Blokada ukash

[Piwo097]

Witam. Mam problem z trojanem, który zablokowuje komputer że nie można nic zrobić tylko zapłacić rzekomą kwotę 300 zł. Liczę na pomoc. Dodam ze mój system to windows 7 32 bit. Oto moje logi :

OTL.Txt

Extras.Txt

gmer.txt

[Landuss]

1. Wejdź w panel usuwania programów i odinstaluj śmieci:

 

SweetPacks Toolbar for Internet Explorer 4.6 / Akamai NetSession Interface Service / ALOT Toolbar / BrotherSoft Extreme Toolbar / Crawler Toolbar / DAEMON Tools Toolbar / free-downloads.net Toolbar / Deinstalator Strony V9 / Wincore MediaBar / StartSearchToolBar

 

2. Uruchom AdwCleaner z opcji Delete

 

3. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCANDIS4.SYS -- (PCANDIS4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCAMPR4.SYS -- (PCAMPR4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //pl.v9.com/?utm_source=b&utm_medium=ins
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //home.sweetim.com/?crg=3.1010000.10011&barid={02716303-ACD9-11E1-8BFF-C9EB219FB361}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http: //startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{6FC0922B-CB3E-452C-9D98-BD698A46A4D1}: "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http: //search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http: //search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={02716303-ACD9-11E1-8BFF-C9EB219FB361}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //pl.v9.com/?utm_source=b&utm_medium=ins
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http: //search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=dc8db020000000000000000000000000
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http: //www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66016
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http: //search.alot.com/web?q={searchTerms}&pr=prov&client_id=7E820FA001CC2DC200F707E1&install_time=2011-06-18T14:17:30Z&src_id=12251&camp_id=2556&tb_version=2.5.18000.3
IE - HKCU\..\SearchScopes\{6FC0922B-CB3E-452C-9D98-BD698A46A4D1}: "URL" = http: //dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http: //startsear.ch/?aff=2&src=sp&cf=f8f23f4b-deeb-11e0-a1a1-b9f432698851&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http: //www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E8F68496-110B-4C00-8959-2353CD04FE91}: "URL" = http: //search.alot.com/web?q={searchTerms}&pr=prov&client_id=7E820FA001CC2DC200F707E1&install_time=2011-06-18T14:17:30Z&src_id=12251&camp_id=2556&tb_version=2.5.18000.3
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http: //search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={02716303-ACD9-11E1-8BFF-C9EB219FB361}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2011-06-29 09:45:47 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2012-01-14 18:24:10 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011-07-21 19:59:10 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2012-06-27 12:53:37 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\DTToolbar@toolbarnet.com
[2011-06-29 09:45:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\engine@conduit.com
[2011-07-31 13:13:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\ffxtlbr@babylon.com
[2012-06-02 19:36:53 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\plugin@yontoo.com
[2011-10-08 08:05:39 | 000,000,000 | ---D | M] (ЯндекŃ.Đ‘Đ°Ń€) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wrlu5upj.default\extensions\yasearch@yandex.ru
[2012-04-17 16:32:02 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009-09-21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012-01-14 18:23:50 | 000,002,511 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012-04-13 19:13:39 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [sMBHelper] C:\Users\User\AppData\Local\Microsoft\Windows\4481\SMBHelper.exe ()
 
:Files
C:\Users\User\AppData\Roaming\hellomoto
C:\Users\User\AppData\Local\Microsoft\Windows\4481
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL

[Piwo097]

dziękuje za pomoc komputer został odblokowany a oto log :

OTL.Txt

[Landuss]

Załatwione. Przejdź do czynności końcowych:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij folder przywracania systemu: KLIK

 

3. Zaktualizuj system instalując Service Pack 1 oraz Firefoxa i Jave do najnowszych wersji. Szczegóły aktualizacyjne: KLIK

 

4. Zmień hasła logowania do serwisów w sieci.