I znowu UKASH

[genas]

Proszę o pomoc

Extras.Txt

OTL.Txt

[Landuss]

1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //startsear.ch/?aff=2&cf=4b4ec316-7dc4-11e1-8944-002186693e5e
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0F7DB552-8C05-4525-81A0-2E050E5BDED4}: "URL" = http: //startsear.ch/?aff=1&src=sp&cf=8975c78d-1a74-11e1-a2e3-002186693e5e&q={searchTerms}
IE - HKLM\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http: //startsear.ch/?aff=2&src=sp&cf=8975c78d-1a74-11e1-a2e3-002186693e5e&q={searchTerms}
IE - HKLM\..\SearchScopes\{EBFA5EFC-1A32-4C2B-81EC-BE91CFD15F99}: "URL" = http: //startsear.ch/?aff=2&src=sp&cf=4b4ec316-7dc4-11e1-8944-002186693e5e&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http: //search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={25BAAB9B-56F4-11E1-A2C0-002186693E5E}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes,DefaultScope = {EBFA5EFC-1A32-4C2B-81EC-BE91CFD15F99}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http: //isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=a0779409000000000000002186693e5e
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http: //startsear.ch/?aff=2&src=sp&cf=8975c78d-1a74-11e1-a2e3-002186693e5e&q={searchTerms}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{8D4072BE-55B3-4182-9561-53600EDDCEB5}: "URL" = http: //search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{9A26B677-2084-4C90-8756-81E3D5F68A90}: "URL" = http: //startsear.ch/?aff=1&src=sp&cf=75502a99-7841-11e1-ae76-002186693e5e&q={searchTerms}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{A6C1616A-9C4A-417C-A509-67EB7B6EB774}: "URL" = http: //www.astroburn-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http: //mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6OyxG6yB1T&i=26
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{EBFA5EFC-1A32-4C2B-81EC-BE91CFD15F99}: "URL" = http: //startsear.ch/?aff=2&src=sp&cf=4b4ec316-7dc4-11e1-8944-002186693e5e&q={searchTerms}
IE - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http: //search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={25BAAB9B-56F4-11E1-A2C0-002186693E5E}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb133/?loc=IB_DS&a=6OyxG6yB1T&&i=26&search="
[2012-04-02 22:14:22 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\genas\AppData\Roaming\mozilla\Firefox\Profiles\up7ap506.default\extensions\ffxtlbr@incredibar.com
[2012-04-02 22:13:46 | 000,002,203 | ---- | M] () -- C:\Users\genas\AppData\Roaming\Mozilla\Firefox\Profiles\up7ap506.default\searchplugins\MyStart Search.xml
[2012-04-03 21:36:38 | 000,000,792 | ---- | M] () -- C:\Users\genas\AppData\Roaming\Mozilla\Firefox\Profiles\up7ap506.default\searchplugins\startsear.xml
[2012-02-10 00:49:37 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (extrafind) - {6d2b967c-dc40-b154-0504-a085fb9cc101} - C:\Windows\SysWow64\de32cd4a.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2865617487-1137341253-2024973918-1000..\Run: [WcsPlugInService] C:\Users\genas\AppData\Local\Microsoft\Windows\3537\WcsPlugInService.exe ()
 
:Files
C:\Users\genas\AppData\Roaming\hellomoto
C:\Users\genas\AppData\Local\Microsoft\Windows\3537
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL

[genas]

Przesyłam pliki

OTL.Txt

07102012_181157.Txt

[Landuss]

Infekcja poprawnie usunięta. Pora na końcówkę:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij folder przywracania systemu: KLIK

 

3. Zaktualizuj Jave 32-bitową do wersji najnowszej: KLIK

 

4. Dla bezpieczeństwa zmień hasła logowania do serwisów w sieci.

[genas]

Dzieki serdeczne i pozdrawiam