Infekcja trojanem

pat13th · 14 Styczeń 2014 14:05

Mam pewien problem z wirusami i bardzo przydałaby mi się pomoc.

Skan z OTL

http://wklej.org/id/1235853/

http://wklej.org/id/1235854/

Acorus · 14 Styczeń 2014 14:22

Przeskanuj progr.Malwarebytes Anti-Malware http://www.malwarebytes.org/products/malwarebytes_free/

Pokaż nowe logi.

Atis · 14 Styczeń 2014 14:23

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [12331901] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12313896\1341901.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [1ne331] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe (Skype)
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [ab3331] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe (deepxw)
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [Adobe System Incorporated] C:\Users\Patryk\AppData\Local\Temp\Adobe\Reader_sl.exe (Skype)
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw411r9] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r19] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r2] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r3] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r4] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568145\atnxwa5.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r6] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [antaw4r7] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [asaba3tsh] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [bja1190] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189896\bj1a190.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [bja90] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189897646\bja90.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [s2361a121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe ()
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [Tinant] C:\Users\Patryk\AppData\Roaming\Identities\Tinant.exe (Skype)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 48268 = c:\progra~3\msrsna.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe (deepxw)
[2014-01-14 10:33:18 | 000,187,392 | -HS- | C] (Skype) -- C:\Users\Patryk\AppData\Roaming\c731200
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=- 
:Files
rd /s /q C:\RECYCLER /c
:Commands
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

pat13th · 14 Styczeń 2014 14:38

Raport http://wklej.org/id/1235894/

OTL http://wklej.org/id/1235903/

Extras http://wklej.org/id/1235904/

Atis · 14 Styczeń 2014 14:46

Odinstaluj KMP Service.

Wklej i kliknij Wykonaj skrypt:

:OTL
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [Tinant] C:\Users\Patryk\AppData\Roaming\Identities\Tinant.exe File not found
O4 - HKU\S-1-5-21-1731878681-1430448530-4119942438-1001..\Run: [xetcwow] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe) - File not found
:Files
C:\Users\Patryk\AppData\Roaming\*.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"TaskMan"=-

Uruchom OTL i kliknij Sprzątanie.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.

http://wstaw.org/m/2012/12/29/2012-12-29_005346.png

pat13th · 14 Styczeń 2014 16:11

Malwarebytes Anti-Malware

http://wklej.org/id/1236031/

http://wklej.org/id/1236034/

OTL

http://wklej.org/id/1236037/