Jak usunąć Gameztar

Mustafa123 · 8 Grudzień 2009 10:56

Chciałbym się dowiedzieć jak to usunąć.

Proszę o szybką odpowiedź.

Pozdrawiam

jessica · 8 Grudzień 2009 11:05

Usuwa to >http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html, po ukazaniu się jego raportu wystarczy pozwolić mu usunąć to, co wykrył.

Albo usuwać przy pomocy OTL - zaraz podam to usuwanie …

O widzę że masz także inne infekcje …

przygotowanie usuwania trochę potrwa, bo jest tego ogromnie dużo…

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL PRC - [2009-12-07 14:45:58 | 00,356,352 | ---- | M] () – C:\Program Files\Internet Today\1.1.0.1230\InternetToday.exe PRC - [2009-12-04 18:53:30 | 00,058,744 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice129.exe PRC - [2009-12-04 18:53:30 | 00,058,744 | ---- | M] () – C:\Program Files\QuestService\questservice.exe PRC - [2008-04-14 21:51:32 | 00,070,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\AhnRpta.exe MOD - [2009-12-08 10:12:01 | 00,081,920 | ---- | M] () – C:\WINDOWS\system32\xh165651.dll MOD - [2009-12-04 18:53:28 | 00,598,016 | ---- | M] () – C:\Program Files\QuestService\questservice.dll MOD - [2008-04-14 21:51:18 | 00,173,950 | ---- | M] () – C:\WINDOWS\system32\softqq1.dll SRV - [2009-12-04 18:53:30 | 00,058,744 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice129.exe – (QuestService Service) SRV - [2009-04-02 11:47:04 | 00,234,888 | ---- | M] () – C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe – (ASKUpgrade) DRV - [2009-12-08 10:12:41 | 00,005,077 | ---- | M] () – C:\WINDOWS\system32\drivers\kojkmj.sys – (MCIDRV_2600_6_0) FF - prefs.js…extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0 FF - prefs.js…extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840 FF - prefs.js…extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5240 FF - prefs.js…extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1800 [2009-09-13 11:12:06 | 00,000,681 | ---- | M] () – C:\Documents and Settings\Niko\Dane aplikacji\Mozilla\Firefox\Profiles\dnrxkaj5.default\searchplugins\ask.xml FF - HKLM\software\mozilla\Firefox\extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1840\FF [2009-12-08 09:30:37 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF [2009-12-08 09:30:46 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1800\FF [2009-12-08 09:30:54 | 00,000,000 | —D | M] [2009-12-08 09:35:07 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions{F2DDDB92-1605-4260-9B25-45A4DAE87B50} [2009-12-08 09:35:08 | 00,002,405 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\questservice129.xml [2009-10-03 20:35:52 | 00,002,400 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\seekservice124.xml [2009-10-03 20:42:44 | 00,002,400 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\seekservice129.xml O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll () O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll () O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1880\CMWIE.dll () O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll () O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll () O3 - HKLM…\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM…\Toolbar: (Gameztar Toolbar) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.2.6090\mvb0.dll File not found O3 - HKCU…\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU…\Toolbar\WebBrowser: (Gameztar Toolbar) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.2.6090\mvb0.dll File not found O4 - HKLM…\Run: [internet Today Task] C:\Program Files\Internet Today\1.1.0.1230\InternetToday.exe () O4 - HKLM…\Run: [KernelFaultCheck] File not found O4 - HKCU…\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe File not found O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\Niko\Ustawienia lokalne\Temp\herss.exe () O32 - AutoRun File - [2009-12-08 10:10:16 | 00,000,055 | RHS- | M] () - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-12-08 10:10:16 | 00,000,055 | RHS- | M] () - D:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-12-08 10:10:16 | 00,000,055 | RHS- | M] () - E:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-12-08 10:10:16 | 00,000,055 | RHS- | M] () - F:\autorun.inf – [NTFS] O33 - MountPoints2{5fc1cdf2-c6d6-11de-a55b-000df3053a69}\Shell\AutoRun\command - “” = H:\yudald.bat – File not found O33 - MountPoints2{5fc1cdf2-c6d6-11de-a55b-000df3053a69}\Shell\open\Command - “” = H:\yudald.bat – File not found O33 - MountPoints2{f83e79ec-cbb1-11de-a567-000df3053a69}\Shell\AutoRun\command - “” = H:\v1cbvsmq.exe – File not found O33 - MountPoints2{f83e79ec-cbb1-11de-a567-000df3053a69}\Shell\open\Command - “” = H:\v1cbvsmq.exe – File not found 2009-12-08 09:32:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Textual Content Provider [2009-12-08 09:31:49 | 00,000,000 | —D | C] – C:\Program Files\QuestService [2009-12-08 09:31:49 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-12-08 09:31:28 | 00,000,000 | —D | C] – C:\Program Files\Textual Content Provider [2009-12-08 09:31:18 | 00,000,000 | —D | C] – C:\Program Files\Content Management Wizard [2009-12-08 09:31:07 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Internet Today [2009-12-08 09:31:04 | 00,000,000 | —D | C] – C:\Program Files\Internet Today [2009-12-08 09:30:55 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer [2009-12-08 09:30:54 | 00,000,000 | —D | C] – C:\Program Files\Customized Platform Advancer [2009-12-08 09:30:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer [2009-12-08 09:30:46 | 00,000,000 | —D | C] – C:\Program Files\Automated Content Enhancer [2009-12-08 09:30:39 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Web Search Operator [2009-12-08 09:30:37 | 00,000,000 | —D | C] – C:\Program Files\Web Search Operator [2009-12-08 09:29:54 | 00,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji~0 [2009-12-08 09:29:29 | 00,000,000 | —D | C] – C:\Documents and Settings\Niko\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar [2009-12-08 11:26:12 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\gd165651.dll [2009-12-08 11:26:12 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\gd165651.dl_ [2009-12-08 10:13:17 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\hd165651.dl_ [2009-12-08 10:12:41 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\nh165651.dll [2009-12-08 10:12:41 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\nh165651.dl_ [2009-12-08 10:12:41 | 00,005,077 | ---- | M] () – C:\WINDOWS\System32\drivers\kojkmj.sys [2009-12-08 10:12:22 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\og165651.dll [2009-12-08 10:12:22 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\og165651.dl_ [2009-12-08 10:12:21 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\hd165651.dll [2009-12-08 10:12:16 | 00,088,566 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml [2009-12-08 10:12:04 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\ji165651.dll [2009-12-08 10:12:04 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\ji165651.dl_ [2009-12-08 10:12:01 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\xh165651.dll [2009-12-08 10:12:01 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\i}165651.dll [2009-12-08 10:12:01 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\xh165651.dl_ [2009-12-08 10:12:01 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\i}165651.dl_ [2009-12-08 10:10:16 | 00,000,055 | RHS- | M] () – C:\autorun.inf [2009-12-08 07:40:41 | 01,551,648 | RHS- | M] () – C:\xmor.exe [2009-12-07 20:40:37 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\af165651.dll [2009-12-07 20:40:37 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\af165651.dl_ [2009-12-07 16:03:33 | 00,174,572 | ---- | M] () – C:\ohd.exe [2009-12-07 13:18:26 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\qd165651.dll [2009-12-07 13:18:26 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\qd165651.dl_ [2009-12-06 17:05:37 | 04,359,843 | RHS- | M] () – C:\sbcatf.exe [2009-12-05 15:38:41 | 05,104,616 | RHS- | M] () – C:\k8jc.exe [2009-12-05 13:30:15 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\le165651.dll [2009-12-05 13:30:15 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\le165651.dl_ [2009-12-05 09:44:19 | 00,448,348 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat [2009-12-05 09:44:19 | 00,392,432 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat [2009-12-05 09:44:19 | 00,074,450 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat [2009-12-05 09:44:19 | 00,058,732 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat [2009-12-04 20:46:11 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\ue165651.dll [2009-12-04 20:46:11 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\ue165651.dl_ [2009-12-04 20:11:16 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\ru165651.dll [2009-12-04 20:11:16 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\ru165651.dl_ [2009-12-03 15:35:02 | 00,629,888 | RHS- | M] () – C:\mbvd.exe [2009-12-01 13:21:24 | 06,939,841 | RHS- | M] () – C:\mbdm.exe [2009-11-29 20:21:15 | 02,352,272 | RHS- | M] () – C:\q3kku.exe [2009-11-26 17:49:37 | 04,415,728 | RHS- | M] () – C:\cs6phv6d.exe [2009-11-25 16:32:45 | 00,323,584 | RHS- | M] () – C:\wfx062.exe [2009-11-25 08:33:11 | 00,331,776 | RHS- | M] () – C:\ngp8l.exe [2009-11-25 08:24:54 | 00,075,928 | RHS- | M] () – C:\WINDOWS\System32\nmdfgds1.dll [2009-11-25 08:24:51 | 00,116,812 | RHS- | M] () – C:\yudald.bat [2009-11-25 08:24:51 | 00,116,812 | RHS- | M] () – C:\WINDOWS\System32\olhrwef.exe [2009-11-23 16:28:11 | 05,102,436 | RHS- | M] () – C:\wu1n.exe [2009-11-22 15:51:16 | 04,645,548 | RHS- | M] () – C:\i9bwjpqc.exe [2009-11-22 12:05:42 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\mv165651.dll [2009-11-22 12:05:42 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\mv165651.dl_ [2009-11-21 20:05:20 | 00,230,718 | RHS- | M] () – C:\q93fi6kf.exe [2009-11-20 17:20:38 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\qu165651.dll [2009-11-20 17:20:38 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\qu165651.dl_ [2009-11-20 15:05:30 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\wr165651.dll [2009-11-20 15:05:30 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\wr165651.dl_ [2009-11-20 14:02:24 | 02,294,017 | RHS- | M] () – C:\curqp.exe [2009-11-19 15:41:31 | 02,522,917 | RHS- | M] () – C:\lphfa.exe [2009-11-17 21:31:58 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\tr165651.dll [2009-11-17 21:31:58 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\tr165651.dl_ [2009-11-16 18:19:11 | 00,081,920 | ---- | M] () – C:\WINDOWS\System32\sh165651.dll [2009-11-16 18:19:11 | 00,044,748 | -H-- | M] () – C:\WINDOWS\System32\sh165651.dl_ [2009-11-16 17:12:40 | 04,415,897 | RHS- | M] () – C:\9g86.exe [2009-11-16 17:12:40 | 04,415,897 | RHS- | M] () – C:\0qw6vege.exe [2009-11-16 17:12:40 | 00,287,129 | RHS- | M] () – C:\wglb9q.exe [2009-11-15 15:01:27 | 00,689,962 | RHS- | M] () – C:\opdux.exe [2009-11-13 14:30:13 | 00,229,770 | RHS- | M] () – C:\6ruaqx.exe [2009-11-11 15:26:03 | 05,561,497 | RHS- | M] () – C:\pbudsara.exe [2009-11-09 16:31:35 | 00,630,874 | RHS- | M] () – C:\vk0w.exe [2009-11-09 16:31:35 | 00,630,874 | RHS- | M] () – C:\g12g.exe [2009-11-08 14:21:16 | 01,089,772 | RHS- | M] () – C:\l61yyp.exe :Files C:\WINDOWS\AhnRpta.exe C:\WINDOWS\system32\xh165651.dll C:\Program Files\QuestService\questservice.dll C:\Program Files\QuestService C:\WINDOWS\system32\softqq1.dll C:\xmor.exe C:\ohd.exe C:\sbcatf.exe C:\k8jc.exe C:\Program Files\AskBarDis D:\xmor.exe D:\ohd.exe D:\sbcatf.exe D:\k8jc.exe C:\WINDOWS\system32\drivers\kojkmj.sys E:\xmor.exe E:\ohd.exe E:\sbcatf.exe E:\k8jc.exe C:\Program Files\Internet Today F:\xmor.exe F:\ohd.exe F:\sbcatf.exe F:\k8jc.exe C:\Documents and Settings\All Users\Dane aplikacji\QuestService C:\mbvd.exe C:\mbdm.exe C:\q3kku.exe C:\cs6phv6d.exe C:\wfx062.exe C:\ngp8l.exe C:\yudald.bat C:\wu1n.exe C:\i9bwjpqc.exe C:\q93fi6kf.exe C:\curqp.exe C:\lphfa.exe C:\WINDOWS\System32\sh165651.dl_ C:\9g86.exe C:\0qw6vege.exe C:\wglb9q.exe C:\opdux.exe C:\6ruaqx.exe C:\pbudsara.exe C:\vk0w.exe C:\g12g.exe C:\l61yyp.exe D:\mbvd.exe D:\mbdm.exe D:\q3kku.exe D:\cs6phv6d.exe D:\wfx062.exe D:\ngp8l.exe D:\yudald.bat D:\wu1n.exe D:\i9bwjpqc.exe D:\q93fi6kf.exe D:\curqp.exe D:\lphfa.exe D:\9g86.exe D:\0qw6vege.exe D:\wglb9q.exe D:\opdux.exe D:\6ruaqx.exe D:\pbudsara.exe D:\vk0w.exe D:\g12g.exe D:\l61yyp.exe E:\mbvd.exe E:\mbdm.exe E:\q3kku.exe E:\cs6phv6d.exe E:\wfx062.exe E:\ngp8l.exe E:\yudald.bat E:\wu1n.exe E:\i9bwjpqc.exe E:\q93fi6kf.exe E:\curqp.exe E:\lphfa.exe E:\9g86.exe E:\0qw6vege.exe E:\wglb9q.exe E:\opdux.exe E:\6ruaqx.exe E:\pbudsara.exe E:\vk0w.exe E:\g12g.exe E:\l61yyp.exe F:\mbvd.exe F:\mbdm.exe F:\q3kku.exe F:\cs6phv6d.exe F:\wfx062.exe F:\ngp8l.exe F:\yudald.bat F:\wu1n.exe F:\i9bwjpqc.exe F:\q93fi6kf.exe F:\curqp.exe F:\lphfa.exe F:\9g86.exe F:\0qw6vege.exe F:\wglb9q.exe F:\opdux.exe F:\6ruaqx.exe F:\pbudsara.exe F:\vk0w.exe F:\g12g.exe F:\l61yyp.exe :Services QuestService Service ASKUpgrade MCIDRV_2600_6_0 :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

