Niechciane reklamy oraz brontok.a

broszford · 9 Kwiecień 2014 18:50

od kilku dni mam problemy z niechcianymi relamami oraz brontok.a

podyslam logi z OTL http://wklej.org/id/1327784/

Atis · 9 Kwiecień 2014 18:58

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe ()
O4 - HKU\S-1-5-21-3986140590-1535668135-1163720969-1001..\Run: [Tok-Cirrhatus] C:\Users\Admin\AppData\Local\smss.exe ()
O4 - HKU\S-1-5-21-3986140590-1535668135-1163720969-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
:Files
C:\Users\Admin\AppData\Local\*Bron*
C:\Windows\eksplorasi.exe
C:\Users\Admin\AppData\Local\*.exe
:Commands
[resethosts]
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

Pobierz Farbar Recovery Scan Tool 64-Bit Version

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

broszford · 9 Kwiecień 2014 20:04

raport z usuwania http://wklej.org/id/1327808/

nowy raport z OTL http://wklej.org/id/1327824/

pozostale logi zaraz

Atis · 9 Kwiecień 2014 20:24

Najlepiej zacznij czytać odpowiedzi, bo wyraźnie napisałem raport FRST i Addition.

Uruchom Fix it i przywróć domyślny plik Hosts:

http://support.microsoft.com/kb/972034/pl

W panelu sterowania odinstaluj:

Bundled software uninstaller

DealPly

LiveVDO plugin 1.3

Mobogenie

qone8 uninstaller

RelevantKnowledge

VO Package

WPM17.8.0.3442

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

broszford · 9 Kwiecień 2014 21:25

raport z FRST http://wklej.org/id/1327991/

Atis · 9 Kwiecień 2014 22:21

Nie przywróciłeś pliku Hosts, bo zapisałeś jako Hosts.txt, a ten plik nie ma żadnego rozszerzenia.

Napisałem żeby uruchomić Mixrosoft Fix it.

Odinstaluj Additional Offer i AdvanceMark.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

() C:\Program Files (x86)\AdvanceMark\updateAdvanceMark.exe
() C:\Program Files (x86)\AdvanceMark\bin\utilAdvanceMark.exe
HKU\S-1-5-21-3986140590-1535668135-1163720969-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3986140590-1535668135-1163720969-1001\...\Policies\Explorer: [NoFolderOptions] 1
SearchScopes: HKLM-x32 - {AA659DC9-A422-42AE-9073-AAE54188827D} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111202191501136&tb_oid=02-12-2011&tb_mrud=02-12-2011
SearchScopes: HKCU - A7E5FF3384AF497BBF1857ACD58F3C63 URL = http://startsear.ch/?aff=2&src=sp&cf=ec25c155-1096-11e2-9f95-1c7508d373f9&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3EE48C11-4BD8-4A4D-9769-6683E4D847C2} URL = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {AA659DC9-A422-42AE-9073-AAE54188827D} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111202191501136&tb_oid=02-12-2011&tb_mrud=02-12-2011
SearchScopes: HKCU - {CF73A2D1-E4E9-48DC-9635-98778A80C23F} URL = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
BHO-x32: AdvanceMark - {4e65dc6b-0322-48fa-a6b3-fda44fbd34c2} - C:\Program Files (x86)\AdvanceMark\AdvanceMarkbho.dll (AdvanceMark)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: Widget context - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2013-12-09]
FF Extension: BrowserAdditions - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\37j58njp.default\Extensions\toolbarbutton@browseradditions.com [2014-04-09]
FF Extension: AdvanceMark - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\37j58njp.default\Extensions\{495e04b0-3772-475e-a8a2-48beea71d07d}.xpi [2014-04-09]
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-07]
CHR Extension: (Widget context) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2013-12-09]
R2 Update AdvanceMark; C:\Program Files (x86)\AdvanceMark\updateAdvanceMark.exe [350496 2014-04-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
C:\Program Files (x86)\Additional Offer
C:\Program Files (x86)\AdvanceMark
C:\Users\Admin\AppData\Roaming\qone8
C:\Users\Admin\AppData\Local\temp\*.exe
Task: {2844FC21-D184-4084-AAC0-33D02E3B7CB7} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {2F09CF27-7710-41FC-91C9-ED1344FE0F07} - \systems No Task File
Task: {3321FF4D-388F-4B94-81C5-D0AFA65AD51C} - \fbagent No Task File
Task: {4241BBF3-0F0C-463B-AA07-7378EEC08072} - System32\Tasks\DSite => C:\Users\Admin\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C4AE1764-0F5C-4674-B8DC-18FA5BA77D73} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {CEF971F4-190C-4D33-803D-2CDAA9FB3724} - System32\Tasks\DealPly => C:\Users\Admin\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-19] () <==== ATTENTION
Task: {F1EBE18D-0081-429A-8A3A-0F63B4807523} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2014-02-13] (Microsoft Corporation)
Task: {FA7664BC-D779-4A14-85EC-7C64AC4CC01E} - System32\Tasks\EPUpdater => C:\Users\Admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-phishing Domain Advisor" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tok-Cirrhatus" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Updater Service" /f

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.