Proszę o sprawdzenie loga(gameztar.exe - reklamy)

[Spidey]

Witam. Mój problem był już przytaczany na tym forum kilka razy, chodzi oczywiście o irytujące wyskakujące okna podczas surfowania po internecie
Logi z OTL:
http://wklej.org/id/260187/ - extras.txt
http://wklej.org/id/260190/ - OTL.txt

Z góry dziękuje za pomoc i pozdrawiam!

[wojtas]

pendriv lub pamięć jakaś przenośna do całkowitego formatu potem

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|google.pl"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: {40f1eb95-4de4-4f36-a826-054ee36bb905}:2.1.3.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080
FF - HKLM\software\mozilla\Firefox\extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}: C:\Program Files\Gameztar Toolbar\2.1.3.6670\FFToolbar [2009-12-17 18:33:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.1.0.2080\FF [2009-12-17 18:33:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF [2009-12-17 18:33:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF [2009-12-17 18:33:37 | 00,000,000 | ---D | M]
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll ()
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll ()
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll ()
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll ()
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Gameztar Toolbar) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll ()
O3 - HKU\S-1-5-21-1935655697-1957994488-1417001333-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1935655697-1957994488-1417001333-1003\..\Toolbar\WebBrowser: (Gameztar Toolbar) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll ()
O4 - HKLM..\Run: [Internet Today Task] C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe ()
O4 - HKU\S-1-5-21-1935655697-1957994488-1417001333-1003..\Run: [cdoosoft] C:\Documents and Settings\tobi\Ustawienia lokalne\Temp\herss.exe ()
O4 - HKU\S-1-5-21-1935655697-1957994488-1417001333-1003..\Run: [VideoBarApp] C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvbapp.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O32 - AutoRun File - [2010-01-08 21:14:28 | 00,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-08 21:14:28 | 00,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-08 21:14:28 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0e7aa61c-7e92-11de-8cff-000e50105020}\Shell\AutoRun\command - "" = H:\e9naq.exe -- File not found
O33 - MountPoints2\{0e7aa61c-7e92-11de-8cff-000e50105020}\Shell\open\Command - "" = H:\e9naq.exe -- File not found
O33 - MountPoints2\{2f5489d3-8fc4-11de-8d44-000e50105020}\Shell\AutoRun\command - "" = G:\wfx062.exe -- File not found
O33 - MountPoints2\{2f5489d3-8fc4-11de-8d44-000e50105020}\Shell\open\Command - "" = G:\wfx062.exe -- File not found
O33 - MountPoints2\{8327235e-bfde-11de-8ded-000e50105020}\Shell - "" = AutoRun
O33 - MountPoints2\{8c660f46-7e1d-11de-8cfd-000e50105020}\Shell\AutoRun\command - "" = H:\wisf1.exe -- File not found
O33 - MountPoints2\{8c660f46-7e1d-11de-8cfd-000e50105020}\Shell\open\Command - "" = H:\wisf1.exe -- File not found
O33 - MountPoints2\{945fca08-ab44-11de-8db0-000e50105020}\Shell - "" = AutoRun

:Files
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\tobi\Dane aplikacji\Mozilla\Firefox\Profiles\knv8zvvv.default\searchplugins\daemon-search.xml
C:\Program Files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
C:\Program Files\Mozilla Firefox\searchplugins\questservice110.xml
C:\Program Files\Mozilla Firefox\searchplugins\questservice115.xml
C:\Program Files\QuestService
C:\Documents and Settings\All Users\Dane aplikacji\QuestService
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Textual Content Provider
C:\Program Files\Textual Content Provider
C:\Program Files\Content Management Wizard
C:\Program Files\Internet Today
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Internet Today
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer
C:\Program Files\Customized Platform Advancer
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer
C:\Program Files\Automated Content Enhancer
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Web Search Operator
C:\Program Files\Web Search Operator
C:\Program Files\Gameztar Toolbar
C:\Documents and Settings\All Users\Dane aplikacji\{540FDD5A-3C68-4DFB-B9FF-FCEB20538D75}
C:\Documents and Settings\tobi\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar
C:\e9naq.exe
d:\e9naq.exe
e:\e9naq.exe
C:\wisf1.exe
d:\wisf1.exe
e:\wisf1.exe
C:\Documents and Settings\tobi\Ustawienia lokalne\Temp\cvasds0.dll
C:\u16sqrqn.exe
C:\9ffp.exe
C:\nymdik.exe
C:\nx.exe
C:\yu3.exe
C:\t8g.exe
C:\k0maw.exe
d:\u16sqrqn.exe
d:\9ffp.exe
d:\nymdik.exe
d:\nx.exe
d:\yu3.exe
d:\t8g.exe
d:\k0maw.exe
e:\u16sqrqn.exe
e:\9ffp.exe
e:\nymdik.exe
e:\nx.exe
e:\yu3.exe
e:\t8g.exe
e:\k0maw.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Services
QuestService Service

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera

[Spidey]

http://wklej.org/id/260999/ - otl.txt
http://wklej.org/id/261001/ - raport z czyszczenia.

[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu

[Spidey]

http://wklej.org/id/261959/ - raport ze skanu.

[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

Autor postu otrzymał pochwałę

[Spidey]

http://wklej.org/id/262127/ - log z combofixa.

[wojtas]

daj na inny hosting jak mozesz

[Spidey]

http://pokazywarka.pl/84agks/

[wojtas]

Wklejasz do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\ 73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,\
00,70,00,72,00,6f,00,76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> uruchom ten plik. i powinno być ok

[Spidey]

Dziękuje za pomoc, komputer chodzi o niebo lepiej bez natrętnych reklam