Robak tworzący skrót do pendrive'a


(Dannn1990) #1

Problem tak jak w temacie- przy kazdym podlaczeniu pendrive'a tworzony jest w nim skrót do niego.

 

USBFix listing

 

http://wklej.org/id/1720318/

 

OTL

 

http://wklej.org/id/1720342/

 

Z góry dziękuję za pomoc :slight_smile:

 


(Acorus) #2

Podepnij pendriva.Użyj USBFix z funkcji Usuń(Clean).Pokaż z niego log.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Dannn1990) #3

USBFix clean

http://wklej.org/id/1720368/

 

FRST

http://wklej.org/id/1720373/

 

Addition

http://wklej.org/id/1720375/


(Acorus) #4

Odinstaluj Akamai NetSession Interface,PDFCreator Bundle by Fileparade.com,Rock Turner.Otwórz notatnik systemowy i wklej:

CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-442694531-2257747374-3850638433-1002\...\Policies\Explorer: []
HKU\S-1-5-21-442694531-2257747374-3850638433-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\mstjsupvn.exe <===== ATTENTION
HKU\S-1-5-21-442694531-2257747374-3850638433-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: []
URLSearchHook: [S-1-5-21-442694531-2257747374-3850638433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-442694531-2257747374-3850638433-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-442694531-2257747374-3850638433-1002 -> {C903A1BC-5ADB-41EA-A767-39DF1AAC4C66} URL =
SearchScopes: HKU\S-1-5-21-442694531-2257747374-3850638433-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C903A1BC-5ADB-41EA-A767-39DF1AAC4C66} URL =
CHR Extension: (Bookmark Manager) - C:\Users\Aleksandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
2015-05-14 12:22 - 2015-03-19 00:24 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Dannn1990) #5

http://wklej.org/id/1720430/


(Acorus) #6

To nie jest nowy log z FRST. 


(Dannn1990) #7

http://wklej.org/id/1721601/


(Acorus) #8

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [YouCam Tray] = C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] = C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-442694531-2257747374-3850638433-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Dannn1990) #9

http://wklej.org/id/1722286/

 

coś jeszcze trzeba zrobić, czy już wszystko jest ok?

dziekuje za pomoc


(Acorus) #10

Skasuj folder C:\FRST