qrax
(Michal)
3 Styczeń 2010 22:50
#1
Witajcie
Od dluzszego czasu same otwieraja sie strony typu getiton[.]com zarówno przy korzystaniu z FF jak i IE. Ponizej zamieszczam link z logami, bardzo prosze o pomoc w pozbyciu sie tego. Dzieki z góry
http://wklej.org/id/255372/
jessica
(jessica)
3 Styczeń 2010 23:01
#2
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
:OTL SRV - [2009-12-09 14:06:42 | 00,046,456 | ---- | M] () [Disabled | Stopped] – C:\ProgramData\QuestService\questservice111.exe – (QuestService Service) FF - prefs.js…extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290 FF - prefs.js…extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960 FF - prefs.js…extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 FF - prefs.js…extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0 FF - prefs.js…extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080 FFF - HKLM\software\mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.1.0.2080\FF [2009-12-15 20:44:05 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF [2009-12-15 20:44:11 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF [2009-12-15 20:44:18 | 00,000,000 | —D | M] [2009-12-15 20:49:40 | 00,000,000 | —D | M] (QuestService) – C:\Program Files\Mozilla Firefox\extensions{AAF6454A-4000-4015-84C1-6CD844C06B19} O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll () O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll () O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll () O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll () O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll () O3 - HKU\S-1-5-21-1165230447-1506588677-3144462524-1000…\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found 33 - MountPoints2{078b3af5-b5e6-11de-b984-001e37659cb7}\Shell - “” = AutoRun O33 - MountPoints2{078b3af5-b5e6-11de-b984-001e37659cb7}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{078b3b02-b5e6-11de-b984-001b24e0af7d}\Shell - “” = AutoRun O33 - MountPoints2{078b3b02-b5e6-11de-b984-001b24e0af7d}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{078b3b04-b5e6-11de-b984-001b24e0af7d}\Shell\AutoRun\command - “” = G:\asneg.com – File not found O33 - MountPoints2{078b3b04-b5e6-11de-b984-001b24e0af7d}\Shell\explore\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{078b3b04-b5e6-11de-b984-001b24e0af7d}\Shell\open\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{2b59a1cc-ad07-11de-88dd-001e37659cb7}\Shell\AutoRun\command - “” = F:\ph.exe – File not found O33 - MountPoints2{2b59a1cc-ad07-11de-88dd-001e37659cb7}\Shell\open\Command - “” = F:\ph.exe – File not found O33 - MountPoints2{31799e9b-151b-11dd-afbb-001e37659cb7}\Shell\Auto\command - “” = Start.exe O33 - MountPoints2{36638920-e188-11de-b63d-001e37659cb7}\Shell\AutoRun\command - “” = F:\Launcher.exe – File not found O33 - MountPoints2{74efd4bc-d901-11dd-93a8-001e37659cb7}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe – File not found O33 - MountPoints2{74efd4bc-d901-11dd-93a8-001e37659cb7}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe – File not found O33 - MountPoints2{7ee2097b-bfb2-11de-a266-001e37659cb7}\Shell - “” = AutoRun O33 - MountPoints2{7ee2097b-bfb2-11de-a266-001e37659cb7}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{7ee2097e-bfb2-11de-a266-001e37659cb7}\Shell - “” = AutoRun O33 - MountPoints2{7ee2097e-bfb2-11de-a266-001e37659cb7}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{7ee20980-bfb2-11de-a266-001e37659cb7}\Shell\AutoRun\command - “” = G:\asneg.com – File not found O33 - MountPoints2{7ee20980-bfb2-11de-a266-001e37659cb7}\Shell\explore\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{7ee20980-bfb2-11de-a266-001e37659cb7}\Shell\open\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{adab47f5-b4f5-11de-83a1-001b24e0af7d}\Shell - “” = AutoRun O33 - MountPoints2{adab47f5-b4f5-11de-83a1-001b24e0af7d}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{da169275-b4fc-11de-8a7b-001b24e0af7d}\Shell - “” = AutoRun O33 - MountPoints2{da169275-b4fc-11de-8a7b-001b24e0af7d}\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found O33 - MountPoints2{da169277-b4fc-11de-8a7b-001b24e0af7d}\Shell\AutoRun\command - “” = G:\asneg.com – File not found O33 - MountPoints2{da169277-b4fc-11de-8a7b-001b24e0af7d}\Shell\explore\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{da169277-b4fc-11de-8a7b-001b24e0af7d}\Shell\open\Command - “” = G:\asneg.com – File not found O33 - MountPoints2{e8d50a40-62c2-11dd-a754-001e37659cb7}\Shell\Open(&0)\command - “” = F:\Recycled\ctfmon.exe – File not found O33 - MountPoints2{fffa9000-bd69-11de-88d3-001e37659cb7}\Shell - “” = AutoRun O33 - MountPoints2{fffa9000-bd69-11de-88d3-001e37659cb7}\Shell\AutoRun\command - “” = I:\LaunchU3.exe – File not found O33 - MountPoints2\F\Shell - “” = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - “” = F:\AutoRun.exe – File not found [2009-12-15 20:45:36 | 00,000,000 | —D | C] – C:\Users\magda\AppData\Local\Textual Content Provider [2009-12-15 20:45:13 | 00,000,000 | —D | C] – C:\ProgramData\QuestService [2009-12-15 20:45:13 | 00,000,000 | —D | C] – C:\Program Files\QuestService [2009-12-15 20:44:55 | 00,000,000 | —D | C] – C:\Program Files\Textual Content Provider [2009-12-15 20:44:44 | 00,000,000 | —D | C] – C:\Program Files\Content Management Wizard [2009-12-15 20:44:34 | 00,000,000 | —D | C] – C:\Users\magda\AppData\Local\Internet Today [2009-12-15 20:44:32 | 00,000,000 | —D | C] – C:\Program Files\Internet Today [2009-12-15 20:44:18 | 00,000,000 | —D | C] – C:\Program Files\Customized Platform Advancer [2009-12-15 20:44:11 | 00,000,000 | —D | C] – C:\Program Files\Automated Content Enhancer [2009-12-15 20:44:04 | 00,000,000 | —D | C] – C:\Program Files\Web Search Operator [2009-12-15 20:43:40 | 00,000,000 | —D | C] – C:\Program Files\Gameztar Toolbar [2009-12-15 20:43:26 | 00,000,000 | -H-D | C] – C:\ProgramData{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B} :Services QuestService Service :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] “SecurityProviders”=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [Reboot]
Kliknij w Run Fix . Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.
Pokaż nowy log OTL.txt oraz log z czyszczenia.
jessi
qrax
(Michal)
4 Styczeń 2010 00:25
#3
Dziękuje jessi za szybką reakcje, zrobilem tak jak napisałaś i oto kolejny log:
http://wklej.org/id/255526/
jessica
(jessica)
4 Styczeń 2010 05:41
#4
Miał być jeszcze nowy log do kontroli, ale jeśli problemy zniknęły, to można to sobie będzie darować.
W takim przypadku:
W OTL kliknij na przycisk “CleanUp” - to go usunie razem z jego Kwarantanną.
Usuń kopie szkodników z folderu “System Volume Information” poprzez chwilowe wyłączenie “Przywracania Systemu”:
>START>Panel Sterowania>System>Ochrona Systemu>Kontynuuj>w polu “Dostępne dyski” usuń zaznaczenia z okienek przy tych dyskach>>Zastosuj>>OK. (W czasie tego chwilowego wyłączenia te kopie usuną się samoczynnie, więc nie ma potrzeby zaglądania do folderu.) Potem możesz powrócić do poprzedniego ustawienia (czyli dodać zaznaczenie w okienka).
jessi
qrax
(Michal)
7 Styczeń 2010 11:21
#5
dzieki, problem rozwiązany =D>