Trojan.Downloader

Buna ziua,
Am o problema cu un trojan .. Dupa fiecare restart reapare din nou ,mereu cu un alt nume,pe langa asta imi incarca si Procesorul ,acum e mereu peste 30%,aseara cand a inceput a fost peste 60-70% .. chiar 90%.Am pus Log-ul de la 3 scanari cu Mawarebytes ,de fiecare data il gaseste si zice sa dau restart ,apoi dupa restart din nou aceeasi poveste,procesorul peste 30% si daca fac o scanare apare din nou in folderul Temp sub alt nume. Totul a inceput de cand am facut update la windows ,sincer nu stiu ce sa fac..
O zi buna.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 3:19:24 AM
mbam-log-2013-04-13 (03-19-24).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462233
Time elapsed: 1 hour(s), 38 minute(s), 15 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\winhany.exe (Trojan.Downloader) -> 6000 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Costy\AppData\Local\Temp\winhany.exe (Trojan.Downloader) -> Delete on reboot.
C:\dwchv.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\winevqh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\rslwt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 12:55:27 PM
mbam-log-2013-04-13 (12-55-27).txt
Scan type: Custom scan (C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 5 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe (Trojan.Downloader) -> 4460 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe (Trojan.Downloader) -> Delete on reboot.
(end)
-------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 2:38:21 PM
mbam-log-2013-04-13 (14-38-21).txt
Scan type: Custom scan (C:\Users\Costy\AppData\Local\Temp|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 5734
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\abgrs.exe (Trojan.Downloader) -> 2680 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Costy\AppData\Local\Temp\abgrs.exe (Trojan.Downloader) -> Delete on reboot.
(end)

Descarca si scaneaza folosind Kaspersky Virus Removal Tool. Vezi daca asa il elimina. Daca nu, o sa fie nevoie probabil de un rescue disk.

Poate ajuta,merita incercat:
http://science.oppos...oader-7448.html

Am incercat metoda lui Ann0nyym0us si din cate observ procesorul a ajuns din nou la 0% ,ceea ce e de bine sper.
Mi-a gasit niste Win32.Sality.gen ,stergandu-mi niste jocuri si programe ,dar nimic important.
Multumesc din nou,sper sa nu mai apara nici o problema.
O zi buna

Eram convins ca e Saility; ce nu inteleg este de ce nu l-a recunoscut Malwarebytes, ca doar il in semnaturi.

Oricum, sunt mari sanse sa fi ramas niste resturi de malware prin fisiere, asa ca te sfatuiesc sa descarci SalityKiller si sa-l rulezi cu drepturi de administrator (Click Dreapta -> Run As Administrator). Dupa ce scaneaza si rupe procese care poate mai misuna prin Windows, ideal ar fi sa mai scanezi odata cu un removal tool (de preferabil tot cel de la kasperksy).