Bron spitazeus+Tok cirrhatus

Dla specjalistów Bezpieczeństwo
#1

Witam,

OTL - http://wklejto.pl/212439

Extras - http://www.wklejto.pl/212440

 

#2

W panelu sterowania odinstaluj:

JoniCOOupeoon

RaNdomPriCoe

MiniMuumaPRiicee

DIIgiiCoupoOn

SN.Booster

ValueApps

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Nowy log obowiązkowy

#3

Niestety w niczym to nie pomogło, bron spitazeus i tok cirrhatus nadal znajdują się w msconfig w zakładce uruchamianie.

FRST http://wklejto.pl/212445

ADDITION http://www.wklejto.pl/212446

#4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [42687 2014-03-23] ()
HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [42687] () <=== ATTENTION
HKU\S-1-5-21-717608589-626284597-4218148160-1000\...\Run: [Clownfish] => (the data entry has 824 more characters).
HKU\S-1-5-21-717608589-626284597-4218148160-1000\...\Run: [Tok-Cirrhatus] => C:\Users\User\AppData\Local\smss.exe [42687 2014-03-23] ()
HKU\S-1-5-21-717608589-626284597-4218148160-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-717608589-626284597-4218148160-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-717608589-626284597-4218148160-1000\...\Policies\Explorer: [NoFolderOptions] 1
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Startup\Empty.pif ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\testlog.txt
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahootc.xml
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedgopjodjkhocojapadfcahcbleeg [2014-05-29]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfapbpneblkokkjlbpgnhoimbklepb [2014-05-31]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaconmkopngafcdepkanjlhfimjalpfk [2014-04-27]
lCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 AIDA64Driver; \??\C:\Users\User\Desktop\aida64extreme430 (1)\kerneld.x64 [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
C:\Windows\eksplorasi.exe
C:\Windows\ShellNew\sempalong.exe
C:\Users\User\AppData\Local\*.exe
C:\AdwCleaner
C:\Users\User\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\User\AppData\Local\Kosong.Bron.Tok.txt
C:\Users\User\AppData\Local\Bron.tok.A12.em.bin
C:\Users\User\AppData\Local\Ok-SendMail-Bron-tok
C:\Users\User\AppData\Local\ListHost12.txt
C:\Users\User\AppData\Local\Bron.tok-12-8
C:\ProgramData\910d5cce5f2eed0d
CustomCLSID: HKU\S-1-5-21-717608589-626284597-4218148160-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\User\AppData\Local\Conduit\ValueApps\IE\64\ValueApps.exe" No File
Task: {1015D583-C59C-40D5-9637-B8CCD980C55C} - System32\Tasks\{64C29933-BD1B-4800-A229-49B0151D7A82} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {22CA1945-C4BA-4FB5-84C9-0D3337D217E2} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {26499638-F61C-4044-9080-B4B561BD2AB5} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {4A55A72E-A891-49B1-8101-47B0E06C756D} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Accessories^Startup^Empty.pif" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913b" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bron-Spizaetus" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lollipop" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tok-Cirrhatus" /f
eg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebCake Desktop" /f
C:\Windows\pss\Empty.pif.Startup
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

#5

fixlog - http://www.wklejto.pl/212493

FRST - http://www.wklejto.pl/212487

#6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [Keyboard Tracer] => C:\Program Files (x86)\Keyboard Tracer\Logger.exe
C:\Users\User\AppData\Local\Update.12.Bron.Tok.bin
C:\Users\User\AppData\Local\Bron.tok-12-9
C:\Users\User\AppData\Local\BronFoldNetDomList.txt
C:\Users\User\AppData\Local\BronNetDomList.bat
C:\Program Files (x86)\AllSAveer
C:\ProgramData\AllSAveer
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebCake Desktop" /f
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Później skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Wybierz Skanowanie niestandardowe i przeskanuj wszystkie partycje.

Odinstaluj:

Java 7 Update 45

Java 7 Update 55

Zainstaluj Java 7 Update 67

#7

Dzięki za pomoc.