - "" = Autorun
O33 - MountPoints2\{c931a48d-f5a3-11df-b064-00235acb76e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\AUtoPlay\cOmMAnD - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\AutoRun\command - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\expLore\ComMaNd - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\oPeN\coMMAnd - "" = hwjsle.cmd
O33 - MountPoints2\{efb8b726-61a8-11df-a69b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{efb8b726-61a8-11df-a69b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{efb8b727-61a8-11df-a69b-806e6f6e6963}\Shell - "" = Autorun
O33 - MountPoints2\{efb8b727-61a8-11df-a69b-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{fe53b4cb-e0de-11df-a487-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{fe53b4cb-e0de-11df-a487-00242cde30d4}\Shell\AutoRun\command - "" = I:\setup.exe

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera.

Uruchom Adwcleaner z opcji Delete.

Uruchom OTL ponownie, tym razem wybierz opcję Skanuj. Pokaż nowy log z OTL oraz raport z Adwcleaner.

[godzil]

dziekuje za pomoc, skorzystałam co prawda z odpowiedzi na innym forum, ponieważ komputer jest mi niezbędny do pracy, więc czas był dla mnie bardzo ważny.
Mimo wszytsko przesyłam do sprawdzenia pliki po czyszczeniu. Dziękuje jeszcze raz!

[defacto19]

Uruchom OTL i w sekcji Własne opcje skanowania/Skrypt wklej:

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aezdiowa)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O33 - MountPoints2\{0fb6b97d-4262-11e0-b549-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{0fb6b97d-4262-11e0-b549-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{31f6f138-2891-11df-b6f6-00242cde30d4}\Shell - "" = AutoRun
O33 - MountPoints2\{31f6f138-2891-11df-b6f6-00242cde30d4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4b540fbc-288d-11df-8310-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{4b540fbc-288d-11df-8310-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{4cbf7f6a-c580-11df-9541-00235acb76e3}\Shell - "" = Autorun
O33 - MountPoints2\{4cbf7f6a-c580-11df-9541-00235acb76e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{64fd1b92-7947-11df-a5f1-00235acb76e3}\Shell - "" = AutoRun
O33 - MountPoints2\{64fd1b92-7947-11df-a5f1-00235acb76e3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{65054ff0-42fa-11df-be2d-00242cde30d4}\Shell - "" = AutoRun
O33 - MountPoints2\{65054ff0-42fa-11df-be2d-00242cde30d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a82b06cd-4ae8-11df-a1a6-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{a82b06cd-4ae8-11df-a1a6-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{b89f7fcb-68e5-11df-a1f9-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{b89f7fcb-68e5-11df-a1f9-00242cde30d4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{c2e73fd5-29f1-11df-80cd-00242cde30d4}\Shell\AutoRun\command - "" = G:\2u923g01.exe
O33 - MountPoints2\{c2e73fd5-29f1-11df-80cd-00242cde30d4}\Shell\open\Command - "" = G:\2u923g01.exe
O33 - MountPoints2\{c931a48d-f5a3-11df-b064-00235acb76e3}\Shell - "" = Autorun
O33 - MountPoints2\{c931a48d-f5a3-11df-b064-00235acb76e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\AUtoPlay\cOmMAnD - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\AutoRun\command - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\expLore\ComMaNd - "" = hwjsle.cmd
O33 - MountPoints2\{e58e4275-300f-11df-b343-00242cde30d4}\Shell\oPeN\coMMAnd - "" = hwjsle.cmd
O33 - MountPoints2\{efb8b726-61a8-11df-a69b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{efb8b726-61a8-11df-a69b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{efb8b727-61a8-11df-a69b-806e6f6e6963}\Shell - "" = Autorun
O33 - MountPoints2\{efb8b727-61a8-11df-a69b-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{fe53b4cb-e0de-11df-a487-00242cde30d4}\Shell - "" = Autorun
O33 - MountPoints2\{fe53b4cb-e0de-11df-a487-00242cde30d4}\Shell\AutoRun\command - "" = I:\setup.exe

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Po restarcie uruchom OTL ponownie i wybierz opcje sprzątanie.

[godzil]

Po wykonaniu skryptu i posprzątaniu OTLem został - najwidoczniej - usunięty jakiś plik systemowy. Po restarcie komputer przestał się uruchamiać :-/ Teraz ratuje go tylko format, bo niestety nie odnaleźliśmy brakujących plików...

[wojtas]

to na pewno nie przez skrypt:

wejdz do konsoli odzyskiwania

w wpisz polecenie :
chkdsk /r /p

jak się ukończy to wpisz exit i enter . tylko pamiętaj tam powinno paść pytanie z którego systemu chcesz korzystać to dajesz że z 1 i enter wtedy piszesz polecenie

[godzil]

Temat już załatwiony troszkę w inny sposób, mimo wszystko dzięki wielkie za inicjatywę!