Trojan JS/kryptik jak się go pozbyć?


(Fokus310) #1

Witam NOD wykrył mi trojana JS/kryptik jednak nie może go usunać czy ma ktoś jakiś pomysł by się go pozbyć ?


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Fokus310) #3

przesyłam teksty o które prosiłeś

Addition.txt

FRST.txt


(Acorus) #4

Otwórz Notatnik i wklej:

Task: {6107D1B7-875E-49D6-ABC3-56516E8360B4} - System32\Tasks\plushd8.1-codedownloader => C:\Program Files (x86)\plushd8.1\plushd8.1-codedownloader.exe
Task: C:\Windows\Tasks\plushd8.1-codedownloader.job => C:\Program Files (x86)\plushd8.1\plushd8.1-codedownloader.exe
HKU\S-1-5-21-4278990100-285794306-1897750825-1002\...\MountPoints2: {0131e786-ca48-11e3-8369-645a04b9f384} - "G:\.\ShowModem.exe"
HKU\S-1-5-21-4278990100-285794306-1897750825-1002\...\MountPoints2: {13d0ba8b-7aa4-11e3-825e-645a04b9f384} - "E:\setup.exe"
AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found
AppInit_DLLs: c:\progra~2\linkey\ieexte~1\iedll64.dll => c:\progra~2\linkey\ieexte~1\iedll64.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: plushd8.1 -> {11111111-1111-1111-1111-110511111108} -> No File
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SearchEngineOrder.1: default-search.net
FF SearchPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ds7wq4f6.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: Plus-HD-8.1 - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ds7wq4f6.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-07-11]
FF Extension: Site Matcher - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ds7wq4f6.default\Extensions\sitematchersitesrc@sitematchersitesrc.com [2014-07-22]
FF Extension: Site Explorer - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ds7wq4f6.default\Extensions\sitenew@sitenew.com [2014-07-22]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-04] (StdLib)
2014-07-04 10:42 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-04 22:49 - 00000000 ____ D () C:\Users\Adam\AppData\Roaming\SimilarAddon
2014-07-04 22:49 - 2014-07-04 22:49 - 00000000 ____ D () C:\Program Files (x86)\SiteLookup
C:\ProgramData\ChgService.exe
CMD: del /f /s /q %TEMP%\*.*

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Fokus310) #5

zrobiłem dokładnie tak jak mówiłeś, nod nie wykrywa mi już tego trojana, czy mam jeszcze raz wysłać Ci logi addition i frst ?


(Acorus) #6

Nie.Skasuj folder C:\FRST

Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).