O SALITY napisał już @deFco247 post niżej, więc …

jessi

deFco247 · 8 Grudzień 2009 11:12

Tylu infekcji na jednym komputerze dawno nie widziałem… :shock:

Ta usługa wygląda na infekcję Sality wg tej strony: http://www.threatexpert.com/report.aspx … d30208e674

Do ponownego postawienia systemu może być potrzebna płytka z systemem.

Pobierz i nagraj na płytkę na niezainfekowanym komputerze DR Web LiveCD.

Włóż płytkę do zainfekowanego komputera, zakładając, że wcześniej ustawiłeś w BIOS-ie na startowanie kompa z CD/DVD, więc po restarcie powinien się uruchomić się skaner.

Wykonujesz pełny skan, leczysz co się da, reszta do usunięcia.

Skanujesz tyle razy, aż skaner nic nie znajdzie.

Jeśli po usuwaniu system się nie uruchomi, wkładasz do komputera płytkę z systemem i wykonujesz instalację nakładkową Windows.

Po ewentualnej instalacji nakładkowej wyłącz i włącz Przywracanie systemu na wszystkich dyskach. Instrukcja XP lub Vista.

Wykonaj pełny skan DR WEB CureIt.

Jeśli skaner nic nie znajdzie, dla pewności podaj log z Combofix (pobierz go na nowo) i wyłącz ponownie przywracanie systemu włączone przez Combofixa.