Wirus tworzący skróty na pendrive

Dla specjalistów Bezpieczeństwo
#1

Witam, mam problem z wirusem, który tworzy skróty na wszelkich pendrive ,kartach pamięci itd. Są często problemy z otwarciem folderów. Dokładnie mam taki sam problem na laptopie, jak na komputerze stacjonarnym. Załączam logi z OTL oraz USB Fix z komputera stacjonarnego. Użyłem funkcji Deletion w USB Fix i zniknęły skróty z wpiętego pendrive ale pojawiły się pliki autorun.inf oraz snkb0pt. Dlatego użyłem funkcji Listing, której raport wrzucam poniżej. Proszę także o rady jak pozbyć się tego wirusa na laptopie oraz jak uniknąć zarażenia tym wirusem, aby zaraz mnie znów nie zainfekował :slight_smile:

 

Bardzo dziękuje z góry za pomoc.

 

OTL:http://www.wklej.org/id/1335283/

Extras: http://www.wklej.org/id/1335285/

 

USB Fix : http://www.wklej.org/id/1335289/

 

 

#2

Odinstaluj SpyHunter, McAfee Security Scan Plus, WebCake 3.00, Ask Toolbar.

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Crdxeeptphvrjspm.exe] "C:\Users\Piotrek\AppData\Local\Crdxeeptphvrjspm.exe" File not found
O4 - HKLM..\Run: [Cvrxjriirheizawv.exe] "C:\Users\Piotrek\AppData\Roaming\Cvrxjriirheizawv.exe" File not found
O4 - HKLM..\Run: [derp_57887.exe] "C:\Users\Piotrek\AppData\Local\Temp\derp_57887.exe" File not found
O4 - HKLM..\Run: [Evidxihgunizjbqn.exe] "C:\Users\Piotrek\AppData\Roaming\Evidxihgunizjbqn.exe" File not found
O4 - HKLM..\Run: [Evjadmthvsofzhnk.exe] "C:\Users\Krzychu\AppData\Roaming\Evjadmthvsofzhnk.exe" File not found
O4 - HKLM..\Run: [Fbnhgmtuulgzeido.exe] "C:\Users\Krzychu\AppData\Roaming\Fbnhgmtuulgzeido.exe" File not found
O4 - HKLM..\Run: [Fernxzfktczzkjjy.exe] "C:\Users\Krzychu\AppData\Roaming\Fernxzfktczzkjjy.exe" File not found
O4 - HKLM..\Run: [Fmckjqhuynhvkrur.exe] "C:\Users\Piotrek\AppData\Roaming\Fmckjqhuynhvkrur.exe" File not found
O4 - HKLM..\Run: [Fpcqrfloqcuazcyf.exe] "C:\Users\Krzychu\AppData\Roaming\Fpcqrfloqcuazcyf.exe" File not found
O4 - HKLM..\Run: [Gnarlaxpnacdkyoq.exe] "C:\Users\Krzychu\AppData\Roaming\Gnarlaxpnacdkyoq.exe" File not found
O4 - HKLM..\Run: [Helpzuxsgtaqwxni.exe] C:\Users\Piotrek\AppData\Roaming\Helpzuxsgtaqwxni.exe (NoVirusThanks Company Srl)
O4 - HKLM..\Run: [Jbqliuexqbmlubdi.exe] "C:\Users\Krzychu\AppData\Roaming\Jbqliuexqbmlubdi.exe" File not found
O4 - HKLM..\Run: [Jcglfhumgfslehna.exe] "C:\Users\Piotrek\AppData\Roaming\Jcglfhumgfslehna.exe" File not found
O4 - HKLM..\Run: [Jfonnompldrqpaep.exe] "C:\Users\Piotrek\AppData\Roaming\Jfonnompldrqpaep.exe" File not found
O4 - HKLM..\Run: [Kxrwlzbbossttmdr.exe] "C:\Users\Piotrek\AppData\Roaming\Kxrwlzbbossttmdr.exe" File not found
O4 - HKLM..\Run: [Lmyydvskxrqcrprx.exe] "C:\Users\Krzychu\AppData\Roaming\Lmyydvskxrqcrprx.exe" File not found
O4 - HKLM..\Run: [lsm.exe] "C:\Users\Piotrek\AppData\Local\lsm.exe" File not found
O4 - HKLM..\Run: [Lwdozwdfornamzph.exe] "C:\Users\Piotrek\AppData\Roaming\Lwdozwdfornamzph.exe" File not found
O4 - HKLM..\Run: [Mogzoumzekvpcrpu.exe] "C:\Users\Krzychu\AppData\Roaming\Mogzoumzekvpcrpu.exe" File not found
O4 - HKLM..\Run: [Odirptkhqrnkrqil.exe] "C:\Users\Piotrek\AppData\Roaming\Odirptkhqrnkrqil.exe" File not found
