Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

BRONTOKA 10 - BRONTOK.A[10] Infekcja komputera -

08 Lut 2014 16:21 1194 6
  • Poziom 2  
    Witam na komputerze brata wyskakuje zielone okno z wirusem brontoka 10, tak jak w poprzednich tematach sciagnalem otl wykonalem skany czego wynikiem sa dwa pliki :
    extras - wklej .org/id/1266354/
    otl - wklej. org/id/1266357/
    teraz czekam az Malwarebytes przesknuje dyski.... Prosze o pomoc ! :cry: :|
  • Pomocny post
    Spec od komputerów
    Odinstaluj:
    Bing Bar
    Delta toolbar
    Delta Chrome Toolbar
    GoforFiles
    QuickShare

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun:
    http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2013-12-31 17:57:44 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Pemo\AppData\Local\Smartbar\Application\QuickShare.exe
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=119293&babsrc=HP_ss_pr&mntrId=F82D5404A6719708
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=QuickObrw&d...67ced901&searchtype=hp&installDate=18/03/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=QuickObrw&d...-b168-44b8-8bf6-421167ced901&searchtype=ds&q={searchTerms}&installDate=18/03/2013
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe ()
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - Startup: C:\Users\Pemo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
    [2014-01-27 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-27
    [2014-01-26 13:36:26 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-26
    [2014-01-25 00:37:33 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-25
    [2014-01-24 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-24
    [2014-01-23 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-23
    [2014-01-22 17:44:17 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-22
    [2014-01-21 21:28:56 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-21
    [2014-01-16 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-16
    [2014-01-15 18:00:12 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-15
    [2014-01-14 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-14
    [2014-01-13 18:18:37 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-13
    [2014-01-11 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-11
    [2014-01-10 11:45:29 | 000,000,000 | ---D | C] -- C:\Users\Pemo\AppData\Local\Bron.tok-12-10
    [2014-02-08 15:54:19 | 000,012,393 | ---- | C] () -- C:\Users\Pemo\AppData\Local\Update.12.Bron.Tok.bin
    [2014-02-08 15:43:19 | 000,012,393 | ---- | C] () -- C:\Users\Pemo\AppData\Local\Bron.tok.A12.em.bin

    :Files
    C:\Users\Pemo\AppData\Local\*.exe

    :Commands
    [resethosts]
    [emptytemp]


    Po wykonaniu daj nowy log ze skanowania z OTL. Dodatkowo zaznacz: lop, purity, wszyscy uzytkownicy.
  • Pomocny post
    Spec od komputerów
    Nowy skrypt:

    :OTL
    [2013-04-06 22:37:28 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Pemo\AppData\Roaming\mozilla\Firefox\Profiles\keqroyzh.default\extensions\{87a0ff37-b168-44b8-8bf6-421167ced901}
    O4 - HKU\S-1-5-21-3785626196-2034679312-2139065743-1001..\Run: [Tok-Cirrhatus] "C:\Users\Pemo\AppData\Local\smss.exe" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    [2014-02-08 16:41:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-02-08 16:49:10 | 000,000,222 | ---- | C] () -- C:\Users\Pemo\AppData\Local\BronNetDomList.bat
  • Pomocny post
    Spec od komputerów
    Wybierz w OTL Sprzatanie i to wszystko.
  • Poziom 2  
    Dzieki za pomoc ;)