Wkurzający wir


(Czyste789) #1

Witam

posiadam bardzo wkurzającego robaka a chodzi o BRONTOK.A[10] noi poprostu nie moge pobierać plików exe i jeszcze pare wkurzających rzeczy przez nieg nie moge robić jak go usunąć może jest jakiś szybkszy sposób niż skanowanie antywirem 5h mam windowsa 7 ultimate 64bit


(Acorus) #2

Użyj USBFix http://www.teamxscript.org/usbfixTelechargement.html

Kliknij w nim na przycisk "DELETION" (jeśli jakiś folder nazwałeś muza lub muzyka to zmień na inną przed użyciem USBFix.).

Daj raport z tego narzędzia.

Pokaż logi z OTL http://oldtimer.geekstogo.com/OTL.exe

Zaznacz-Wszyscy użytkownicy.Wszystkie panele-Użyj filtrowania.Zaznacz-infekcja LOP iPurity http://wstaw.org/m/2010/10/31/OTL.png.


(Czyste789) #3

ja mam w OTL jedną taką opcje której ty nie masz na zdjęciu http://wstaw.org/w/BOl/ zaznaczyć to?


(Acorus) #4

Zaznacz.


(Czyste789) #5

niestety teraz miałem reseta kompa (drugi raz) gdy w programie USBFix dochodzi do 48% pojawia się Blue screen i kicha teraz zaczne robić w OTL

-- Dodane 30.07.2011 (So) 19:23 --

ok gotowe oto log z OTL

4,00 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 73,76% Memory free

8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 368,10 Gb Total Space | 147,41 Gb Free Space | 40,05% Space Free | Partition Type: NTFS

Drive D: | 87,81 Gb Total Space | 29,79 Gb Free Space | 33,92% Space Free | Partition Type: NTFS

Drive E: | 9,74 Gb Total Space | 8,73 Gb Free Space | 89,63% Space Free | Partition Type: NTFS

Computer Name: PR0 | User Name: Arek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-640599061-3745230685-1845210949-1000\SOFTWARE\Classes]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{708DC396-5B5C-55FC-7019-BE7BB6787FB6}" = AMD Fuel

"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64

"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs

"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback

"WinRAR archiver" = Archiwizator WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai

"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All

"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy

"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean

"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common

"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese

"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English

"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1

"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German

"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor

"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding

"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox2

"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech

"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese

"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static

"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = Wiedźmin 2

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian

"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ArmA 2" = ArmA 2 Uninstall

"BattlEye" = BattlEye Uninstall

"BitComet" = BitComet 1.27

"Company of Heroes" = Company of Heroes

"EADM" = EA Download Manager

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"Gadu-Gadu 10" = Gadu-Gadu 10

"Łatka polonizacyjna GTA IV v0.98" = Łatka polonizacyjna GTA IV v0.98

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Usbfix" = UsbFix By El Desaparecido

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-640599061-3745230685-1845210949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Winamp Detect" = Detektor Winampa

"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


(Acorus) #6

Logi wrzucasz na wklej.org.

otl.txt i extras


(Czyste789) #7

ok zrobione

to log z pliku OTL.txt

http://wklej.org/id/569874/

a to z Extras:

http://wklej.org/id/569875/


(Acorus) #8

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt..Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Odinstaluj Winamp Toolbar.


(Leon$) #9

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile:


(Czyste789) #10

zrobiłem te dwa skrypty jak kazałeś po kolei oto LOGI.

LOG z usuwania:

http://wklej.org/hash/e0abcacdeee/

LOG z OTL.txt:

http://wklej.org/hash/69c220452e9/

LOG z EXTRAS:

http://wklej.org/hash/098246b88f2/


(Leon$) #11

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

W OTL kilknij CleanUp (Sprzątanie)

przeskanuj

Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI ... 12976.html

:slight_smile:


(Czyste789) #12

dzięki stary :slight_smile: śmiga jak nówka i rejestr czyściutki :smiley: