Witam mam problem z bardzo dokuczliwym wirusem który zmienia foldery z pendraiwa na skróty do nich, do folderu da się dostać poprzez wpisanie ścieżki dostępu ale i tak jest to dość uciążliwe, AVG i mksvir nie radzą sobie z tym problemem. Proszę o podpowiedz jak sobie z tym porodzić.
W tym dziale podajemy loga OTL instrukcja otl-gmer-rsit-dss-inne-instrukcje-t370405.html
Dodatkowo z podłączonymi urządzeniami przenośnymi użyj USBFIxa [http://www.fixitpc.pl/topic/8-dezynfekc … 4entry74](http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page p 74) z opcją Listing pokaż raport na forum
oto log z USBfi
############################## | UsbFix 7.045 | [Listing]
User: admin (Administrator) # XERO7-7602F48B5 []
Updated 15/05/2011 by TeamXscript
Started at 13:22:18 | 17/05/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Athlon 64 X2 Dual Core Processor 3600+
CPU 2: AMD Athlon 64 X2 Dual Core Processor 3600+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | (!) Outdated]
RAM -> 3326 Mb
C:\ (%systemdrive%) -> Fixed drive # 30 Gb (7 Mb free - 24%) [] # NTFS
D:\ -> Fixed drive # 203 Gb (173 Mb free - 85%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Removable drive # 958 Mb (0 Mb free - 0%) [] # FAT32
J:\ -> Fixed drive # 932 Gb (686 Mb free - 74%) [Elements] # NTFS
################## | Listing |
[10/05/2011 - 08:28:52 | HD] C:$AVG
[19/04/2011 - 09:47:12 | A | 0] C:\AUTOEXEC.BAT
[19/04/2011 - 10:04:48 | RSH | 223] C:\boot.ini
[22/07/2001 - 01:13:54 | RASH | 4952] C:\Bootfont.bin
[17/05/2011 - 10:32:29 | SHD] C:\Config.Msi
[19/04/2011 - 09:47:12 | A | 0] C:\CONFIG.SYS
[19/04/2011 - 12:26:59 | D] C:\Documents and Settings
[17/05/2011 - 13:12:33 | A | 89096] C:\Ganja1.exe
[19/04/2011 - 09:47:12 | RASH | 0] C:\IO.SYS
[04/05/2011 - 20:04:53 | A | 7534] C:\mksbasel.cpp.log
[19/04/2011 - 09:47:12 | RASH | 0] C:\MSDOS.SYS
[19/04/2011 - 10:45:28 | RHD] C:\MSOCache
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:54 | RASH | 250624] C:\ntldr
[19/04/2011 - 12:18:21 | D] C:\NVIDIA
[17/05/2011 - 13:06:37 | ASH | 2145386496] C:\pagefile.sys
[16/05/2011 - 16:30:34 | D] C:\Program Files
[04/05/2011 - 17:50:46 | SHD] C:\RECYCLER
[19/04/2011 - 10:17:43 | A | 575] C:\RHDSetup.log
[19/04/2011 - 09:52:13 | SHD] C:\System Volume Information
[17/05/2011 - 13:19:31 | D] C:\UsbFix
[17/05/2011 - 13:22:25 | A | 833] C:\UsbFix.txt
[16/05/2011 - 18:42:24 | D] C:\WINDOWS
[10/05/2011 - 08:28:53 | HD] D:$AVG
[18/01/2011 - 17:04:01 | SHD] D:$RECYCLE.BIN
[31/01/2011 - 16:31:20 | A | 727769] D:\a_pawell.rtf
[28/11/2010 - 08:50:22 | A | 43079] D:\group.pdf
[01/02/2011 - 11:57:22 | D] D:\inne
[16/05/2011 - 17:37:22 | D] D:\instalki
[25/03/2011 - 13:41:57 | D] D:\kkk
[01/02/2011 - 11:57:20 | D] D:\Network Scan Gear iR 6000
[16/05/2011 - 16:30:18 | D] D:\nowy
[31/01/2011 - 16:30:54 | A | 0] D:\Nowy Dokument programu Microsoft Word.docx
[31/01/2011 - 16:31:00 | A | 0] D:\Nowy dokument tekstowy.txt
[01/02/2011 - 14:29:49 | D] D:\Nowy folder
[19/01/2011 - 13:11:30 | A | 280359] D:\Potwierdzenie.pdf
[18/04/2011 - 08:52:53 | D] D:\Program Files
[02/02/2011 - 16:43:13 | SHD] D:\RECYCLER
[12/05/2011 - 08:59:37 | D] D:\StarCraft
[12/05/2011 - 16:41:19 | D] D:\StarCraft II
[01/02/2011 - 11:57:19 | D] D:\sterownik iR 6000
[19/04/2011 - 15:10:15 | D] D:\stery
[19/04/2011 - 09:56:36 | SHD] D:\System Volume Information
[20/04/2011 - 09:01:38 | D] D:\wow
[24/04/2008 - 15:44:40 | R | 114688] G:\AutoRun.exe
[07/11/2007 - 17:41:52 | R | 47] G:\AUTORUN.INF
[24/04/2008 - 15:44:40 | R | 114688] G:\DataCard_Setup.exe
[24/04/2008 - 15:44:50 | R | 152576] G:\DataCard_Setup64.exe
[03/02/2009 - 12:25:26 | RD] G:\PLAY ONLINE
