Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Na pendrive po podłączeniu do laptopa tworzą się skróty

copyrighted 16 Lis 2017 18:31 171 3
  • Pomocny post
    #2 16 Lis 2017 18:36
    Kolobos
    Spec od komputerów

    Bezuzyteczny TrendMicro nic nie wykrywa? Swietny program...

    Odinstaluj Google Toolbar for Internet Explorer

    Wykonaj Fixlist.txt:
    Task: {EBD88B96-5789-41F0-B11F-C3AED17EACF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    () C:\Users\Bączek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cb0d9380ff3fdea4d07500dd0f7bead5.exe
    () Q:\140066.plk\Office14\WINWORDC.EXE
    () Q:\140066.plk\Office14\WINWORDC.EXE
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [DriverUpdaterPro] => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Bączek\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [explor] => C:\Users\BCZEK~1\AppData\Local\Temp\bjdz\svchost.exe [168960 2013-10-12] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [tmp95BE] => wscript.exe //B "C:\Users\BCZEK~1\AppData\Local\Temp\tmp95BE.tmp.vbs" <==== UWAGA
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [tmpA539] => wscript.exe //B "C:\Users\BCZEK~1\AppData\Local\Temp\tmpA539.tmp.vbs" <==== UWAGA
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\...\Run: [164ef14159d2916331ad5e2141c6c584] => C:\Users\Bączek\AppData\Roaming\Chrome.exe .. [6144 2017-01-09] (Microsoft)
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
    Startup: C:\Users\Bączek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cb0d9380ff3fdea4d07500dd0f7bead5.exe [2016-03-06] ()
    Startup: C:\Users\Bączek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explor.vbs [2016-02-07] ()
    Startup: C:\Users\Bączek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp95BE.tmp.vbs [2016-08-19] ()
    Startup: C:\Users\Bączek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA539.tmp.vbs [2016-08-19] ()
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-4094108465-1639312565-1156386150-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox




    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-4094108465-1639312565-1156386150-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4094108465-1639312565-1156386150-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4094108465-1639312565-1156386150-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    2017-11-15 13:56 - 2017-11-15 13:56 - 007649280 _____ C:\Program Files (x86)\GUT5073.tmp
    2017-11-15 13:56 - 2017-11-15 13:56 - 000000000 ____D C:\Program Files (x86)\GUM5072.tmp
    2016-07-29 19:48 - 2016-07-29 19:48 - 000000000 _____ () C:\Program Files (x86)\GUT1D18.tmp
    2016-05-11 06:19 - 2016-05-11 06:19 - 006748160 _____ () C:\Program Files (x86)\GUT1E0C.tmp
    2017-11-15 13:56 - 2017-11-15 13:56 - 007649280 _____ () C:\Program Files (x86)\GUT5073.tmp
    2017-04-30 09:05 - 2017-04-30 09:05 - 000000000 _____ () C:\Program Files (x86)\GUT6543.tmp
    2017-04-12 13:57 - 2017-04-12 13:57 - 000000000 _____ () C:\Program Files (x86)\GUT9929.tmp
    2016-12-17 07:13 - 2016-12-17 07:13 - 007680000 _____ () C:\Program Files (x86)\GUTE6D4.tmp
    2016-09-21 16:39 - 2017-01-09 19:58 - 000006144 _____ (Microsoft) C:\Users\Bączek\AppData\Roaming\Chrome.exe
    C:\Users\BCZEK~1\AppData\Local\Temp\bjdz\svchost.exe
    EmptyTemp:



    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 16 Lis 2017 19:34
    Kolobos
    Spec od komputerów

    Wszystko wyglada ok, usun katalog C:\FRST i to wszystko.

    0