Skocz do zawartości
Nadchodzące zmiany w logowaniu

dawka7

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    9

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Odpowiedzi opublikowane przez dawka7

  4. BRONTOK.A + ciągłe restarty komputera

    w Dział pomocy doraźnej

    Opublikowano

    Niestety nie wiedzieć dlaczego po prawie 48h skanowania kiedy kaspersky osiągnął już jakies 50pare% komputer nagle się zrestartował. Stąd pytanie czy przechowuje on gdzieś logi tego co dotychczas zrobił? ( było jakieś 60 potencjalnych infekcji)

    Wrzucam raz jeszcze logi z OTL. Ponadto podczas uruchamiania Outlook pojawiła się tabelka z prośbą o wpisanie hasła której wcześniej nie było i wygląda dziwnie (screen)

    OTL.Txt

    Extras.Txt

    post-6318-0-45037500-1370168352_thumb.png

  7. BRONTOK.A + ciągłe restarty komputera

    w Dział pomocy doraźnej

    Opublikowano

    Dziękuje za szybką odpowiedź.

     

    1. log OTL po wykonaniu skryptu

     

    All processes killed

    ========== OTL ==========

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.

    Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

    Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

    Registry key HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.

    Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully.

    C:\Users\johnyQ\AppData\Local\smss.exe moved successfully.

    Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-3978528455-3850895547-2306539489-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

    Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55}

    C:\Windows\Downloaded Program Files\SkanerOnline.inf moved successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.

    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully.

    ========== FILES ==========

    ADS C:\Windows:8812F8F75C60B46E deleted successfully.

    C:\Users\johnyQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif moved successfully.

    C:\Users\johnyQ\AppData\Local\csrss.exe moved successfully.

    C:\Users\johnyQ\AppData\Local\inetinfo.exe moved successfully.

    C:\Users\johnyQ\AppData\Local\lsass.exe moved successfully.

    C:\Users\johnyQ\AppData\Local\services.exe moved successfully.

    C:\Users\johnyQ\AppData\Local\winlogon.exe moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-24 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-25 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-26 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-27 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-28 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-29 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-30 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok-4-31 folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Bron.tok.A4.em.bin moved successfully.

    C:\Users\johnyQ\AppData\Local\Kosong.Bron.Tok.txt moved successfully.

    C:\Users\johnyQ\AppData\Local\Loc.Mail.Bron.Tok folder moved successfully.

    C:\Users\johnyQ\AppData\Local\Ok-SendMail-Bron-tok folder moved successfully.

    C:\Users\johnyQ\AppData\Roaming\Babylon folder moved successfully.

    C:\Users\johnyQ\AppData\Roaming\DSite\UpdateProc folder moved successfully.

    C:\Users\johnyQ\AppData\Roaming\DSite folder moved successfully.

    C:\Users\johnyQ\AppData\Roaming\OpenCandy\8E863C020007466BBDE31E06D9B08DD6 folder moved successfully.

    C:\Users\johnyQ\AppData\Roaming\OpenCandy folder moved successfully.

    C:\ProgramData\StarApp\Setup folder moved successfully.

    C:\ProgramData\StarApp folder moved successfully.

    C:\ProgramData\conotiNuetosave folder moved successfully.

    C:\ProgramData\InstallMate\{A408D7D4-A316-4366-A18D-EB347FEBF522} folder moved successfully.

    C:\ProgramData\InstallMate folder moved successfully.

    C:\Program Files (x86)\Mozilla Firefox\searchplugins folder moved successfully.

    C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.

    C:\Program Files (x86)\Mozilla Firefox folder moved successfully.

    ========== REGISTRY ==========

    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.

    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully.

    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\ deleted successfully.

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: All Users

     

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 58264 bytes

     

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes

     

    User: johnyQ

    ->Temp folder emptied: 43772720 bytes

    ->Temporary Internet Files folder emptied: 19845 bytes

    ->Java cache emptied: 0 bytes

    ->Flash cache emptied: 58775 bytes

     

    User: Public

     

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 8456 bytes

    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46472224 bytes

    RecycleBin emptied: 0 bytes

     

    Total Files Cleaned = 86,00 mb

     

     

    OTL by OldTimer - Version 3.2.69.0 log created on 05312013_180150

     

    Files\Folders moved on Reboot...

    C:\Users\johnyQ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    C:\Users\johnyQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

     

    PendingFileRenameOperations files...

     

    Registry entries deleted on Reboot...

     

    2. searchnewtab i akami odinstalowane, nie mam natomiast rozszerzeń które wymieniłeś w google chrome do odinstalowania

    3. log z adwcleaner i OTL w załączniku

     

    dziękuje i pozdrawiam.

    AdwCleanerS1.txt

    OTL.Txt

  8. BRONTOK.A + ciągłe restarty komputera

    w Dział pomocy doraźnej

    Opublikowano

    windows 7 x64

     

    Witam, od jakiegoś czasu komputer zaczął dziwnie wolno chodzić + co jakiś czas w chrome podczas przeglądania internetu włącza się strona z napisem BRONTOK.A (screen1) usunąłem ręcznie plik c/users/johnyq/pictures/about.bronk.a.html ale sam tworzy się na nowo?

    Ponadto podczas podpięcia karty sd lub pendriva wgrywa się na niego plik exe o nazwie Data johnyQ który po uruchomieniu przenosi do "mój komputer" (screen2).

    Obecnie komputer nie chce się normalnie uruchomić, po włączeniu i załadowaniu wszystkiego , zaczyna się wyłączać, i tak w kółko sam się restartuje, są 3 procesy których nie idzie zamknąć z tego co pamiętam pisze "brak uprawnień", w momencie kiedy zaczyna się wyłączać - zamykać pokolei wszystkie procesy w menadrzeże zadań, pokazuje się proces Logon którego również nie idzie zamknąć ze względu na brak uprawnień.

     

     

    screen1

    123blj.th.png

    screen2

    134xq.th.png

     

    logi:

     

    Results of screen317's Security Check version 0.99.64

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 10

    ``````````````Antivirus/Firewall Check:``````````````

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    Java 7 Update 17

    Java 6 Update 3

    Java version out of Date!

    Adobe Reader XI

    Google Chrome 26.0.1410.64

    Google Chrome 27.0.1453.94

    ````````Process Check: objlist.exe by Laurent````````

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C:

    ````````````````````End of Log``````````````````````

     

     

    Pozdrawiam

    OTL.Txt

    Extras.Txt

    gmer.txt

×
×
  • Dodaj nową pozycję...