Trojan.GenericKD.2491143 oraz Gen:Variant.Adware.Graftor


(ziolos92) #1

Witam dzisiaj na komputerze pojawiły mi się komunikaty o wykryciu złośliwego oprogramowania szpiegującego Gen:Variant.Adware.Graftor oraz trojana Trojan.GenericKD.2491143. Bardzo proszę o pomoc jak się tego pozbyć.

Dodatkowo w przeglądarce wyskakują mi co jakiś czas milion reklam, blokowane są one przez Ad Block Plus ale chciałbym się tego pozbyć na stałe. Z góry dzięki za pomoc.

 

Logi:

FRST: http://www.wklej.org/id/1741637/

Addition: http://www.wklej.org/id/1741641/

Shortcut: http://www.wklej.org/id/1741644/


(Acorus) #2

Odinstaluj DealPly,DefaultTab,FlvPlayer,FoxTab,McAfee Security Scan Plus,Mobogenie,OnlineHDTV,WinZipper.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.


(ziolos92) #3

Programy odinstalowane, problem był z DefaultTab bo podczas odinstalowania pojawił sie komunikat:



(Acorus) #4

Brak loga Addition.txt


(ziolos92) #5

faktycznie przepraszam coś źle podałem link z wklejki.

 

Log z  Addition.txt : http://www.wklej.org/id/1745120/


(Acorus) #6

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {1B33A228-674A-4010-9BC7-EF256720C78C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1012Core => C:\Users\Sylwek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {8DBAC0DE-1311-400C-85D6-9F46C88EFDAE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1010UA => C:\Users\Zielak\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-24] (Facebook Inc.)
Task: {9355AF1F-692F-4C4E-AB02-E7A01DDCCD6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1010Core => C:\Users\Zielak\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-24] (Facebook Inc.)
Task: {9D4CD56C-0B09-4651-A90E-6221D1A308F7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1012UA => C:\Users\Sylwek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {CCB6EC11-9914-4FA7-90E0-EF1C330FBD08} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {E13C1BEF-A5AA-45E1-AE47-36791CDDA022} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F6AB495C-0D4E-438F-9E76-5868CC3D58EF} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [2015-02-17] (Dll-FIles.Com)
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1010Core.job => C:\Users\Zielak\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1010UA.job => C:\Users\Zielak\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1012Core.job => C:\Users\Sylwek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2369865761-143260294-4223742436-1012UA.job => C:\Users\Sylwek\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [GrooveMonitor] => D:\Programy\MS Office 2007\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2369865761-143260294-4223742436-1010\...\Run: [Facebook Update] => C:\Users\Zielak\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-24] (Facebook Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}
SearchScopes: HKLM -> {2A5B8467-CE9D-A158-AD18-3358EE35FA80} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2369865761-143260294-4223742436-1010 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF SearchEngineOrder.1: error
CHR HKLM\...\Chrome\Extension: [alcjopcbiogaaiiaoajkeblagibncmgi] - C:\ProgramData\SaveAs\alcjopcbiogaaiiaoajkeblagibncmgi.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [edcbaedcbaedcbaedcbaedcbaedcbajk] - C:\Program Files\vShare.tv plugin\vshareplg.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flglmiooihhlhcodbjmphdamonleehji] - C:\ProgramData\wxDownload\flglmiooihhlhcodbjmphdamonleehji.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S2 fshoster; "C:\Program Files\MultiSaver\fshoster32.exe" -hosterid:0 [X]
S3 FSMA; "C:\Program Files\MultiSaver\apps\ComputerSecurity\Common\FSMA32.EXE" [X]
S2 FSORSPClient; "C:\Program Files\MultiSaver\apps\CCF_Reputation\fsorsp.exe" [X]
U3 a0x8mknn; C:\Windows\system32\Drivers\a0x8mknn.sys [0] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 a9xckw26; C:\Windows\system32\Drivers\a9xckw26.sys [0] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
U3 aukkswg1; No ImagePath
U3 aww9k33u; No ImagePath
S3 F-Secure Gatekeeper; \\C:\Program Files\MultiSaver\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [X]
S1 F-Secure HIPS; \\C:\Program Files\MultiSaver\apps\ComputerSecurity\HIPS\drivers\fshs.sys [X]
S3 fsni; \\C:\Program Files\MultiSaver\apps\CCF_Scanning\fsni32.sys [X]
S1 fsvista; \\C:\Program Files\MultiSaver\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [X]
S1 tbfd_1_10_0_15; system32\drivers\tbfd_1_10_0_15.sys [X]
2015-06-18 22:43 - 2015-06-18 23:00 - 00000000 ____ D C:\AdwCleaner
2013-12-24 12:53 - 2014-04-27 19:00 - 0001703 _____ () C:\Program Files\Mozilla Firefoxnation-secure-search.xml
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.