Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus ukrywający pliki na pendrive.

tomek1986022 30 Cze 2015 11:52 549 1
  • Pomocny post
    #2 30 Cze 2015 12:37
    Acorus 20
    Spec od komputerów

    Włącz przywracanie systemu. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msovjfc.exe <===== ATTENTION
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {0ca1fb57-0435-11e5-b938-d8cb8a317480} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {10a4d391-09b5-11e5-9cec-d8cb8a317480} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {43a27096-1021-11e5-8c1a-d8cb8a317480} - G:\.\Driver\DriverInstaller.exe -eject
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {4a0cca94-fa41-11e4-bb73-806e6f6e6963} - F:\DVDSetup.exe
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {515e76dd-0e80-11e5-af41-d8cb8a317480} - G:\./MTP/LMPC.exe
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {515e7766-0e80-11e5-af41-d8cb8a317480} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {515e7885-0e80-11e5-af41-d8cb8a317480} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {78007033-02a2-11e5-8344-d8cb8a317480} - G:\MediaManager.exe
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {853564fa-1322-11e5-bc60-d8cb8a317480} - G:\start.exe
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {a27868a5-052c-11e5-b6c9-d8cb8a317480} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2350049852-3801601513-849233071-1000\...\MountPoints2: {ccc22956-09d0-11e5-b64a-d8cb8a317480} - G:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    S3 MFE_RR; \??\C:\Users\KSEMAR\AppData\Local\Temp\mfe_rr.sys [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    2015-06-30 10:29 - 2015-06-30 10:29 - 00000000 ____D C:\AdwCleaner
    C:\ProgramData\msovjfc.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    0