[20/02/2008 - 15:16:48 | R | 7168] G:\ResetDevice.exe
[28/06/2008 - 19:39:04 | R | 4286] G:\Startup.ico
[20/01/2009 - 11:25:24 | R | 1038] G:\SysConfig.dat
[17/02/2010 - 13:25:22 | SHD] I:\ROZLICZENIE
[17/02/2010 - 19:47:52 | SHD] I:\zamowienia
[17/05/2011 - 13:01:04 | A | 1459] I:\wniosek.lnk
[28/02/2010 - 15:00:28 | SHD] I:\JAKDODIR
[26/04/2010 - 20:03:14 | RSHD] I:\RECYCLER
[20/02/2010 - 14:54:50 | A | 676864] I:\dog2.doc
[06/12/2010 - 11:32:32 | SHD] I:\wniosek
[17/05/2011 - 13:01:04 | A | 1455] I:\addon.lnk
[28/04/2010 - 20:12:14 | SHD] I:\addon
[22/02/2010 - 18:30:38 | SHD] I:\Zlecenie_xero
[26/04/2010 - 17:51:56 | A | 4410] I:\BOOTEX.LOG
[27/04/2010 - 21:58:04 | RSH | 110592] I:\wkimt.exe
[30/11/2006 - 02:05:54 | A | 50980040] I:\first certificate expert coursebook 1do1.pdf
[05/05/2010 - 10:33:04 | SHD] I:\Docs
[12/03/2010 - 15:33:42 | SHD] I:\ania
[04/12/2009 - 17:04:02 | A | 41296] I:\knigu.xlsx new.xlsx
[05/05/2010 - 10:53:38 | SHD] I:\SEKACHK
[23/02/2010 - 13:11:16 | SHD] I:\NOCHIMA
[28/09/2010 - 19:07:34 | SHD] I:\SLOBODAN
[27/11/2010 - 22:09:26 | A | 733782016] I:\Książę i Ja[2004][lektor pl].avi
[17/05/2011 - 13:01:04 | A | 1453] I:\ania.lnk
[07/05/2010 - 19:14:50 | SHD] I:\stery
[17/05/2011 - 13:01:04 | A | 1459] I:\SEKACHK.lnk
[23/02/2010 - 17:40:38 | A | 779264] I:\PL_licencja.doc
[28/02/2010 - 15:00:32 | A | 1831139] I:\DGR 6 Podrecznik_EN 06.2009.pdf
[15/03/2010 - 11:24:10 | A | 6897050] I:\politechnika_gazetka2010.pdf
[15/03/2010 - 11:25:34 | A | 29634457] I:\sluzew_nowiutki.pdf
[18/04/2010 - 22:53:58 | A | 692586] I:\sigmapol+przerobka.jpg
[29/03/2010 - 14:50:38 | A | 533631] I:\kalka.pdf
[22/02/2010 - 19:26:58 | A | 49397] I:\IMG_0351.jpg
[25/02/2010 - 14:02:20 | SHD] I:\zzz
[26/04/2010 - 15:46:56 | SHD] I:\Faktury
[17/05/2011 - 13:01:04 | A | 1453] I:\Docs.lnk
[25/02/2010 - 15:25:52 | A | 3761349] I:\CAM Materiał LM 2010 w2.pdf
[17/03/2010 - 12:40:04 | RA | 560757] I:\obiadki_z_nowa_mapka.pdf
[17/05/2011 - 13:01:04 | A | 1459] I:\NOCHIMA.lnk
[25/02/2010 - 20:25:28 | A | 70955] I:\KN_sem_V.pdf
[17/05/2011 - 13:01:02 | A | 1467] I:\ROZLICZENIE.lnk
[17/03/2010 - 18:17:28 | A | 7327] I:\fproforma_2010-03-17_17-24-03.pdf
[17/05/2011 - 13:01:02 | A | 1465] I:\zamowienia.lnk
[17/05/2011 - 13:01:04 | A | 1471] I:\Zlecenie_xero.lnk
[14/04/2010 - 21:40:14 | SHD] I:\StarCraft
[17/05/2011 - 13:01:04 | A | 1461] I:\SLOBODAN.lnk
[17/05/2011 - 13:01:04 | A | 1455] I:\stery.lnk
[17/05/2011 - 13:01:04 | A | 1451] I:\zzz.lnk
[17/05/2011 - 13:01:04 | A | 1459] I:\Faktury.lnk
[19/03/2010 - 15:07:00 | A | 54613] I:\Faktura VAT 46_03_2010_p ORYGINAŁ.pdf
[19/03/2010 - 15:07:22 | A | 54718] I:\Faktura VAT 47_03_2010_p ORYGINAŁ.pdf
[17/04/2010 - 22:39:30 | A | 1018469] I:\wzor_biznesplanu.zip
[19/03/2010 - 16:39:06 | A | 4046712] I:\carrion - nie bez wiary (last fm).mp3
[05/05/2010 - 22:47:54 | SHD] I:\wzor_biznesplanu
[17/05/2011 - 13:01:04 | A | 1463] I:\StarCraft.lnk
[17/05/2011 - 13:01:04 | A | 1477] I:\wzor_biznesplanu.lnk
[15/04/2010 - 19:26:38 | SHD] I:\wydruki_artykulow_-_pliki
[08/03/2010 - 14:54:22 | A | 1359360] I:\iview425_setup(dobreprogramy.pl).exe
[17/05/2011 - 13:01:04 | A | 1495] I:\wydruki_artykulow_-_pliki.lnk
[29/04/2011 - 18:09:18 | SHD] I:\skany
[11/05/2011 - 09:37:58 | RSHD] I:\AEXRGYH
[11/05/2011 - 09:37:58 | RSHD] I:\DFGDFJJJJDFJDFJGFDJTURTURUTJJF
[17/05/2011 - 13:01:04 | A | 1461] I:\JAKDODIR.lnk
[17/05/2011 - 13:01:04 | A | 1455] I:\skany.lnk
[17/05/2011 - 13:01:04 | A | 1459] I:\AEXRGYH.lnk
[17/05/2011 - 13:01:04 | A | 1505] I:\DFGDFJJJJDFJDFJGFDJTURTURUTJJF.lnk
[17/05/2011 - 13:22:38 | RASH | 245] I:\autorun.inf
[17/05/2011 - 12:50:16 | SHD] I:\zamenelos
[17/05/2011 - 13:01:04 | A | 1463] I:\zamenelos.lnk
[10/05/2011 - 10:26:54 | SHD] J:$AVG
[17/05/2011 - 09:39:34 | A | 1453] J:$AVG.lnk
[25/01/2011 - 13:33:51 | SHD] J:$RECYCLE.BIN
[17/05/2011 - 09:39:34 | A | 1469] J:$RECYCLE.BIN.lnk
[07/04/2009 - 21:02:38 | A | 0] J:.txt
[24/03/2011 - 16:34:10 | SHD] J:\0_Grzegorz2
[17/05/2011 - 09:39:34 | A | 1467] J:\0_Grzegorz2.lnk
[10/07/2010 - 05:47:50 | SHD] J:\autorun
[17/05/2011 - 09:39:35 | N | 549] J:\autorun.inf
[17/05/2011 - 09:39:34 | A | 1459] J:\autorun.lnk
[01/02/2011 - 10:09:31 | A | 82713] J:\CiaoBella-logo-karmel.pdf
[17/01/2011 - 19:00:07 | SHD] J:\do gier
[17/05/2011 - 09:39:34 | A | 1459] J:\do gier.lnk
[17/01/2011 - 19:00:15 | SHD] J:\dokumenty
[17/05/2011 - 09:39:34 | A | 1463] J:\dokumenty.lnk
[02/02/2011 - 16:43:06 | SHD] J:\download
[17/05/2011 - 09:39:34 | A | 1461] J:\download.lnk
[17/01/2011 - 19:16:28 | SHD] J:\ff7
[17/05/2011 - 09:39:35 | A | 1451] J:\ff7.lnk
[21/09/2009 - 16:43:03 | A | 1492] J:\ff8input.cfg
[07/03/2011 - 17:34:13 | SHD] J:\filmy
[17/05/2011 - 09:39:35 | A | 1455] J:\filmy.lnk
[01/03/2011 - 15:04:19 | SHD] J:\gry
[17/05/2011 - 09:39:35 | A | 1451] J:\gry.lnk
[17/01/2011 - 19:27:35 | SHD] J:\inne
[17/05/2011 - 09:39:35 | A | 1453] J:\inne.lnk
[02/02/2011 - 15:39:20 | SHD] J:\instalki
[17/05/2011 - 09:39:35 | A | 1461] J:\instalki.lnk
[24/03/2011 - 16:34:12 | SHD] J:\kolejne smieci
[17/05/2011 - 09:39:35 | A | 1473] J:\kolejne smieci.lnk
[02/05/2010 - 12:50:24 | A | 2656] J:\kontakty.xml
[28/04/2011 - 14:47:10 | SHD] J:\ksiązki
[17/05/2011 - 09:39:35 | A | 1459] J:\ksiązki.lnk
[17/01/2011 - 17:38:35 | SHD] J:\Mp3
[17/05/2011 - 09:39:35 | A | 1451] J:\Mp3.lnk
[17/01/2011 - 18:45:53 | SHD] J:\mport
[17/05/2011 - 09:39:35 | A | 1455] J:\mport.lnk
[17/01/2011 - 18:45:56 | SHD] J:\Nowy folder
[17/05/2011 - 09:39:35 | A | 1467] J:\Nowy folder.lnk
[17/01/2011 - 18:47:48 | SHD] J:\pen
[17/05/2011 - 09:39:35 | A | 1451] J:\pen.lnk
[02/02/2011 - 17:33:44 | SHD] J:\Program Files
[17/05/2011 - 09:39:35 | A | 1471] J:\Program Files.lnk
[29/03/2011 - 11:40:23 | HD] J:\RECYCLER
[17/01/2011 - 18:50:59 | SHD] J:\RPG
[17/05/2011 - 09:39:35 | A | 1451] J:\RPG.lnk
[17/01/2011 - 23:49:06 | SHD] J:\System Volume Information
[17/05/2011 - 09:39:35 | A | 1495] J:\System Volume Information.lnk
[17/01/2011 - 18:51:09 | SHD] J:\Teamspeak2_RC2
[17/05/2011 - 09:39:35 | A | 1473] J:\Teamspeak2_RC2.lnk
[17/01/2011 - 18:51:10 | SHD] J:\tel
[17/05/2011 - 09:39:35 | A | 1451] J:\tel.lnk
[24/01/2011 - 22:34:02 | SHD] J:\torrent
[17/05/2011 - 09:39:35 | A | 1459] J:\torrent.lnk
[04/04/2011 - 23:17:57 | SHD] J:\wow
[17/05/2011 - 09:39:35 | A | 1451] J:\wow.lnk
[17/01/2011 - 18:52:38 | SHD] J:\z pulpitu
[17/05/2011 - 09:39:35 | A | 1463] J:\z pulpitu.lnk
[05/05/2011 - 13:58:41 | RSHD] J:\zamenelos
[17/05/2011 - 09:39:35 | A | 1463] J:\zamenelos.lnk
################## | E.O.F |
otl zawiesza se niestety w trakcie pracy
Jeśli masz na komputerze folder o nazwie muzyka to zmień tą nazwę Następnie użyj USBFix z opcją Deletion zaprezentuj powstały raport na forum
Nie mam tu takiego folderu:/
W takim razie uruchamiasz USBFixa klikasz na przycisk Deletion i prezentujesz na forum powstały raport
############################## | UsbFix 7.045 | [Deletion]
User: admin (Administrator) # XERO7-7602F48B5 []
Updated 15/05/2011 by TeamXscript
Started at 16:21:30 | 18/05/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Athlon 64 X2 Dual Core Processor 3600+
CPU 2: AMD Athlon 64 X2 Dual Core Processor 3600+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | (!) Outdated]
RAM -> 3326 Mb
C:\ (%systemdrive%) -> Fixed drive # 30 Gb (7 Mb free - 23%) [] # NTFS
