Wirus chowa pliki pendriva

Dla specjalistów Bezpieczeństwo
#1

Witam.

#2

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [PDVDDXSrv] = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] = C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k
Startup: C:\Documents and Settings\Wojtek\Menu Start\Programy\Autostart\g.lnk [2015-05-18]
ShortcutTarget: g.lnk - C:\Documents and Settings\Wojtek\Dane aplikacji\obqbblvvgq.exe (Lextech Global Services)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1432028685z=8ffbd61c78b50391bbc9d72gfz3c3o8e6ofb5qfb9cfrom=coruid=FUJITSUXMHZ2080BHXG2_K60ZT83259PET83259PEXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1432028685z=8ffbd61c78b50391bbc9d72gfz3c3o8e6ofb5qfb9cfrom=coruid=FUJITSUXMHZ2080BHXG2_K60ZT83259PET83259PEXq={searchTerms}
HKU\S-1-5-21-842925246-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:bl
FF DefaultSearchEngine: do-search
FF SearchPlugin: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\Firefox\Profiles\2iqj3jt9.default\searchplugins\do-search.xml [2015-05-19]
FF Extension: z - C:\Program Files\Mozilla Firefox\extensions\{44af8e63-7105-d13d-3e81-32f049660bbe} [2015-05-18]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-05-21 11:48 - 2015-05-21 11:48 - 00000000 ____ D () C:\Documents and Settings\Wojtek\Pulpit\FRST-OlderVersion
2015-05-18 14:17 - 2015-05-18 14:17 - 97521664 __RSH (Lextech Global Services) C:\Documents and Settings\Wojtek\Dane aplikacji\obqbblvvgq.exe
2013-05-21 10:01 - 2013-05-21 10:02 - 0003714 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2012-01-11 10:51 - 2012-01-11 10:51 - 0460624 _____ () C:\Documents and Settings\Wojtek\Ustawienia lokalne\Dane aplikacji\promo.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.