Wirus tworzy skróty pendrive

spongez · 30 Marzec 2022 16:00

Witam,
Tak jak w temacie każdy podpięty pendrive zostaje zamieniony na skrót. Poniżej logi:

Addition.txt (52,5 KB)
FRST.txt (52,0 KB)

ThetaETX · 1 Kwiecień 2022 12:05

Problem rozwiązany. Zalecono wykonanie pełnego skanu RogueKillerem oraz fixlist podanego poniżej.

SystemRestore: On
CreateRestorePoint:
CloseProcesses:
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
File: C:\ProgramData\efiLINQ\efiLINQ.exe
Task: {041BAEC3-EC2C-4E30-ACBF-2664FCD5031A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (Brak pliku)
Task: {11E4223D-C905-471D-BD13-97FBC24D7ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (Brak pliku)
Task: {19A0A3D2-FCF3-4B76-A57B-E73665A7598C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (Brak pliku)
Task: {29270BFE-4D75-4C6F-A21A-8550F18B7267} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (Brak pliku)
Task: {3B7C8315-CE6A-41CE-8A22-7F31005175BE} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Disable (Brak pliku)
Task: {4134ADB8-B2D9-4A8A-8D36-8E0915E0DFCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (Brak pliku)
Task: {5DDA3401-832D-488E-9595-B88BB2C644F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (Brak pliku)
Task: {5F0BD018-4C9E-407D-B462-A809A560C53E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA (Brak pliku)
Task: {6DE1B335-099E-4204-80FB-8027681B5410} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (Brak pliku)
Task: {87240A30-C5C6-4E6D-B34A-506707442FC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (Brak pliku)
Task: {C755A59C-5452-4D8F-96DE-7D3B9C93AE5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (Brak pliku)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\Run: [MicrosoftEdgeAutoLaunch_ECE8D3D813F48291574DCD17432D0C4B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\MountPoints2: {3013f705-4775-11ec-932c-a0d3c127bead} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\MountPoints2: {30b3442b-24df-11ec-931d-acfd27583924} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\MountPoints2: {4867448d-d1cb-11e8-920e-a0d3c127bead} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\MountPoints2: {6453154d-a687-11ec-9354-a0d3c127bead} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-696834628-1386451695-4253651740-1003\...\MountPoints2: {86ac65ee-2b21-11ec-9320-a0d3c127bead} - "F:\HiSuiteDownLoader.exe" 
Task: {7AB389AF-9A80-48A9-83D7-57D60F128AE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono]
Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono]
Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono]
Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono]
2022-03-30 08:34 - 2022-03-30 08:34 - 000000000 ____D C:\Users\JODA DRUK\Downloads\FRST-OlderVersion
CustomCLSID: HKU\S-1-5-21-696834628-1386451695-4253651740-1003_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => Brak pliku
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Brak pliku
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
Tcpip\..\Interfaces\{06d72e3c-2503-4399-9e0e-a3fe7e636cc9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{09d3a9b5-afae-4c5c-8004-8c073be1aaf7}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{8ac9d67d-6ee1-47ca-8dbb-623f1215e232}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b3db9438-754d-4ad4-bb02-0952fe5d3f17}: [NameServer] 1.1.1.1,1.0.0.1
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} 
EmptyTemp:

system · 28 Wrzesień 2022 12:06

Ten temat został automatycznie zamknięty 180 dni po ostatnim wpisie. Tworzenie nowych odpowiedzi nie jest już możliwe.