D:\ -> Fixed drive # 203 Gb (173 Mb free - 85%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\admin\jvxqnu.exe
Deleted ! C:\Documents and Settings\admin\Dane aplikacji\hidserv.exe
Deleted ! C:\Documents and Settings\admin\Dane aplikacji\qghumeaylnlfdxfircvs85.exe
Deleted ! C:\WINDOWS\system32\install
Deleted ! C:\Recycler\S-1-5-21-2025429265-448539723-839522115-1003
Deleted ! D:$RECYCLE.BIN\S-1-5-21-3147769184-540359316-33391062-1001
Deleted ! D:\Recycler\S-1-5-21-2025429265-448539723-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-73586283-854245398-682003330-500
Deleted ! C:\Documents and Settings\admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4DA7WBC7\Ganja1[1].exe
Deleted ! C:\Documents and Settings\admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NBM4HB2V\Ganja1[1].exe
Deleted ! C:\Ganja1.exe
################## | Registry |
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update System
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update System
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WindowsUpdate
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WindowsUpdate
################## | Mountpoints2 |
Deleted ! HKCU....\Explorer\MountPoints2{093344e2-76e2-11e0-a607-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0e09e20a-77c5-11e0-a60a-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0e09e20c-77c5-11e0-a60a-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0e09e20f-77c5-11e0-a60a-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0e09e214-77c5-11e0-a60a-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0eb3f1af-7b9a-11e0-a625-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0eb3f1c1-7b9a-11e0-a625-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0eb3f431-7b9a-11e0-a625-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{10f2115d-709b-11e0-a5ff-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{10f2115f-709b-11e0-a5ff-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{10f21165-709b-11e0-a5ff-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{142416a3-7c67-11e0-a62e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{142416bd-7c67-11e0-a62e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{1cd78ee8-71af-11e0-a601-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{1cdecf8c-6a66-11e0-a5f7-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{21fc433e-7bdf-11e0-a62b-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{21fc4343-7bdf-11e0-a62b-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{23be3aa6-6a61-11e0-a5f6-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{23be3aaa-6a61-11e0-a5f6-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{2e876ab1-761a-11e0-a604-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{310f8ece-77aa-11e0-a609-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{310f8ed1-77aa-11e0-a609-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{379e478f-7a1d-11e0-a60e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{37c82217-7626-11e0-a606-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{37c82224-7626-11e0-a606-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{49fe3968-7b07-11e0-a61e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{4aa2665b-7acd-11e0-a614-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{70681a64-7adf-11e0-a619-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{76919c9b-7f83-11e0-a634-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{77c2a275-6a7f-11e0-a5f9-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{7c07200f-7bcd-11e0-a62a-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{82713a32-7fcf-11e0-a635-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{b27977c5-7df8-11e0-a632-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{b27977cb-7df8-11e0-a632-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{d101efae-7d28-11e0-a62f-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{d101efb2-7d28-11e0-a62f-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{d101efb6-7d28-11e0-a62f-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{db9647aa-6b17-11e0-a5fb-001bfc1f82b0}
