Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus tworzący skrót na pen drive .

i.tb 14 Kwi 2016 23:15 444 3
  • Pomocny post
    #2 15 Kwi 2016 06:24
    krzychupar
    Poziom 40  

    Odinstaluj:
    BESTplayer Packages (HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\BESTplayer Packages) (Version: - ) <==== UWAGA
    BrowseMark (HKLM\...\BrowseMark) (Version: 2014.04.15.204612 - BrowseMark) <==== UWAGA
    Image Editor Packages (HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\Image Editor Packages) (Version: - ) <==== UWAGA
    Update for Image Editor (HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\DigitalSite) (Version: - ) <==== UWAGA
    Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== UWAGA
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)

    Otwórz notatnik i wklej:
    CustomCLSID: HKU\S-1-5-21-1078081533-1500820517-725345543-1003_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\DOCUME~1\Gosia\Pulpit\BESTPL~1.EXE => Brak pliku
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Gosia\DANEAP~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    HKLM\...\RunOnce: [] => [X]
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {07d51e7a-06c6-11e4-bef4-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {07d51e7e-06c6-11e4-bef4-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {0c07e83c-b6e9-11e4-806a-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {29f68c0a-a567-11e5-823b-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {38772a8c-aae0-11e4-804b-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {38772a8e-aae0-11e4-804b-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {426a6cc4-073f-11e4-bef5-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {59f9be24-8e8c-11e4-bff9-001e3300128d} - F:\AutoRun.exe
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\...\MountPoints2: {f94c07b2-d08a-11e4-80a4-001e3300128d} - F:\AutoRun.exe
    AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\261694~1.246\{c16c1~1\bitguard.dll => Brak pliku
    Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2015-07-09]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\rvlkl.lnk [2014-03-14]
    ShortcutTarget: rvlkl.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\rvlkl\rvlkl.exe (Logixoft)
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA




    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9160821AS_5MA7BVM7XXXX5MA7BVM7&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9160821AS_5MA7BVM7XXXX5MA7BVM7&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1078081533-1500820517-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: [S-1-5-21-1078081533-1500820517-725345543-1003] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9160821AS_5MA7BVM7XXXX5MA7BVM7&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9160821AS_5MA7BVM7XXXX5MA7BVM7&q={searchTerms}
    SearchScopes: HKLM -> {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    SearchScopes: HKU\S-1-5-21-1078081533-1500820517-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1078081533-1500820517-725345543-1003 -> {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    Toolbar: HKU\.DEFAULT -> Brak nazwy - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - Brak pliku
    S4 IntelIde; Brak ImagePath
    U1 WS2IFSL; Brak ImagePath
    2016-04-14 22:20 - 2013-10-02 17:20 - 00000426 _____ C:\WINDOWS\Tasks\At1.job
    C:\Windows\Tasks\At1.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 15 Kwi 2016 13:52
    i.tb
    Poziom 2  

    Pomogło, dzięki wielkie za pomoc.

    0
  • #4 15 Kwi 2016 22:00
    krzychupar
    Poziom 40  

    Usuń C:\FRST i zamknij temat.
    Wirus tworzący skrót na pen drive .

    0