Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus tworzy skrót folderu na pendrive.

icarla 01 Cze 2016 12:13 579 5
  • Pomocny post
    #2 01 Cze 2016 13:34
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj 7-Zip 9.20 i McAfee Security Scan Plus.

    Cytat:

    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-2738219880-464994963-4236387451-1000_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" => Brak pliku
    Task: {330013F7-E517-4A68-9C11-0A01910C87BE} - System32\Tasks\Opera scheduled Autoupdate 1418738565 => C:\Program Files\Opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {DF7E417F-01F3-4F6B-B93A-94F41E6C5A03} - System32\Tasks\{F698D311-DA17-4EF9-8EAC-975B438D1A81} => pcalua.exe -a C:\Users\admin\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\Run: [home] => wscript.exe //B "C:\Users\admin\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {05d32c11-0693-11e5-a4a3-0019665c696b} - E:\LGAutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {065a9627-ac43-11e4-aae3-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {067fbdf8-7971-11e5-abed-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {0b4c9814-1ee7-11e5-a5dc-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {0c3a0d2f-e12f-11e5-be34-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {2b0bcbcf-71a3-11e5-a3ec-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {2b0bcc53-71a3-11e5-a3ec-0019665c696b} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {2b8bac73-ec16-11e5-bb05-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {3a369367-f28f-11e5-b933-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {3f2eaf9f-0442-11e5-8895-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {4175ab9c-6387-11e5-9c85-0019665c696b} - F:\KODAK_Software_Downloader.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {4ac47a91-a8a5-11e5-a545-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {51019195-262c-11e5-9591-0019665c696b} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {535f0a7c-0d27-11e6-acbe-0019665c696b} - E:\laucher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {5f23a782-02a3-11e5-a467-0019665c696b} - G:\MotoCastSetup.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {7cca856a-632e-11e4-b878-0019665c696b} - F:\LaunchU3.exe -a




    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {83a98ba6-60d3-11e4-85a5-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {83a98bb8-60d3-11e4-85a5-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {86f035aa-1675-11e5-83e0-0019665c696b} - F:\laucher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {86f038a2-1675-11e5-83e0-0019665c696b} - G:\laucher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {882e9e54-bf27-11e4-9949-0019665c696b} - F:\LGAutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {88f3f47e-0f34-11e5-98e2-0019665c696b} - G:\DT4000_Launcher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {9989fbf9-57bf-11e5-afbd-0019665c696b} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {9a75f159-c986-11e4-9bb4-0019665c696b} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {a085ff86-e408-11e4-b17e-0019665c696b} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {a1d31f47-c9b6-11e5-a5a7-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {a3af8975-7ab8-11e4-9a57-0019665c696b} - F:\laucher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {a3af89b3-7ab8-11e4-9a57-0019665c696b} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {ac2b777f-523f-11e5-a4d3-0019665c696b} - E:\autorun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {c159ccdb-5850-11e5-b2b6-0019665c696b} - F:\DTVP_Launcher.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {d226f734-6825-11e5-8df4-0019665c696b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {d810057c-753b-11e4-9ad0-0019665c696b} - E:\Autoruns.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {e77f82c9-b028-11e4-bc39-0019665c696b} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {e883659d-602d-11e5-825d-0019665c696b} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {e8c296b6-59d0-11e4-90d4-0019665c696b} - E:\AutoRun.exe
    HKU\S-1-5-21-2738219880-464994963-4236387451-1000\...\MountPoints2: {e8c296cb-59d0-11e4-90d4-0019665c696b} - F:\AutoRun.exe
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-31]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    SearchScopes: HKU\S-1-5-21-2738219880-464994963-4236387451-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2738219880-464994963-4236387451-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    FF SelectedSearchEngine: istartsurf
    FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\g94vaa1f.default\user.js [2015-06-29]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
    CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=14341...rom=xtab&uid=8D68B7B3F9BB4d3cAE39AF7421B44C4F
    CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1434113187&from=xtab&uid=8D68B7B3F9BB4d3cAE39AF7421B44C4F"
    CHR DefaultSearchURL: Default -> hxxp://www.istartsurf.com/web/?type=dspp&ts=1...=xtab&uid=8D68B7B3F9BB4d3cAE39AF7421B44C4F&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> istartsurf
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
    S1 zsnvbzyu; \??\C:\Windows\system32\drivers\zsnvbzyu.sys [X]
    2016-05-27 12:30 - 2016-05-27 12:36 - 00000000 ____D C:\AdwCleaner
    2016-05-24 14:34 - 2015-09-08 22:04 - 00092629 ___SH C:\Users\admin\AppData\Roaming\home.vbe
    2016-05-24 14:34 - 2015-09-08 22:04 - 0092629 ___SH () C:\Users\admin\AppData\Roaming\home.vbe
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #3 01 Cze 2016 15:36
    icarla
    Poziom 2  

    Dziękuję za pomoc.

    0
  • #5 02 Cze 2016 08:29
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.

    0
  • #6 26 Paź 2016 12:35
    icarla
    Poziom 2  

    Zrobiłam wszystko w/g zaleceń powyżej.
    Dziękuję

    0