################## | Listing |
[10/05/2011 - 08:28:52 | D] C:$AVG
[19/04/2011 - 09:47:12 | N | 0] C:\AUTOEXEC.BAT
[19/04/2011 - 10:04:48 | RSH | 223] C:\boot.ini
[22/07/2001 - 01:13:54 | N | 4952] C:\Bootfont.bin
[17/05/2011 - 10:32:29 | SHD] C:\Config.Msi
[19/04/2011 - 09:47:12 | N | 0] C:\CONFIG.SYS
[19/04/2011 - 12:26:59 | D] C:\Documents and Settings
[19/04/2011 - 09:47:12 | N | 0] C:\IO.SYS
[04/05/2011 - 20:04:53 | N | 7534] C:\mksbasel.cpp.log
[19/04/2011 - 09:47:12 | N | 0] C:\MSDOS.SYS
[19/04/2011 - 10:45:28 | RHD] C:\MSOCache
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:54 | N | 250624] C:\ntldr
[19/04/2011 - 12:18:21 | D] C:\NVIDIA
[18/05/2011 - 16:17:04 | ASH | 2145386496] C:\pagefile.sys
[16/05/2011 - 16:30:34 | D] C:\Program Files
[18/05/2011 - 16:25:10 | SHD] C:\RECYCLER
[19/04/2011 - 10:17:43 | N | 575] C:\RHDSetup.log
[19/04/2011 - 09:52:13 | SHD] C:\System Volume Information
[18/05/2011 - 16:25:10 | D] C:\UsbFix
[18/05/2011 - 16:25:54 | A | 2410] C:\UsbFix.txt
[16/05/2011 - 18:42:24 | D] C:\WINDOWS
[10/05/2011 - 08:28:53 | D] D:$AVG
[18/01/2011 - 17:04:01 | SHD] D:$RECYCLE.BIN
[31/01/2011 - 16:31:20 | N | 727769] D:\a_pawell.rtf
[28/11/2010 - 08:50:22 | N | 43079] D:\group.pdf
[01/02/2011 - 11:57:22 | D] D:\inne
[16/05/2011 - 17:37:22 | D] D:\instalki
[25/03/2011 - 13:41:57 | D] D:\kkk
[01/02/2011 - 11:57:20 | D] D:\Network Scan Gear iR 6000
[16/05/2011 - 16:30:18 | D] D:\nowy
[31/01/2011 - 16:30:54 | N | 0] D:\Nowy Dokument programu Microsoft Word.docx
[31/01/2011 - 16:31:00 | N | 0] D:\Nowy dokument tekstowy.txt
[01/02/2011 - 14:29:49 | D] D:\Nowy folder
[19/01/2011 - 13:11:30 | N | 280359] D:\Potwierdzenie.pdf
[18/04/2011 - 08:52:53 | D] D:\Program Files
[18/05/2011 - 16:25:10 | SHD] D:\RECYCLER
[12/05/2011 - 08:59:37 | D] D:\StarCraft
[12/05/2011 - 16:41:19 | D] D:\StarCraft II
[01/02/2011 - 11:57:19 | D] D:\sterownik iR 6000
[19/04/2011 - 15:10:15 | D] D:\stery
[19/04/2011 - 09:56:36 | SHD] D:\System Volume Information
[20/04/2011 - 09:01:38 | D] D:\wow
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_XERO7-7602F48B5.zip
http://www.teamxscript.org/Upload.php
Thank you for your contribution.
################## | E.O.F |
Podczas tego skanowania odłączyłem dysk przenośny I: i J: myślę że bardziej chodzi o sam system
To błąd-powinny być podpięte.
############################## | UsbFix 7.045 | [Deletion]
User: admin (Administrator) # XERO7-7602F48B5 []
Updated 15/05/2011 by TeamXscript
Started at 19:41:46 | 18/05/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Athlon 64 X2 Dual Core Processor 3600+
CPU 2: AMD Athlon 64 X2 Dual Core Processor 3600+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | (!) Outdated]
RAM -> 3326 Mb
C:\ (%systemdrive%) -> Fixed drive # 30 Gb (7 Mb free - 23%) [] # NTFS
D:\ -> Fixed drive # 203 Gb (173 Mb free - 85%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Fixed drive # 932 Gb (686 Mb free - 74%) [Elements] # NTFS
J:\ -> Removable drive # 958 Mb (0 Mb free - 0%) [] # FAT32
################## | Files # Infected Folders |
Deleted ! I:$AVG.lnk
Deleted ! I:$RECYCLE.BIN.lnk
