Komputer strasznie zamula. Chcę pozbyć się Brontoka

[lukaszjaneczek125]

tak jak w temacie. mam brontoka przez co strasznie zamula mi kompa proszę o sprawdzenie logów ponieważ jest na nich wiele wirusów ,a ja jestem Nowicjuszem w tych sprawach.

Extras.Txt

gmer.txt

mbam-log-2013-02-07 (08-02-36).txt

OTL.Txt

[picasso]

mam brontoka przez co strasznie zamula mi kompa

 

Ustalmy skąd ta wiedza i co pokazuje infekcję Brontok, bo tu w raportach nie widzę czynnego Brontok, tylko drobne odpadki po nim na dysku i nic poza tym. Za to system skatowany programami zabezpieczającymi, za dużo ich działa (avast! Free Antivirus, COMODO Internet Security, MBAM z czynnym rezydentem, PC Tools Spyware Doctor 9.1), co może być przyczyną mulenia.

 

 

Na teraz mogę zadać tylko drobne akcje na podstawie tego co widzę:

 

1. Przez Panel sterowania odinstaluj nadwyżkę programów zabezpieczających. Powiedzmy, że zostawisz tylko Avast.

 

2. Otwórz Google Chrome i w Rozszerzeniach odinstaluj adware DealPly, a z listy stron startowych wymaż strony Yahoo dodane przez instalację COMODO.

 

3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
C:\Users\Janeczek\AppData\Local\*Bron*
C:\Users\Janeczek\AppData\Local\kmiwefa.dll
C:\Users\Janeczek\AppData\Roaming\patcher02.patUpdater.exe
C:\Users\Janeczek\AppData\Roaming\OpenCandy
 
:OTL
O3 - HKU\S-1-5-21-1485174315-2679656517-587496537-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1485174315-2679656517-587496537-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Klik w Wykonaj skrypt. Zatwierdź restart systemu.

 

4. Zrób nowy log OTL z opcji Skanuj (już bez Extras) i GMER.

 

 

 

.

[lukaszjaneczek125]

Brontoka Starałem się usuwać i zostały tam jakieś odpadkii po nim więc jest dobrze usunąłem Comodo, stronę startową zmieniłem, i usunąłem PC tools spyware wykonałem skrypt i zaraz dołoncze skan z OTL`a

@up OTL i Gmer są

OTL.Txt

gmer.txt

[picasso]

Sprecyzuj na czym stoimy, jak kondycja systemu. Nie widzę tu już żadnych śladów infekcji. Zadania zostały wykonane i tylko drobna poprawka na szczątki po DealPly i odinstalowanych aplikacjach:

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
CHR - Extension: DealPly = C:\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
O4:64bit: - HKLM..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] "C:\Users\Janeczek\AppData\Local\Temp\cis8B13.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} File not found
[2013-02-07 08:35:26 | 000,000,000 | ---D | C] -- C:\Users\Janeczek\Doctor Web
[2013-02-06 21:23:49 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013-02-06 19:23:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013-02-06 19:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013-02-06 19:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013-02-06 19:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013-02-06 18:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013-02-06 18:10:37 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013-02-06 18:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013-02-06 18:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013-02-06 19:25:19 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat

 

Klik w Wykonaj skrypt.

 

2. Do oceny wystarczy tylko log z wynikami usuwania OTL, nowy skan zbędny. Log krótki = wklej wprost w poście.

 

 

 

.

[lukaszjaneczek125]

========== OTL ==========

File C:\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0 not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} deleted successfully.

C:\Users\Janeczek\Doctor Web folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Microsoft\Windows folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Microsoft folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS\vduserdata\themes folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS\vduserdata\images folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS\vduserdata\bottombar folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS\vduserdata\bin folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS\vduserdata folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo\CIS folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming\Comodo folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Roaming folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\LocalLow\Microsoft\Silverlight\InBrowser\Profiles folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\LocalLow\Microsoft\Silverlight\InBrowser folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\LocalLow\Microsoft folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\LocalLow folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Temp\WPDNSE folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Temp\CRX_75DAF8CB7768 folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Temp folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\WER\ERC folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\WER folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013020620130207 folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\History folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows\Explorer folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft\Windows folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Microsoft folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VHCCM4JZ\static.dealply.com\flash\dealply_swf_engine.swf folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VHCCM4JZ\static.dealply.com\flash folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VHCCM4JZ\static.dealply.com folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VHCCM4JZ folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\old_Cache_000 folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome\User Data folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google\Chrome folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local\Google folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData\Local folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek\AppData folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users\Janeczek folder moved successfully.

C:\VTRoot\HarddiskVolume2\Users folder moved successfully.

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\Dictionaries folder moved successfully.

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application folder moved successfully.

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Google\Chrome folder moved successfully.

C:\VTRoot\HarddiskVolume2\Program Files (x86)\Google folder moved successfully.

C:\VTRoot\HarddiskVolume2\Program Files (x86) folder moved successfully.

C:\VTRoot\HarddiskVolume2 folder moved successfully.

C:\VTRoot folder moved successfully.

C:\ProgramData\Shared Space folder moved successfully.

C:\Program Files\COMODO\COMODO Internet Security\scanners folder moved successfully.

C:\Program Files\COMODO\COMODO Internet Security folder moved successfully.

C:\Program Files\COMODO folder moved successfully.

C:\ProgramData\Comodo\Installer folder moved successfully.

C:\ProgramData\Comodo\Firewall Pro folder moved successfully.

C:\ProgramData\Comodo\CisDumps folder moved successfully.

C:\ProgramData\Comodo\Cis\wpTemp folder moved successfully.

C:\ProgramData\Comodo\Cis\WebDialogs\images folder moved successfully.

C:\ProgramData\Comodo\Cis\WebDialogs\css folder moved successfully.

C:\ProgramData\Comodo\Cis\WebDialogs folder moved successfully.

C:\ProgramData\Comodo\Cis\Quarantine\Temp\TempFiles folder moved successfully.

C:\ProgramData\Comodo\Cis\Quarantine\Temp folder moved successfully.

C:\ProgramData\Comodo\Cis\Quarantine\info folder moved successfully.

C:\ProgramData\Comodo\Cis\Quarantine\data folder moved successfully.

C:\ProgramData\Comodo\Cis\Quarantine folder moved successfully.

C:\ProgramData\Comodo\Cis\cmc2\local_trees folder moved successfully.

C:\ProgramData\Comodo\Cis\cmc2 folder moved successfully.

C:\ProgramData\Comodo\Cis folder moved successfully.

C:\ProgramData\Comodo folder moved successfully.

C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries\cis folder moved successfully.

C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries folder moved successfully.

C:\ProgramData\Comodo Downloader\cis\download\installs folder moved successfully.

C:\ProgramData\Comodo Downloader\cis\download folder moved successfully.

C:\ProgramData\Comodo Downloader\cis folder moved successfully.

C:\ProgramData\Comodo Downloader folder moved successfully.

C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine folder moved successfully.

C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\DRM folder moved successfully.

C:\Program Files (x86)\PC Tools\PC Tools Security\BDT folder moved successfully.

C:\Program Files (x86)\PC Tools\PC Tools Security folder moved successfully.

C:\Program Files (x86)\PC Tools folder moved successfully.

C:\Windows\SysNative\drivers\PCTSD64.sys moved successfully.

C:\Program Files (x86)\Common Files\PC Tools\pctEFA folder moved successfully.

C:\Program Files (x86)\Common Files\PC Tools\KDS folder moved successfully.

C:\Program Files (x86)\Common Files\PC Tools folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\SecurityScanner folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\SecurityPackage folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\SecurityLanguageFiles folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\SecurityDatabase folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM\1 folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0 folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager\Security folder moved successfully.

C:\ProgramData\PC Tools\DownloadManager folder moved successfully.

C:\ProgramData\PC Tools folder moved successfully.

C:\Windows\SysNative\drivers\sfi.dat moved successfully.

 

OTL by OldTimer - Version 3.2.69.0 log created on 02102013_192900

[picasso]

Nie odpowiedziałeś na pytanie:

 

Sprecyzuj na czym stoimy, jak kondycja systemu. Nie widzę tu już żadnych śladów infekcji.

 

 

 

.

[lukaszjaneczek125]

Sorki zapędziłem się i pominąłem ten wątek.

A więc tak kondycja systemu się podniosła, lecz komputer bardzo dużo zużywa pamięci ram. W moim przypadku to tylko 2Gb, więc mało jak na taki procesor, a używane jest,

mniej więcej 40% na "wolnym" dochodzi do 80 przy jakichś większych pracach na komputerze.

[picasso]

W ramach ukończenia czyszczenia systemu:

 

1. W OTL uruchom Sprzątanie, które skasuje z dysku OTL wraz z kwarantanną.

 

2. Wyczyść foldery Przywracania systemu: KLIK.

 

 

A więc tak kondycja systemu się podniosła, lecz komputer bardzo dużo zużywa pamięci ram. W moim przypadku to tylko 2Gb, więc mało jak na taki procesor, a używane jest,

mniej więcej 40% na "wolnym" dochodzi do 80 przy jakichś większych pracach na komputerze.

 

No cóż, nie wiem czy da się tu coś więcej uzyskać. Nie uruchamia się tu zbyt dużo obiektów niedomyślnych. Obecnie jest Avast z kombinacji z MBAM w wersji z czynnym rezydentem. Może sprawdź czy deaktywacja rezydenta MBAM coś tu wspomoże.

 

 

 

.