Trojan VBS/LNK.Jenxcus.Gen

Witam. Nie wiem, czy na samym komputerze jest ten trojan, czy tylko na pendrive’ie, ale za każdym razem, jak podłączam pendrive’a, to Avira komunikuje mi, że coś znalazła, a w Real-Time Protection pokazuje się, że znalazło tego trojana, ale nie udaje się go skasować.

Log frst.txt z FRST: http://www.wklej.org/id/1654090/

Log addition z FRST: http://www.wklej.org/id/1654091/.

Co zrobić, by pozbyć się tego trojana z pendrive’a?

Pozdrawiam.

Podepnij pendriva.Użyj USBFix z funkcji Listing.Pokaż z niego log.http://www.usbfix.net/

http://www.wklej.org/id/1654217/

Odinstaluj Microsoft Security Essentials,SpyHunter 4.Otwórz notatnik systemowy i wklej:

Task: {1BD6ADC6-D248-4344-ACC3-4F5A1EFC11B5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4123692781-362594998-3339309360-500UA = C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-26] (Facebook Inc.)
Task: {739813B0-7EDD-4935-AA73-79A128AEC396} - \Program aktualizacji online produktu Real Player. No Task File ==== ATTENTION
Task: {79350E6E-F05F-4EE5-A038-2F9E01591C9B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4123692781-362594998-3339309360-500Core = C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-26] (Facebook Inc.)
Task: {88272DFD-8A9F-4046-B507-C347954029D0} - System32\Tasks\Ad-Aware Update (Weekly) = C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {8AD3B763-EBCD-4D11-A342-B7CA87751C83} - \Program aktualizacji online firmy Adobe. No Task File ==== ATTENTION
Task: {BC96AF9B-B4F7-4E6B-9DD0-9C3799B494A7} - System32\Tasks\{84B12AC0-C49F-48C8-9B67-D0A8F8B0CD96} = Chrome.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=7.0.0.100amp;LastError=12002
Task: {C45ED4ED-4B74-4675-97FB-77AD635D77BB} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-03-03] (Enigma Software Group USA, LLC.)
Task: {D5F9AD42-742A-4013-93B1-558BA2515D6E} - \BrowserDefendert No Task File ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123692781-362594998-3339309360-500Core.job = C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123692781-362594998-3339309360-500UA.job = C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [TkBellExe] = C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-4123692781-362594998-3339309360-500\...\Run: [Facebook Update] = C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-26] (Facebook Inc.)
AppInit_DLLs-x32: c:\progra~3\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.dll = "c:\progra~3\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4123692781-362594998-3339309360-500 - {0A39354F-960C-4C59-9B8B-5DF2933ED6E8} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=src=kwq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000YYPLapn_uid=F1C1DFB6-FCEF-4F7B-97A0-95BCAB5E77CEapn_sauid=10659852-E065-488C-AAAE-2549048D70F5
SearchScopes: HKU\S-1-5-21-4123692781-362594998-3339309360-500 - {3B3BF547-F616-422D-AA10-7DCE2D6A7477} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
SearchScopes: HKU\S-1-5-21-4123692781-362594998-3339309360-500 - {F6BF8B6E-44A5-4FF2-A72E-B79EB538992F} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
BHO-x32: No Name - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - No File
Toolbar: HKU\S-1-5-21-4123692781-362594998-3339309360-500 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HKLM-x32\...\Chrome\Extension: [bdmkmnjlliodibplcplaffjdiempemfo] - C:\ProgramData\TheBflix\bdmkmnjlliodibplcplaffjdiempemfo.crx [Not Found]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-03] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-03] ()
S3 connctfy; system32\DRIVERS\connctfy.sys [X]
S3 connctfyMP; system32\DRIVERS\connctfy.sys [X]
S3 cpuz132; \\C:\Users\Dominika\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 FTDIBUS; system32\drivers\ftdibus.sys [X]
S3 FTSER2K; system32\drivers\ftser2k.sys [X]
S1 ixsyaogg; \\C:\Windows\system32\drivers\ixsyaogg.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2015-03-03 23:24 - 2015-03-03 23:24 - 00003354 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-03-03 23:24 - 2015-03-03 23:24 - 00001068 _____ () C:\Users\Administrator\Desktop\SpyHunter.lnk
2015-03-03 23:24 - 2015-03-03 23:24 - 00000000 ____ D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-03-03 23:24 - 2015-03-03 23:24 - 00000000 ____ D () C:\sh4ldr
2015-03-03 23:24 - 2015-03-03 23:24 - 00000000 _____ () C:\autoexec.bat
2015-03-03 23:23 - 2015-03-03 23:23 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-03-03 23:23 - 2015-03-03 23:23 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-03-03 23:23 - 2015-03-03 23:23 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-03-02 19:46 - 2015-03-02 19:46 - 00002974 _____ () C:\Windows\System32\Tasks\{99BF7C09-4F39-4787-96FA-C7915A5D03F2}
2015-03-02 19:46 - 2015-03-02 19:46 - 00002974 _____ () C:\Windows\System32\Tasks\{80877F00-36BE-420C-9A93-BD213EEA7ACC}
2015-03-02 19:46 - 2015-03-02 19:46 - 00002974 _____ () C:\Windows\System32\Tasks\{7DF55065-8004-4229-BAE5-16990D5E4001}
2015-03-02 19:46 - 2015-03-02 19:46 - 00002974 _____ () C:\Windows\System32\Tasks\{0B767630-C43E-4593-ABF9-C24059CBC140}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{F7FBE951-303C-472D-8384-9B48F850EB0D}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{F13D79EB-18EA-4E4A-9171-01FB56A3482B}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{EB4E28DD-8AE3-440F-9BB3-08FB86EEC444}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{E35960A1-2230-4AF0-983B-00E5F230CA58}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{DA9AAC01-3402-474E-B329-3359B18E8E4A}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{DA9948AC-8E27-46A0-B07D-C6D6ECECB677}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{A964A464-4F3D-4566-B67D-B1451907190A}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{8AEF97E2-E967-465F-A52D-2806A0D7981B}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{648CC32D-51D9-42DE-9304-F91140D20E37}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{424383ED-B446-4D7E-8A2B-A8E7CB767708}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{3BDDA749-58F0-401C-A76D-E111F22F36B8}
2015-03-02 19:45 - 2015-03-02 19:45 - 00002974 _____ () C:\Windows\System32\Tasks\{02491CDD-5E5D-41D5-AA37-E9A25A4CF610}
2010-08-01 20:46 - 2014-11-18 08:24 - 0023788 _____ () C:\Users\Administrator\AppData\Roaming\wklnhst.dat
CMD: attrib /d /s -s -h F:\*
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Bardzo Ci dziękuję, Acorus, za pomoc i poświęcony mi czas. Chyba podziałało, bo Avira po podłączeniu pendrive’a już o niczym mnie nie informuje. Może pokazać jeszcze fixlog?

Nie trzeba.Skasuj folder C:\FRST