Deleted ! I:\0_Grzegorz2.lnk
Deleted ! I:\autorun.lnk
Deleted ! I:\do gier.lnk
Deleted ! I:\dokumenty.lnk
Deleted ! I:\download.lnk
Deleted ! I:\ff7.lnk
Deleted ! I:\filmy.lnk
Deleted ! I:\gry.lnk
Deleted ! I:\inne.lnk
Deleted ! I:\instalki.lnk
Deleted ! I:\kolejne smieci.lnk
Deleted ! I:\ksiązki.lnk
Deleted ! I:\Mp3.lnk
Deleted ! I:\mport.lnk
Deleted ! I:\Nowy folder.lnk
Deleted ! I:\pen.lnk
Deleted ! I:\Program Files.lnk
Deleted ! I:\RPG.lnk
Deleted ! I:\System Volume Information.lnk
Deleted ! I:\Teamspeak2_RC2.lnk
Deleted ! I:\tel.lnk
Deleted ! I:\torrent.lnk
Deleted ! I:\wow.lnk
Deleted ! I:\z pulpitu.lnk
Deleted ! I:\zamenelos.lnk
Deleted ! J:\wniosek.lnk
Deleted ! J:\addon.lnk
Deleted ! J:\ania.lnk
Deleted ! J:\SEKACHK.lnk
Deleted ! J:\Docs.lnk
Deleted ! J:\NOCHIMA.lnk
Deleted ! J:\ROZLICZENIE.lnk
Deleted ! J:\zamowienia.lnk
Deleted ! J:\Zlecenie_xero.lnk
Deleted ! J:\SLOBODAN.lnk
Deleted ! J:\stery.lnk
Deleted ! J:\zzz.lnk
Deleted ! J:\Faktury.lnk
Deleted ! J:\StarCraft.lnk
Deleted ! J:\wzor_biznesplanu.lnk
Deleted ! J:\wydruki_artykulow_-_pliki.lnk
Deleted ! J:\JAKDODIR.lnk
Deleted ! J:\skany.lnk
Deleted ! J:\AEXRGYH.lnk
Deleted ! J:\DFGDFJJJJDFJDFJGFDJTURTURUTJJF.lnk
Deleted ! J:\zamenelos.lnk
Deleted ! C:\Recycler\S-1-5-21-2025429265-448539723-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-2025429265-448539723-839522115-1003
Deleted ! I:$RECYCLE.BIN\S-1-5-21-3147769184-540359316-33391062-1001
Deleted ! I:\Recycler\S-1-5-21-448539723-308236825-1417001333-1001
Deleted ! I:\Recycler\S-1-5-21-73586283-854245398-682003330-500
Deleted ! J:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
Not deleted ! G:\AUTORUN.INF
Not deleted ! G:\autorun.exe
Deleted ! I:\autorun.inf
Deleted ! J:\AEXRGYH\DFG-2352-26235-2322322-624621221-2622255\desktop.ini
Deleted ! J:\AEXRGYH\DFG-2352-26235-2322322-624621221-2622255\w89e85t5.exe
Not deleted ! J:\autorun.inf
Deleted ! J:\wkimt.exe
Not deleted ! J:\AEXRGYH
Deleted ! J:\DFGDFJJJJDFJDFJGFDJTURTURUTJJF
Deleted ! J:\NOCHIMA
Deleted ! J:\SLOBODAN
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU....\Explorer\MountPoints2{0eb3f1ae-7b9a-11e0-a625-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{0f08ff01-7a1f-11e0-a60f-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{142416a4-7c67-11e0-a62e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{142416be-7c67-11e0-a62e-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{1cd78ee9-71af-11e0-a601-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{23be3aa3-6a61-11e0-a5f6-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{37c82214-7626-11e0-a606-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{b9f91330-8061-11e0-a63b-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{d101efaf-7d28-11e0-a62f-001bfc1f82b0}
Deleted ! HKCU....\Explorer\MountPoints2{d101efb7-7d28-11e0-a62f-001bfc1f82b0}
################## | Listing |
[10/05/2011 - 08:28:52 | D] C:$AVG
[19/04/2011 - 09:47:12 | N | 0] C:\AUTOEXEC.BAT
[18/05/2011 - 16:25:54 | RASHD] C:\Autorun.inf
[19/04/2011 - 10:04:48 | RSH | 223] C:\boot.ini
[22/07/2001 - 01:13:54 | N | 4952] C:\Bootfont.bin
[17/05/2011 - 10:32:29 | SHD] C:\Config.Msi
[19/04/2011 - 09:47:12 | N | 0] C:\CONFIG.SYS
[19/04/2011 - 12:26:59 | D] C:\Documents and Settings
[19/04/2011 - 09:47:12 | N | 0] C:\IO.SYS
[04/05/2011 - 20:04:53 | N | 7534] C:\mksbasel.cpp.log
[19/04/2011 - 09:47:12 | N | 0] C:\MSDOS.SYS
[19/04/2011 - 10:45:28 | RHD] C:\MSOCache
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:54 | N | 250624] C:\ntldr
[19/04/2011 - 12:18:21 | D] C:\NVIDIA
[18/05/2011 - 16:28:54 | ASH | 2145386496] C:\pagefile.sys
[16/05/2011 - 16:30:34 | D] C:\Program Files
[18/05/2011 - 19:48:10 | SHD] C:\RECYCLER
[19/04/2011 - 10:17:43 | N | 575] C:\RHDSetup.log
[19/04/2011 - 09:52:13 | SHD] C:\System Volume Information
[18/05/2011 - 19:48:10 | D] C:\UsbFix
[18/05/2011 - 19:48:11 | A | 3192] C:\UsbFix.txt
[18/05/2011 - 16:25:55 | N | 1038898] C:\UsbFix_Upload_Me_XERO7-7602F48B5.zip
[16/05/2011 - 18:42:24 | D] C:\WINDOWS
[10/05/2011 - 08:28:53 | D] D:$AVG
[18/05/2011 - 16:25:10 | SHD] D:$RECYCLE.BIN
[18/05/2011 - 16:25:54 | RASHD] D:\Autorun.inf
[31/01/2011 - 16:31:20 | N | 727769] D:\a_pawell.rtf
[28/11/2010 - 08:50:22 | N | 43079] D:\group.pdf
[01/02/2011 - 11:57:22 | D] D:\inne
[16/05/2011 - 17:37:22 | D] D:\instalki
[25/03/2011 - 13:41:57 | D] D:\kkk
[01/02/2011 - 11:57:20 | D] D:\Network Scan Gear iR 6000
[16/05/2011 - 16:30:18 | D] D:\nowy
[31/01/2011 - 16:30:54 | N | 0] D:\Nowy Dokument programu Microsoft Word.docx
[31/01/2011 - 16:31:00 | N | 0] D:\Nowy dokument tekstowy.txt
[01/02/2011 - 14:29:49 | D] D:\Nowy folder
[19/01/2011 - 13:11:30 | N | 280359] D:\Potwierdzenie.pdf
[18/04/2011 - 08:52:53 | D] D:\Program Files
[18/05/2011 - 19:48:10 | SHD] D:\RECYCLER
[12/05/2011 - 08:59:37 | D] D:\StarCraft
[12/05/2011 - 16:41:19 | D] D:\StarCraft II
[01/02/2011 - 11:57:19 | D] D:\sterownik iR 6000
[19/04/2011 - 15:10:15 | D] D:\stery
[19/04/2011 - 09:56:36 | SHD] D:\System Volume Information
[20/04/2011 - 09:01:38 | D] D:\wow
[24/04/2008 - 15:44:40 | R | 114688] G:\AutoRun.exe
[07/11/2007 - 17:41:52 | R | 47] G:\AUTORUN.INF
[24/04/2008 - 15:44:40 | R | 114688] G:\DataCard_Setup.exe
[24/04/2008 - 15:44:50 | R | 152576] G:\DataCard_Setup64.exe
[03/02/2009 - 12:25:26 | RD] G:\PLAY ONLINE
[20/02/2008 - 15:16:48 | R | 7168] G:\ResetDevice.exe
[28/06/2008 - 19:39:04 | R | 4286] G:\Startup.ico
[20/01/2009 - 11:25:24 | R | 1038] G:\SysConfig.dat
[10/05/2011 - 10:26:54 | D] I:$AVG
[25/01/2011 - 13:33:51 | SHD] I:$RECYCLE.BIN
[07/04/2009 - 21:02:38 | N | 0] I:.txt
[24/03/2011 - 16:34:10 | D] I:\0_Grzegorz2
[10/07/2010 - 05:47:50 | D] I:\autorun
[01/02/2011 - 10:09:31 | N | 82713] I:\CiaoBella-logo-karmel.pdf
[17/01/2011 - 19:00:07 | D] I:\do gier
[17/01/2011 - 19:00:15 | D] I:\dokumenty
[02/02/2011 - 16:43:06 | D] I:\download
[17/01/2011 - 19:16:28 | D] I:\ff7
[21/09/2009 - 16:43:03 | N | 1492] I:\ff8input.cfg
[07/03/2011 - 17:34:13 | D] I:\filmy
[01/03/2011 - 15:04:19 | D] I:\gry
[17/01/2011 - 19:27:35 | D] I:\inne
[02/02/2011 - 15:39:20 | D] I:\instalki
[24/03/2011 - 16:34:12 | D] I:\kolejne smieci
[02/05/2010 - 12:50:24 | N | 2656] I:\kontakty.xml
[28/04/2011 - 14:47:10 | D] I:\ksiązki
[17/01/2011 - 17:38:35 | D] I:\Mp3
[17/01/2011 - 18:45:53 | D] I:\mport
[17/01/2011 - 18:45:56 | D] I:\Nowy folder
[17/01/2011 - 18:47:48 | D] I:\pen
[02/02/2011 - 17:33:44 | D] I:\Program Files
[18/05/2011 - 19:48:10 | SHD] I:\RECYCLER
[17/01/2011 - 18:50:59 | D] I:\RPG
[17/01/2011 - 23:49:06 | SHD] I:\System Volume Information
[17/01/2011 - 18:51:09 | D] I:\Teamspeak2_RC2
[17/01/2011 - 18:51:10 | D] I:\tel
[24/01/2011 - 22:34:02 | D] I:\torrent
[04/04/2011 - 23:17:57 | D] I:\wow
[17/01/2011 - 18:52:38 | D] I:\z pulpitu
[05/05/2011 - 13:58:41 | D] I:\zamenelos
[17/02/2010 - 13:25:22 | D] J:\ROZLICZENIE
[17/02/2010 - 19:47:52 | D] J:\zamowienia
[28/02/2010 - 15:00:28 | D] J:\JAKDODIR
[26/04/2010 - 20:03:14 | RSHD] J:\RECYCLER
[20/02/2010 - 14:54:50 | N | 676864] J:\dog2.doc
[06/12/2010 - 11:32:32 | D] J:\wniosek
[28/04/2010 - 20:12:14 | D] J:\addon
[22/02/2010 - 18:30:38 | D] J:\Zlecenie_xero
[26/04/2010 - 17:51:56 | N | 4410] J:\BOOTEX.LOG
[30/11/2006 - 02:05:54 | N | 50980040] J:\first certificate expert coursebook 1do1.pdf
[05/05/2010 - 10:33:04 | D] J:\Docs