O4 - HKLM..\Run: [Okpjbekasosfcihv.exe] "C:\Users\Piotrek\AppData\Roaming\Okpjbekasosfcihv.exe" File not found
O4 - HKLM..\Run: [Pavtfoyepjkjrubq.exe] "C:\Users\Piotrek\AppData\Roaming\Pavtfoyepjkjrubq.exe" File not found
O4 - HKLM..\Run: [Ptpmelnypbxfcyrp.exe] "C:\Users\Piotrek\AppData\Roaming\Ptpmelnypbxfcyrp.exe" File not found
O4 - HKLM..\Run: [Qmxwqssxjscbmzdv.exe] "C:\Users\Krzychu\AppData\Roaming\Qmxwqssxjscbmzdv.exe" File not found
O4 - HKLM..\Run: [Sdllgzacpuigcdlm.exe] "C:\Users\Piotrek\AppData\Roaming\Sdllgzacpuigcdlm.exe" File not found
O4 - HKLM..\Run: [services.exe] "C:\Users\Krzychu\AppData\Local\services.exe" File not found
O4 - HKLM..\Run: [Uvvgmpifzvluuxvv.exe] "C:\Users\Krzychu\AppData\Roaming\Uvvgmpifzvluuxvv.exe" File not found
O4 - HKLM..\Run: [Vdrfxpzyghxnolwo.exe] "C:\Users\Krzychu\AppData\Roaming\Vdrfxpzyghxnolwo.exe" File not found
O4 - HKLM..\Run: [Xftnkucqljlhuelz.exe] "C:\Users\Piotrek\AppData\Roaming\Xftnkucqljlhuelz.exe" File not found
O4 - HKLM..\Run: [Zjszwpzrudqeteif.exe] "C:\Users\Piotrek\AppData\Roaming\Zjszwpzrudqeteif.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Evjadmthvsofzhnk.exe] "C:\Users\Krzychu\AppData\Roaming\Evjadmthvsofzhnk.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Fbnhgmtuulgzeido.exe] "C:\Users\Krzychu\AppData\Roaming\Fbnhgmtuulgzeido.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Fernxzfktczzkjjy.exe] "C:\Users\Krzychu\AppData\Roaming\Fernxzfktczzkjjy.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Fpcqrfloqcuazcyf.exe] "C:\Users\Krzychu\AppData\Roaming\Fpcqrfloqcuazcyf.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Gnarlaxpnacdkyoq.exe] "C:\Users\Krzychu\AppData\Roaming\Gnarlaxpnacdkyoq.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Jbqliuexqbmlubdi.exe] "C:\Users\Krzychu\AppData\Roaming\Jbqliuexqbmlubdi.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Lmyydvskxrqcrprx.exe] "C:\Users\Krzychu\AppData\Roaming\Lmyydvskxrqcrprx.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Mogzoumzekvpcrpu.exe] "C:\Users\Krzychu\AppData\Roaming\Mogzoumzekvpcrpu.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Network Settings] C:\ProgramData\Network Settings\qepprdynn.exe (The UPX Team http://upx.sf.net)
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Qmxwqssxjscbmzdv.exe] "C:\Users\Krzychu\AppData\Roaming\Qmxwqssxjscbmzdv.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [services.exe] "C:\Users\Krzychu\AppData\Local\services.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Uvvgmpifzvluuxvv.exe] "C:\Users\Krzychu\AppData\Roaming\Uvvgmpifzvluuxvv.exe" File not found
O4 - HKU\S-1-5-21-1517631229-2190991187-389281031-1000..\Run: [Vdrfxpzyghxnolwo.exe] "C:\Users\Krzychu\AppData\Roaming\Vdrfxpzyghxnolwo.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.exe (Desktop® Corporation)
O32 - AutoRun File - [2014-04-17 08:17:32 | 000,003,918 | ---- | M] () - N:\autorun.inf -- [FAT32]
:Files
C:\Users\Krzychu\AppData\Roaming\*.exe
C:\Users\Krzychu\AppData\Local\*.exe
N:\snkb0pt
:Commands
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

Pokaż nowy raport UsbFix z opcji Listing.

Pobierz Farbar Recovery Scan Tool 64-Bit Version

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.