Wyskakujące reklamy w prawym dolnym rogu ekranu; trojany

Dla specjalistów Bezpieczeństwo
#1

Witam. Problem jak wyżej. Reklamy wyskakują z nieregularną częstotliwością (kilka razy dziennie), niezależnie od uruchomionych przeglądarek, lub aplikacji. W trakcie ostatniego skanowania AVG wykrył 14 zagrożeń w tym kilka trojanów. Oto logi:

 

 

OTL:

http://www.wklej.org/id/1496579/

 

Extras:

http://www.wklej.org/id/1496583/

 

 

FRST:

http://www.wklej.org/id/1496612/

 

Addition:

http://www.wklej.org/id/1496615/

 

Shortcut:

http://www.wklej.org/id/1496613/

 

 

 

#2

Odinstaluj Search Assistant WebSearch 1.74,Spybot - Search & Destroy,TornTV.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

#3

Gotowe, oto logi:

 

FRST:

http://www.wklej.org/id/1496662/

 

Addition:

http://www.wklej.org/id/1496665/

 

Shortcut:

http://www.wklej.org/id/1496667/

#4

Otwórz Notatnik i wklej:

Task: {002DDB3D-C877-40E0-BC50-8CA2459F214C} - System32\Tasks\{4CEA2379-C70E-4CAA-853A-108A9B578AE4} = Iexplore.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {103AB8D5-FB02-4F31-A23E-3C08C4943068} - System32\Tasks\{6A0FE002-14C7-4E01-9DAF-E19C037FA42D} = Iexplore.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=5.3.0.120.259amp;LastError=404
Task: {191936AB-4029-46A8-A595-9F868C49B486} - System32\Tasks\{1574BF7F-8591-4E48-A90D-495DD372B6A5} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {1E90608D-5A51-42F7-9F42-26FA6FD3A744} - System32\Tasks\{CDA18BF5-EBBC-4C99-9E04-C6EA209D5315} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {5D1D55DF-A45E-40AC-8D60-3DD23447B57A} - System32\Tasks\4892 = Wscript.exe C:\Users\Kaspian\AppData\Local\Temp\launchie.vbs //B ==== ATTENTION
Task: {764E39FA-4505-424A-BCF7-2EA293C9EB59} - System32\Tasks\{D0980631-3EFB-431C-9F10-ECAEE1F34B7C} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {85BB728E-C286-4C6A-B2FC-CFD4B457BCD9} - System32\Tasks\{DAD07C32-7D5E-4BC6-8230-148B59BAD992} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {9CC361EE-1A1A-4A8C-98BE-FE9A5BFB4EC8} - System32\Tasks\0 = Iexplore.exe ==== ATTENTION
Task: {AACDB618-B570-4D13-97D2-6343109C10DA} - System32\Tasks\{8DBD480F-EE88-4D7B-A778-4C8FD439D550} = Iexplore.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {B8B103B6-8089-498F-AFD8-4756CA26D1C0} - System32\Tasks\{81B5094F-68B1-45E6-987E-42F731074B1E} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {C0B04BB4-7C20-4224-B93E-87A01C3DAEA7} - System32\Tasks\{168A0F52-84CA-4242-8D88-55B24294B35B} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {C4298BB1-E287-4ACE-87AE-0497BDC0FE1C} - System32\Tasks\{3A35BDE4-D709-4A2B-B29F-A6DA08C35458} = Iexplore.exe http://ui.skype.com/ui/0/5.9.0.115.259/pl/abandoninstall?page=tsMain
Task: {D4CB26A1-2F82-4222-9092-DE36D063C4C7} - System32\Tasks\{6EDCF0F6-8D50-4D02-A08B-28DA594A453B} = Iexplore.exe http://ui.skype.com/ui/0/6.11.0.102/pl/abandoninstall?page=tsProgressBar
Task: {E6DAC3D0-CCB7-450C-B0AE-1AAAA4FB4D4D} - System32\Tasks\{D51DCAF2-4B66-4456-A25C-4BC8245EF360} = Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {FD769D54-10D5-499D-A5F9-52F2A196FCDC} - System32\Tasks\{1EB7C855-E6A8-4110-99DA-9DF59364900F} = Iexplore.exe http://ui.skype.com/ui/0/5.9.0.123/pl/abandoninstall?page=tsMain
AlternateDataStreams: C:\Windows:76E84FCD9283E22A
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\Run: [AVG-Secure-Search-Update_0913b] = C:\Users\Kaspian\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 7b89e19df1ae47d1bbadf123ccfd79cd-138b05fc9b6aad3eb32067ed35d082dcffa4ac8f --CMPID 0913b
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {040ed678-8c6b-11e1-968c-206a8a19903e} - E:\PcOptions.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {22b5cf3f-7551-11e3-99eb-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {23d44112-25e8-11e3-bc5f-dacb1803b22f} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {23d44133-25e8-11e3-bc5f-dacb1803b22f} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {26e3e8e9-78eb-11e0-8639-70f1a1d90a4e} - F:\autoplay.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {74db4ca2-8c78-11e0-8b71-206a8a19903e} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {905c7c80-ed12-11e1-8a91-206a8a19903e} - E:\SISetup.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {93b79583-8bad-11e0-a60f-70f1a1d90a4e} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {93b795a3-8bad-11e0-a60f-70f1a1d90a4e} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {9ebbd5e1-e262-11e1-8ba1-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {9ebbd621-e262-11e1-8ba1-206a8a19903e} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {9ebbd66e-e262-11e1-8ba1-206a8a19903e} - E:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {ae5d526f-5deb-11e3-be4a-c5bab7221fc7} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {ae5d5277-5deb-11e3-be4a-c5bab7221fc7} - H:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {b8e0b0e7-749c-11e3-8848-b44e3a757f2d} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c1b17d39-4702-11e3-982b-887107175852} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c1b17d43-4702-11e3-982b-887107175852} - G:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {c1b17d59-4702-11e3-982b-887107175852} - H:\AutoRun.exe
HKU\S-1-5-21-4131202851-2711608564-3124560631-1000\...\MountPoints2: {e6620832-8c77-11e0-949c-70f1a1d90a4e} - E:\AutoRun.exe
SearchScopes: HKCU - {599A961E-7796-4B26-98F2-4F422963E03F} URL = http://searchou.com/?q={searchTerms}id=a43664880000000000007af1a1d90a4er=784
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: http://websearch.youwillfind.info/?pid=512r=2013/05/01hid=235766573lg=ENcc=PLl=1q=
FF SelectedSearchEngine: Conduit Search
R2 MobogenieService; C:\Program Files (x86)\Mobogenie3\MobogenieService.exe [113344 2014-09-23] (Mobogenie.com)
S2 appdrvrem01; %SystemRoot%\System32\appdrvrem01.exe svc [X]
S3 AIDA32Driver; \\C:\Users\Kaspian\AppData\Local\Temp\aida32.sa6 [X]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 X6va015; \\C:\Windows\SysWOW64\Drivers\X6va015 [X]
2014-10-23 17:55 - 2014-10-23 18:04 - 00000000 ____ D () C:\AdwCleaner
2014-10-23 17:50 - 2012-11-07 00:36 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2014-10-23 17:50 - 2012-11-07 00:36 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

Po 40 minutach przerwałem działanie FRST.

 

fixlog:

http://www.wklej.org/id/1496736/

#6

Skasuj folder C:\FRST

Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).

#7

Gotowe, co dalej?

#8

Nic dalej .To wszystko.

#9

Dziękuję pięknie za pomoc. :ok: