Witam. :D 

Mam problem z laptopem.

Jest jakiś wirus który przy przenoszeniu plików tworzy ich skróty,

czasami też potrafi sam się wyłączyć.

Mam windows 7 64 bit.

Oto logi:

FRST  http://www.wklej.org/id/1680933/

Addition  http://www.wklej.org/id/1680934/

Z góry dzięki za pomoc :D 

Pozdrawiam i wesołych

Otwórz notatnik systemowy i wklej:

Hosts:
Task: {2AF52FD3-1CC8-4247-AEB5-0CE6216387E0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1515342540-3245433503-3058492356-1000UA = C:\Users\Daria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-25] (Facebook Inc.)
Task: {A6355AFC-72A2-4090-940B-3FF60D43BC19} - System32\Tasks\Windows Updater = C:\Users\Daria\AppData\Roaming\WindowsUpdate\Updater.exe [2015-04-06] ()
Task: {FBFE0CA7-733A-4931-BD3C-50A58B8167BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1515342540-3245433503-3058492356-1000Core = C:\Users\Daria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-25] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1515342540-3245433503-3058492356-1000Core.job = C:\Users\Daria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1515342540-3245433503-3058492356-1000UA.job = C:\Users\Daria\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Update Installer] = C:\Users\Daria\AppData\Roaming\WindowsUpdate\Updater.exe [253952 2015-04-06] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Vpxkxf] = C:\Users\Daria\AppData\Roaming\Microsoft\Windows\themes\Vpxkxf.exe [276992 2015-04-04] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Live] = C:\Users\Daria\AppData\Roaming\Windows Live\dprjdydnya.exe [0 2015-04-06] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Update Manager] = C:\Users\Daria\AppData\Roaming\WindowsUpdate\MSupdate.exe [162816 2015-04-06] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Live Installer] = C:\Users\Daria\AppData\Roaming\WindowsUpdate\Live.exe [190976 2015-04-06] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Policies\Explorer\Run: [Windows Live] = C:\Users\Daria\AppData\Roaming\Windows Live\dprjdydnya.exe [0 2015-04-06] ()
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Winlogon: [Shell] C:\Users\Daria\AppData\Roaming\WindowsUpdate\MSupdate.exe,explorer.exe,C:\Users\Daria\AppData\Roaming\Update\MSupdate.exe ==== ATTENTION
2015-04-06 11:02 - 2015-04-06 11:02 - 00738232 _____ (Generic internet ) C:\Users\Daria\Downloads\Photoscape(12505)-dp.exe
2015-04-06 11:01 - 2015-04-06 11:01 - 00738232 _____ (Generic internet ) C:\Users\Daria\Downloads\Photo-Editor(12394)-dp.exe
2015-04-05 18:44 - 2015-04-05 18:44 - 00003248 _____ () C:\Windows\System32\Tasks\Windows Live
2015-03-18 16:24 - 2015-03-18 16:24 - 00003254 _____ () C:\Windows\System32\Tasks\Windows Updater
2015-03-18 16:23 - 2015-04-06 12:07 - 00000000 ____ D () C:\Users\Daria\AppData\Roaming\WindowsUpdate
2015-04-05 18:44 - 2014-10-26 09:51 - 00000000 ____ D () C:\Users\Daria\AppData\Roaming\eounjsrpvkjviugqbtq
2014-12-10 18:15 - 2015-04-06 12:07 - 0253952 _____ () C:\Users\Daria\AppData\Roaming\c731200
2014-12-17 23:09 - 2014-12-17 23:09 - 0028928 _____ () C:\Users\Daria\AppData\Local\Bron.tok.A12.em.bin
2014-12-10 18:23 - 2014-12-10 18:23 - 0000051 _____ () C:\Users\Daria\AppData\Local\Kosong.Bron.Tok.txt
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Zrobiłem zgodnie z instrukcją :D 

Proszę :D 

FRST: http://www.wklej.org/id/1681888/

PS. notatnik systemowy po włącza się i od razu zamyka. muszę używać WordPad.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.1.4.1018.exe

Pokaż nowe logi z FRST.

WordPad to jest notatnik systemowy.

A program Notepad to nie notatnik?

Mój błąd.Notepad to notatnik systemowy.

Prosze.

FRST: http://www.wklej.org/id/1682143/

coś jeszcze? :D 

 a co z notatnikiem? :D 

Otwórz notatnik systemowy i wklej:

CloseProcesses:
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Vpxkxf] = C:\Users\Daria\AppData\Roaming\Microsoft\Windows\themes\Vpxkxf.exe
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Live] = C:\Users\Daria\AppData\Roaming\Windows Live\dprjdydnya.exe
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Update Installer] = C:\Users\Daria\AppData\Roaming\WindowsUpdate\Updater.exe
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Run: [Windows Live Installer] = C:\Users\Daria\AppData\Roaming\WindowsUpdate\Live.exe
HKU\S-1-5-21-1515342540-3245433503-3058492356-1000\...\Policies\Explorer\Run: [Windows Live] = C:\Users\Daria\AppData\Roaming\Windows Live\dprjdydnya.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPTq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPTq={searchTerms}
SearchScopes: HKU\S-1-5-21-1515342540-3245433503-3058492356-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR HomePage: Default - hxxp://do-search.com/?type=hpts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPT
CHR StartupUrls: Default - "hxxp://do-search.com/?type=hpts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPT"
CHR DefaultSearchKeyword: Default - do-search
BHO-x32: Assist Point - {dc727a8c-7582-483c-a1c2-2b885f099bb5} - C:\Program Files (x86)\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll [2015-04-06] ()
CHR DefaultSearchURL: Default - http://do-search.com/web/?type=dsts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPTq={searchTerms}
CHR Extension: (Assist Point) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdbnhhmdohncpgafdllmmlekmlabeoi [2015-04-07]
OPR StartupUrls: "hxxp://do-search.com/?type=hpts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPT"
R2 Update Mgr AssistPoint; C:\Program Files (x86)\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56\updater.exe [559856 2015-04-07] ()
2015-04-07 13:19 - 2015-04-07 17:30 - 00000000 ____ D () C:\Users\Daria\AppData\Roaming\WindowsUpdate
2015-04-07 13:19 - 2015-04-07 13:19 - 00003254 _____ () C:\Windows\System32\Tasks\Windows Updater
2015-04-07 13:19 - 2015-04-07 13:19 - 00003248 _____ () C:\Windows\System32\Tasks\Windows Live
2015-04-06 15:05 - 2015-04-06 15:05 - 00000000 ____ D () C:\Users\Daria\AppData\Roaming\do-search
2015-04-06 14:53 - 2015-04-06 14:54 - 00000000 ____ D () C:\Program Files (x86)\Assist Point

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Proszę.

fixlog.txt: http://www.wklej.org/id/1682537/

 FRST: http://www.wklej.org/id/1682542/

czekam na kolejne instrukcje

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6960864 2014-10-26] (Realtek Semiconductor)
CHR DefaultSearchKeyword: Default - do-search
CHR DefaultSearchURL: Default - http://do-search.com/web/?type=dsts=1428325469from=coruid=TOSHIBAXMK6475GSX_71IJT1YPTXX71IJT1YPTq={searchTerms}
CHR Extension: (Assist Point) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdbnhhmdohncpgafdllmmlekmlabeoi [2015-04-07]
R2 Update Mgr AssistPoint; C:\Program Files (x86)\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56\Updater.exe [559856 2015-04-07] ()
2015-04-07 23:01 - 2015-04-07 23:01 - 00000000 ____ D () C:\Program Files (x86)\Assist Point

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

A pokazać coś? :D 

czy już koniec? 

:-P Możesz palec pokazać.Skasuj folder C:\FRST

OK wielkie dzięki za pomoc

Pozdrawiam