dawka7

wykonane, dziękuje.

w takim razie dziękuje bardzo za pomoc i poświęcony czas.! Pozdrawiam.

Kaspersky właśnie ukończył ostatni skan, niestety w ciągu skanowania poszczególnych dysków nic nie wykrył. Pewnie usunął wszystkie potencjalne infekcje za pierwszym razem kiedy to zrestartował się komputer, ale po tym nie zostało żadnego śladu. Czy coś jeszcze powinienem wykonać? Ew. jak pozbyć się tej podejrzanej tabelki z outlocka?

Niestety nie wiedzieć dlaczego po prawie 48h skanowania kiedy kaspersky osiągnął już jakies 50pare% komputer nagle się zrestartował. Stąd pytanie czy przechowuje on gdzieś logi tego co dotychczas zrobił? ( było jakieś 60 potencjalnych infekcji) Wrzucam raz jeszcze logi z OTL. Ponadto podczas uruchamiania Outlook pojawiła się tabelka z prośbą o wpisanie hasła której wcześniej nie było i wygląda dziwnie (screen) OTL.Txt Extras.Txt

Niestety nadal skanuje, na razie ma dopiero 43% od wczoraj....Jak tylko skończy wrzucę wyniki. Dziękuję i pozdrawiam.

w takim razie przepraszam za faux pas to z rozpędu. skanowanie kaspersky w toku. 05312013_194544.txt

Dziękuje za szybką odpowiedź. 1. log OTL po wykonaniu skryptu All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. C:\Users\johnyQ\AppData\Local\smss.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully. Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55} C:\Windows\Downloaded Program Files\SkanerOnline.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully. ========== FILES ========== ADS C:\Windows:8812F8F75C60B46E deleted successfully. C:\Users\johnyQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif moved successfully. C:\Users\johnyQ\AppData\Local\csrss.exe moved successfully. C:\Users\johnyQ\AppData\Local\inetinfo.exe moved successfully. C:\Users\johnyQ\AppData\Local\lsass.exe moved successfully. C:\Users\johnyQ\AppData\Local\services.exe moved successfully. C:\Users\johnyQ\AppData\Local\winlogon.exe moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-24 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-25 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-26 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-27 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-28 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-29 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-30 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok-4-31 folder moved successfully. C:\Users\johnyQ\AppData\Local\Bron.tok.A4.em.bin moved successfully. C:\Users\johnyQ\AppData\Local\Kosong.Bron.Tok.txt moved successfully. C:\Users\johnyQ\AppData\Local\Loc.Mail.Bron.Tok folder moved successfully. C:\Users\johnyQ\AppData\Local\Ok-SendMail-Bron-tok folder moved successfully. C:\Users\johnyQ\AppData\Roaming\Babylon folder moved successfully. C:\Users\johnyQ\AppData\Roaming\DSite\UpdateProc folder moved successfully. C:\Users\johnyQ\AppData\Roaming\DSite folder moved successfully. C:\Users\johnyQ\AppData\Roaming\OpenCandy\8E863C020007466BBDE31E06D9B08DD6 folder moved successfully. C:\Users\johnyQ\AppData\Roaming\OpenCandy folder moved successfully. C:\ProgramData\StarApp\Setup folder moved successfully. C:\ProgramData\StarApp folder moved successfully. C:\ProgramData\conotiNuetosave folder moved successfully. C:\ProgramData\InstallMate\{A408D7D4-A316-4366-A18D-EB347FEBF522} folder moved successfully. C:\ProgramData\InstallMate folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully. C:\Program Files (x86)\Mozilla Firefox folder moved successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 58264 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: johnyQ ->Temp folder emptied: 43772720 bytes ->Temporary Internet Files folder emptied: 19845 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 58775 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8456 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46472224 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 86,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05312013_180150 Files\Folders moved on Reboot... C:\Users\johnyQ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\johnyQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... 2. searchnewtab i akami odinstalowane, nie mam natomiast rozszerzeń które wymieniłeś w google chrome do odinstalowania 3. log z adwcleaner i OTL w załączniku dziękuje i pozdrawiam. AdwCleanerS1.txt OTL.Txt

windows 7 x64 Witam, od jakiegoś czasu komputer zaczął dziwnie wolno chodzić + co jakiś czas w chrome podczas przeglądania internetu włącza się strona z napisem BRONTOK.A (screen1) usunąłem ręcznie plik c/users/johnyq/pictures/about.bronk.a.html ale sam tworzy się na nowo? Ponadto podczas podpięcia karty sd lub pendriva wgrywa się na niego plik exe o nazwie Data johnyQ który po uruchomieniu przenosi do "mój komputer" (screen2). Obecnie komputer nie chce się normalnie uruchomić, po włączeniu i załadowaniu wszystkiego , zaczyna się wyłączać, i tak w kółko sam się restartuje, są 3 procesy których nie idzie zamknąć z tego co pamiętam pisze "brak uprawnień", w momencie kiedy zaczyna się wyłączać - zamykać pokolei wszystkie procesy w menadrzeże zadań, pokazuje się proces Logon którego również nie idzie zamknąć ze względu na brak uprawnień. screen1 screen2 logi: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 17 Java 6 Update 3 Java version out of Date! Adobe Reader XI Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Pozdrawiam OTL.Txt Extras.Txt gmer.txt

Witam, jestem jedną wielu jak widze osób, które padły ofiarą, tego wirusa, prosze o pomoc. wrzucam logi z OTL. Dzięki, Pozdrawiam. Extras.Txt OTL.Txt