[12/03/2010 - 15:33:42 | D] J:\ania
[04/12/2009 - 17:04:02 | N | 41296] J:\knigu.xlsx new.xlsx
[05/05/2010 - 10:53:38 | D] J:\SEKACHK
[27/11/2010 - 22:09:26 | N | 733782016] J:\Książę i Ja[2004][lektor pl].avi
[07/05/2010 - 19:14:50 | D] J:\stery
[23/02/2010 - 17:40:38 | N | 779264] J:\PL_licencja.doc
[28/02/2010 - 15:00:32 | N | 1831139] J:\DGR 6 Podrecznik_EN 06.2009.pdf
[15/03/2010 - 11:24:10 | N | 6897050] J:\politechnika_gazetka2010.pdf
[15/03/2010 - 11:25:34 | N | 29634457] J:\sluzew_nowiutki.pdf
[18/04/2010 - 22:53:58 | N | 692586] J:\sigmapol+przerobka.jpg
[29/03/2010 - 14:50:38 | N | 533631] J:\kalka.pdf
[22/02/2010 - 19:26:58 | N | 49397] J:\IMG_0351.jpg
[25/02/2010 - 14:02:20 | D] J:\zzz
[26/04/2010 - 15:46:56 | D] J:\Faktury
[25/02/2010 - 15:25:52 | N | 3761349] J:\CAM Materiał LM 2010 w2.pdf
[17/03/2010 - 12:40:04 | N | 560757] J:\obiadki_z_nowa_mapka.pdf
[25/02/2010 - 20:25:28 | N | 70955] J:\KN_sem_V.pdf
[17/03/2010 - 18:17:28 | N | 7327] J:\fproforma_2010-03-17_17-24-03.pdf
[14/04/2010 - 21:40:14 | D] J:\StarCraft
[19/03/2010 - 15:07:00 | N | 54613] J:\Faktura VAT 46_03_2010_p ORYGINAŁ.pdf
[19/03/2010 - 15:07:22 | N | 54718] J:\Faktura VAT 47_03_2010_p ORYGINAŁ.pdf
[17/04/2010 - 22:39:30 | N | 1018469] J:\wzor_biznesplanu.zip
[19/03/2010 - 16:39:06 | N | 4046712] J:\carrion - nie bez wiary (last fm).mp3
[05/05/2010 - 22:47:54 | D] J:\wzor_biznesplanu
[15/04/2010 - 19:26:38 | D] J:\wydruki_artykulow_-_pliki
[08/03/2010 - 14:54:22 | N | 1359360] J:\iview425_setup(dobreprogramy.pl).exe
[29/04/2011 - 18:09:18 | D] J:\skany
[11/05/2011 - 09:37:58 | D] J:\AEXRGYH
[18/05/2011 - 19:41:44 | N | 290] J:\autorun.inf
[17/05/2011 - 12:50:16 | D] J:\zamenelos
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by Panda USB Vaccine
I:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
J:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_XERO7-7602F48B5.zip
http://www.teamxscript.org/Upload.php
Thank you for your contribution.
################## | E.O.F |
Sprawdź teraz jak wszystko działa?
Niestety jest to samo system jak najbardziej zrobił się stabilniejszy i płynniej chodzi ale niestety skróty dalej są. To komputer w punkcie usługowym i większość klientów przynosi swoje peny, dyski przenośne, telefony z danymi pojawia się to u nich na moich partycjach nic takiego nie ma poza tez moimi penami znaczy wszystko co dołączam do kompa przez usb.
Proszę podać nowy log USBFixa z opcji Listing oczywiście z podłączonymi urządzeniami przenośnymi oraz logi OTL instrukcja otl-gmer-rsit-dss-inne-instrukcje-t370405.html Logi wklej na www.wklej.org a w poście podaj linki do nich
Oto log z USBFix:
http://www.wklej.org/id/532868/
OTL niestety zawiesza sie w czasie skanowania na Fire Foxie po odinstalowaniu przegladarki było tak samo jak i po resecie
przeskanowałek komputer AVG bez połaczenia do internetu zanalazł wirus:
Hosts x5
tracking cookie Mediaplex x3
tracking cookie Tradedoubler x4
i plik którego nie można usunąc z powodu nieprawidłowej struktury adres 7c920a5e
po tym wszystkim problem ze skrótami chwilowo znokną
pozostały mi pliki typu są one na wszystkich partycjach i penach
Autorun.inf folder
$RECYCLE.BIN folder
RECYCLER folder
System Volume Information folder
$AVG nie wiem co to jest może folder antywirusa AVG
i mam jakieś badziewie które podpina mi sie do przegladarki po uruchomieniu internetu zawsze wyskakuje mi jakoś porno strona
No bez logów to sobie mogę zgadywać ale może tak
Pobierz Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Wykonaj pełny skan Usuń co znajdzie program pokaż log na forum
Po tym spróbuj ponownie uruchomić OTL i podać logi na forum