Jak usunąć PSW.Papras.DH koń trojański


(Adambacz) #1

Zainfekowałem sobie komputer wirusem jak w tytule. Nie mogę uruchomoś żadnego programu. Programy działają w trybie awaryjnym. Nie wiem co mam zrobić i proszę o pomoc.

Addition.txt

FRST.txt


(Atis) #2

Logi należy umieszczać na wklej.org

Logi utworze na wbudowanym koncie Administrator, więc zaloguj się na własne konto.


(Adambacz) #3

OK. Już się poprawiam.

“Addition.txt” http://wklej.org/id/1690886/

“FRST.txt” http://wklej.org/id/1690891/


(Atis) #4

Nie cytuj moich odpowiedzi.

Odinstaluj ten szkodliwy program YAC(Yet Another Cleaner.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKU\S-1-5-21-1547161642-1292428093-839522115-1003\...\Winlogon: [Shell] C:\Program Files\Adobe\Photoshop 7.0 CE\CE Support\hsdpa\fan_control.exe,explorer.exe <==== ATTENTION 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
Toolbar: HKU\S-1-5-21-1547161642-1292428093-839522115-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-20] (Elex do Brasil Participações Ltda)
S2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [0 2014-09-20] () <==== ATTENTION (zero size file/folder)
S2 watchdog_timer; C:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_pl_b03f5f7f11d50a3a\volt_ampere\transmission_gate.exe [263168 2015-04-18] (Company 'gora-sah') [File not signed]
S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-03-20] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83752 2015-03-20] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [56232 2015-02-15] (Elex do Brasil Participações Ltda)
R1 {38c95e98-da81-4038-a23a-50d0e098cff8}t; C:\WINDOWS\System32\drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}t.sys [55824 2015-03-20] (StdLib)
S4 IntelIde; No ImagePath
2015-04-18 10:08 - 2015-04-18 08:56 - 00822120 _____ () C:\Documents and Settings\Adam\Pulpit\yet_another_cleaner_sk_962721.exe
2015-04-18 09:50 - 2015-04-18 09:50 - 00001555 _____ () C:\Documents and Settings\All Users\Pulpit\YAC.lnk
2015-04-18 09:50 - 2015-04-18 09:50 - 00001555 _____ () C:\Documents and Settings\All Users\Menu Start\YAC.lnk
2015-04-18 09:50 - 2015-04-18 09:50 - 00000000 ____ D () C:\Program Files\Elex-tech
2015-04-18 09:50 - 2015-04-18 09:50 - 00000000 ____ D () C:\Documents and Settings\All Users\Menu Start\Programy\YAC
2015-04-18 09:50 - 2015-04-18 09:50 - 00000000 ____ D () C:\Documents and Settings\Adam\Dane aplikacji\Elex-tech
2015-04-18 09:50 - 2015-03-20 05:49 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2015-04-18 09:50 - 2015-02-15 10:37 - 00056232 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-04-18 09:08 - 2015-04-18 09:08 - 00000000 ____ D () C:\Documents and Settings\Adam\Dane aplikacji\eCyber
2015-04-17 16:00 - 2015-04-17 22:34 - 00000054 _____ () C:\WINDOWS\LeHysxKOjKkDVL
2015-04-17 06:29 - 2015-04-17 06:29 - 00541610 _____ () C:\WINDOWS\pyrzef.sep
2015-04-17 06:29 - 2015-04-17 06:29 - 00008371 _____ () C:\WINDOWS\saty.qdq
2015-04-17 06:27 - 2015-04-17 06:27 - 00230675 _____ () C:\WINDOWS\cgvofpw.bwy
2015-04-17 06:27 - 2015-04-17 06:27 - 00000676 _____ () C:\WINDOWS\zia.xsm
2015-04-17 06:17 - 2015-04-18 12:55 - 00000463 _____ () C:\WINDOWS\aqveq.ilw
2015-04-17 06:16 - 2015-04-18 12:55 - 00001077 _____ () C:\WINDOWS\qbdsw.ecj
2015-03-21 10:19 - 2015-03-20 14:04 - 00055824 _____ (StdLib) C:\WINDOWS\system32\Drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}t.sys
2015-03-31 20:57 - 2014-06-20 16:44 - 00000000 ____ D () C:\Program Files\SupTab
C:\Windows\System32\UTSCSI.EXE
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1547161642-1292428093-839522115-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
Task: C:\WINDOWS\Tasks\Update Service GoForFiles.job => C:\Program Files\GoForFilesUpdater\GoForFilesUpdater.exehttp:/www.fansfile.biz <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Adambacz) #5

Według zaleceń:

“Fixlog” http://www.wklej.org/id/1690917/

“FRST” http://www.wklej.org/id/1690920/


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

S2 quantum_physics; C:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_pl_b03f5f7f11d50a3a\volt_ampere\sample_rate.exe [259584 2015-03-18] (Company 'gora-sah') [File not signed]
2015-04-18 12:54 - 2015-04-18 12:54 - 00000000 ____ D () C:\Documents and Settings\Adam\Pulpit\FRST-OlderVersion
2015-04-15 06:12 - 2015-04-15 06:12 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-03-19 23:39 - 2014-12-18 17:59 - 00000000 ____ D () C:\Program Files\Bitdefender
2015-03-19 23:38 - 2014-12-18 17:57 - 00000000 ____ D () C:\Program Files\Common Files\Bitdefender
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Wyłącz i ponownie włącz przywracanie systemu: http://support.microsoft.com/kb/310405/pl

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj Adobe Reader 9.5.0 i zainstaluj Adobe Reader XI 11.0.10


(Adambacz) #7

Wygląda na to, że już OK.

Atis serdeczne dzięki za pomoc, bez Ciebie nie wiedziałbym co robić.

Jeszcze raz dziękuję.