To popularna w ostatnich dniach infekcja.
Na dobry początek:
Daj log z OTL
jessi
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.8.1.4690
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF [2009-09-14 16:19:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\2.0.0.1050\FF [2009-09-14 16:19:45 | 00,000,000 | ---D | M]
:Files
C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll
C:\Program Files\System Search Dispatcher\1.4.3.1040\ssd.dll
C:\Documents and Settings\Bartek Szulc\Ustawienia lokalne\Dane aplikacji\Internet Saving Optimizer
C:\Program Files\Sukoku
C:\Documents and Settings\All Users\Dane aplikacji\Sukoku
C:\Documents and Settings\Bartek Szulc\Ustawienia lokalne\Dane aplikacji\Media Access Startup
C:\Program Files\Media Access Startup
C:\Program Files\Internet Saving Optimizer
C:\Program Files\System Search Dispatcher
C:\Program Files\DoubleD
C:\Documents and Settings\Bartek Szulc\Ustawienia lokalne\Dane aplikacji\DoubleD
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
:Services
FAH2
FAH3
:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{37B85A29-692B-4205-9CAD-2626E4993404} "=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5617ECA9-488D-4BA2-8562-9710B9AB78D2}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"=-
:Commands
[emptytemp]
[start explorer]
[Reboot]
Kliknij w Run Fix. Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.
Pokaż nowy log OTL.txt oraz log z czyszczenia.
jessi