Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus - Foldery jako skroty na pendrive

Doggebi 12 Maj 2016 21:18 636 8
  • #1 12 Maj 2016 21:18
    Doggebi
    Poziom 4  

    Witam jak w temacie mam ten oto problem. Nie wiem co zrobić żeby nie tracić tych folderów ani ich zawartości. Proszę o bardzo szybka pomoc bo na jutro muszę mieć te pliki. Tyle co zrobiłem to przeskanowałem pendriva za pomocą USBfix i o to log który otrzymałem:

    Spoiler:
    ############################## | UsbFix V 8.237 | [Research]

    User: Luczak Dominika (Administrator) # LAPTOP-BMN3VFNU
    Updated 12/05/2016 by SOSVirus
    Started at 20:51:54 | 12/05/2016

    ################## | System information |

    MB: LENOVO (Lenovo G50-80)
    CPU: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
    RAM -> [Total : 4010 Mo | Free : 1484 Mo]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft™ Windows 10 Home (6.3.10586 64-Bit)
    WB: Internet Explorer : 11.00.10586.0
    WB: Microsoft Edge : 11.00.10586.218 (th2_release.160401-1800)
    WB: Google Chrome : 50.0.2661.94
    WB: Opera : 37.0.2178.43

    ################## | Security Information |

    AV: Windows Defender [(!) Disabled |Updated]
    AV: Protection antivirus et antispyware McAfee [Enabled |Updated]
    AS: Windows Defender [(!) Disabled |Updated]
    AS: Protection antivirus et antispyware McAfee [Enabled |Updated]
    FW: Pare-feu McAfee [Enabled]
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C:\ (%SystemDrive%) -> Fixed disk # 886 Gb (816 Gb free - 92%) [Windows] # NTFS
    D:\ -> Fixed disk # 25 Gb (23 Gb free - 91%) [LENOVO] # NTFS
    E:\ -> CD-ROM # 0 Mb (0 Mb free - -9223372036854775807%) [Audio CD] # CDFS
    G:\ -> Removable disk # 4 Gb (3 Gb free - 93%) [USB DISK] # FAT32

    ################## | Startup |

    F2 - HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
    04 - HKCU\..\Run : [OneDrive] "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    04 - HKCU\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    04 - HKCU\..\Run : [PhotoMasterImportAgent] "C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe" importagent
    04 - HKCU\..\RunOnce : [Uninstall C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
    04 - HKCU\..\RunOnce : [Uninstall C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1"




    04 - HKLM\..\Run : [CLMLServer_For_P2G8] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe"
    04 - HKLM\..\Run : [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
    04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    04 - HKLM\..\Run : [snp2uvc] C:\Windows\vsnp2uvc.exe
    04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    04 - [x64] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
    04 - [x64] HKLM\..\Run : [ForteConfig] "C:\Program Files\Conexant\ForteConfig\fmapp.exe"
    04 - [x64] HKLM\..\Run : [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
    04 - [x64] HKLM\..\Run : [SmartAudio] "C:\Program Files\CONEXANT\SAII\SACpl.exe" /t
    04 - [x64] HKLM\..\Run : [LenovoUtility] "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
    04 - [x64] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
    04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\Run : [OneDrive] "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\Run : [PhotoMasterImportAgent] "C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe" importagent
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\RunOnce : [Uninstall C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
    04 - HKU\S-1-5-21-1843125334-3545965811-2526254141-1001\..\RunOnce : [Uninstall C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Luczak Dominika\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1"
    04GS - McAfee Security Scan Plus.lnk : C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe

    ################## | Generic Research |

    Found! G:\.Trashes.lnk
    Found! G:\.fseventsd.lnk
    Found! G:\.Spotlight-V100.lnk
    Found! G:\.TemporaryItems.lnk
    Found! G:\diaporama.lnk
    Found! G:\System Volume Information.lnk
    Found! G:\Excel.lnk
    Found! G:\Word.lnk

    Analysed in 13.41 seconds


    Edytowałem. RADU23
    P.S. Nie wiedziałem jak inaczej wstawić loga w USBfix

    0 8
  • Pomocny post
    #2 12 Maj 2016 21:24
    Kolobos
    Spec od komputerów

    Po nacisnieciu Wirus - Foldery jako skroty na pendrive na dole masz opcje dodawania zalacznikow.

    W USBFix wybierz Clean. Zamiesc tez logi z FRST w zalaczniku.

    0
  • #3 12 Maj 2016 22:16
    Doggebi
    Poziom 4  

    Ale jezeli zcisne clean nie usunie to folderow?

    0
  • Pomocny post
    #4 12 Maj 2016 22:17
    Kolobos
    Spec od komputerów

    Usunie tylko infekcje. Zrob to co napisalem.

    Zreszta wszystko co usuwa usbfix trafia do C:\USBFix.

    0
  • Pomocny post
    #6 12 Maj 2016 22:33
    RADU23
    Moderator - Komputery Serwis

    Doggebi napisał:
    Ok mam to jest log z FRST

    Jeszcze log Addition.txt

    0
  • Pomocny post
    #8 12 Maj 2016 22:39
    Kolobos
    Spec od komputerów

    Odinstaluj McAfee Security Scan.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {8D4B88C1-6994-4316-A1DD-DFDF2601F9C7} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {BA1FC78E-9934-4A3C-8546-070250F9AE45} - System32\Tasks\Opera scheduled Autoupdate 1457645608 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {F7B03844-5628-4565-A112-18C747AD6645} - System32\Tasks\{01A2BE6E-BDAD-4BB8-9D0A-5A793466C027} => pcalua.exe -a C:\Games\World_of_Warships\unins000.exe
    HKLM-x32\...\RunOnce: [] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-02]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    Hosts: 0.0.0.1 mssplus.mcafee.com
    S2 0262371461081189mcinstcleanup; C:\WINDOWS\TEMP\026237~1.EXE -cleanup -nolog [X]
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #9 12 Maj 2016 23:01
    Doggebi
    Poziom 4  

    Sie robi ;)

    Dodano po 19 [minuty]:

    dziala, dzieki wielkie panowie.

    Dodano po 55 [sekundy]:

    Mozna zamknac :)

    0