Wirus - skrót na pendrive


(Honorata Agata) #1

Cześć. Mam problem z pendrivem, mam jakiegoś wirusa, który tworzy na nim skrót. Mimo, że go usuwam i skanujek omuter nie znika. Robiłam test FRST i oto raporty


(Acorus) #2

Podepnij pendriva.Użyj USBFix z funkcji Usuń(Clean).Pokaż z niego log.

http://www.usbfix.net/

Pokaż nowe logi z FRST.


(Honorata Agata) #3

Po zeskanowaniu wyszło mi coś takiego.


(Acorus) #4

Pokaż nowe logi z FRST.


(Honorata Agata) #5

FRST text

 

Addition text

http://wklej.org/id/1712242/


(Acorus) #6

Odinstaluj Adobe Reader 9.5.5 - Polish.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [UpdateLBPShortCut] = C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] = C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] = C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] = C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] = C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] = C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] = C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] = C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] = C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] = C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-05-14] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
FF SelectedSearchEngine: webssearches
FF Extension: Web Protector - C:\Users\Honorata\AppData\Roaming\Mozilla\Firefox\Profiles\95xsrj01.default-1389018106495\Extensions\{8a167a0d-2593-78be-dffa-baa301a8d989} [2015-05-06]
CHR DefaultSearchKeyword: Default - do-search
CHR DefaultSearchURL: Default - http://do-search.com/web/?type=dsts=1430926976z=e85d38cd9cdcb9a1c2b8e24g4zec6e9tco6qet7qdmfrom=coruid=TOSHIBAXMK3265GSX_80J4C0LDTXX80J4C0LDTq={searchTerms}
CHR HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Honorata\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-28]
CHR HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-11-18] (AVG Technologies)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
2015-05-14 22:44 - 2015-05-15 13:11 - 00000000 ____ D () C:\Users\Honorata\Desktop\FRST-OlderVersion
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Honorata Agata) #7

Zrobiłam wszystko tak jak napisałeś powyżej i zainstalowałam program. Ogólnie już nie pojawia mi się ten skrót.


(Acorus) #8

Skasuj folder C:\FRST


(Honorata Agata) #9

Skasowałam wszystko. :slight_smile: Bardzo DZIĘKUJĘ  za pomoc, sama nie poradziłabym sobie.