Ciągle powracający wirus

Dla specjalistów Bezpieczeństwo
#1

Siemka, mam problem z trojanem, który się nazywa Generic7_c.AT i znajduje się w c:\Users\Krzysiek24\ivscjcqv.exe. Problem polega na tym że gdy go usuwam za pomocą w AVG on wraca,

usuwałem go ręcznie ale on i tak po usunięciu 1 sec wraca spowrotem. Czy ma ktoś jakieś pomysły dotyczące tego problemu ?

Prosze pomocy ; /

#2

OTL - Raport obowiązkowy:

analiza-dezynfekcja-zestaw-nieingerencyjnych-narzedzi-t485632.html#p3059741

#3

Extras: http://www.wklej.org/id/937437/

OTL: http://www.wklej.org/id/937439/

Prosze o szczegółową pomoc… jestem zielony

#4

Odinstaluj jeden program antywirusowy, bo masz Trend Micro Internet Security i AVG.

Wyłącz AVG na czas usuwania.

Do okna Własne opcje skanowania / skrypt wklej:

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

#5

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Setwallpaper deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IR_SERVER deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1727357300-3061399090-948532849-1000\Software\Microsoft\Windows\CurrentVersion\Run\ALLUpdate deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1727357300-3061399090-948532849-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig deleted successfully.

C:\Users\Krzysiek24\ivscjcqv.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1727357300-3061399090-948532849-1000\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1727357300-3061399090-948532849-1000\Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus-2520 deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.

C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.

C:\Windows\Tasks\Norton Security Scan for Krzysiek24.job moved successfully.

========== FILES ==========

C:\Users\Krzysiek24\ivscjcqv.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 58264 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Krzysiek24

->Temp folder emptied: 109641918 bytes

->Temporary Internet Files folder emptied: 106081681 bytes

->Java cache emptied: 50736431 bytes

->Google Chrome cache emptied: 263667578 bytes

->Flash cache emptied: 59554 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 76451770 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028695 bytes

RecycleBin emptied: 1186972310 bytes

Total Files Cleaned = 1 745,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_192152

Files\Folders moved on Reboot…

C:\Users\Krzysiek24\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

#6

Wszystkie logi na wklej.org.

Poz tym czytaj odpowiedzi, bo masz pokazać nowy log.