Robak Brontok a 10

[didoza16]

Witam Jestem nowy na tym forum, to mój pierwszy post.

Jezeli zly dzial prosze o przeniesienie.

 

Mam problem z robakiem BRONTOK A 10 ciagle restartuje mi komputer.

Nie orientuje sie jak go usunać wiem ze chodzi o logi z OTL ale nie wiem co z nimi dalej zrobic ;/

Prosze o pomoc

 

Log OTL: http://www.wklej.org/id/912393/

 

Z góry dzieki z pomoc. Pozdrawiam

[jessica]

Brak logu Extras.txt (czyli przed skanem musisz zaznaczyć "Użyj filtrowania" w polu "Rejestr-skan dodatkowy).

 

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

 

:OTL

MOD - [2012-12-30 00:27:17 | 000,548,910 | ---- | M] () -- C:\Users\Zarzec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe

MOD - [2008-12-30 18:43:18 | 000,042,675 | ---- | M] () -- C:\Users\Zarzec\AppData\Local\winlogon.exe

MOD - [2008-12-30 18:43:18 | 000,042,675 | ---- | M] () -- C:\Users\Zarzec\AppData\Local\services.exe

MOD - [2008-12-30 18:43:18 | 000,042,675 | ---- | M] () -- C:\Users\Zarzec\AppData\Local\lsass.exe

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = "http://www.v9.com/?utm_source=b&utm_medium=ins&from=ins&uid=132775_34605056_230351775_3219913727_22EB97C9&ts=1342730778"

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.v9.com/?utm_source=b&utm_medium=ins&from=ins&uid=132775_34605056_230351775_3219913727_22EB97C9&ts=1342730778"

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}"

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = "http://www.v9.com/?utm_source=b&utm_medium=ins&from=ins&uid=132775_34605056_230351775_3219913727_22EB97C9&ts=1342730778"

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://isearch.avg.com/?cid={F94D0447-933E-4D5E-AF6B-D71BCF96B3B3}&mid=5d3bbe66ffca47d08cbc359c7bbcd21d-02c5277d5313e246256578827a02452824cd2e40&lang=pl&ds=st011&pr=sa&d=2012-07-09 13:20:04&v=11.1.0.12&sap=hp"

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = "http://search.v9.com/web/?q={searchTerms}"

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = "http://isearch.avg.com/search?cid={F94D0447-933E-4D5E-AF6B-D71BCF96B3B3}&mid=5d3bbe66ffca47d08cbc359c7bbcd21d-02c5277d5313e246256578827a02452824cd2e40&lang=pl&ds=st011&pr=sa&d=2012-07-09 13:20:04&v=11.1.0.7&sap=dsp&q={searchTerms}"

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = "http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}"

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found

O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\Run: [ALLUpdate] "D:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" File not found

O4 - HKCU..\Run: [EA Core] "D:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [Eyeball Chat] "D:\Program Files (x86)\Eyeball Networks\Eyeball Chat\EyeballChat.exe" -min File not found

O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Users\Zarzec\AppData\Local\smss.exe ()

O4 - Startup: C:\Users\Zarzec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()

O4 - Startup: C:\Users\Zarzec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)

[2012-12-31 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-31

[2012-12-19 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-19

[2012-12-18 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-18

[2012-12-17 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-17

[2012-12-16 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-16

[2012-12-15 11:52:38 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-15

[2012-12-14 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-14

[2012-12-13 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-13

[2012-12-12 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-12

[2012-12-11 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-11

[2012-12-10 08:20:52 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-10

[2012-12-09 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-9

[2012-12-08 10:50:27 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-8

[2012-12-07 09:53:07 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-7

[2012-12-06 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-6

[2012-12-05 10:39:22 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-5

[2012-12-04 08:48:43 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-4

[2012-12-03 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Zarzec\AppData\Local\Bron.tok-12-3

[2013-01-02 00:58:15 | 000,012,393 | ---- | M] () -- C:\Users\Zarzec\AppData\Local\Update.12.Bron.Tok.bin

[2013-01-02 00:30:18 | 000,012,393 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\Bron.tok.A12.em.bin

[2012-12-30 00:27:17 | 000,548,910 | ---- | C] () -- C:\Users\Zarzec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\winlogon.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\smss.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\services.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\lsass.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\inetinfo.exe

[2012-11-20 17:25:52 | 000,042,675 | ---- | C] () -- C:\Users\Zarzec\AppData\Local\csrss.exe

 

:Commands

[emptytemp]

 

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

2) Użyj Malwarebytes Anti-Malware

Na końcu kliknij na Usuń zaznaczone.

Podaj z tego raport.

 

3) Odinstaluj program mający w nazwie "V9"

 

4) Użyj AdwCleaner.

Kliknij w nim Usuń

Pokaż raport z niego C:\AdwCleaner[s1].txt

[didoza16]

Program o nazwie "V9" został usunięty

 

Logi

 

otl raport s usuwania: http://www.wklej.org/id/912538/

 

malwarebytes: http://www.wklej.org/id/912539/

 

adw-cleaner: http://www.wklej.org/id/912541/

 

Czy teraz jest juz ok?

 

Dzięki wielkie za pomoc

[jessica]

Pokaż nowy log OTL.txt

 

Nie dałeś nowego logu z OTL.

Raczej będzie już bez BRONTOK'a, więc po daniu tego nowego logu OTL będziesz już mógł spokojnie, bez nerwów, czekać aż @Picasso lub @Landuss, powróci z urlopu (nie wiem, kiedy), i oceni aktualną sytuację.

[didoza16]

Oto nowy Log OTL: http://www.wklej.org/id/912626/

[Landuss]

Wykonaj czynności kończące:

 

1. Użyj opcji Sprzątanie z OTL.

 

2. Opróżnij przywracanie systemu: KLIK

 

3. Sprawdź wersję oprogramowania i w miarę potrzeby je zaktualizuj. Szczegóły aktualizacyjne: KLIK