Wirus tworzący skróty na Pendrive

Szczyl · 27 Czerwca 2015

Witam,

Tak jak w temacie kilka razy już z tym walczyłem prosze o profesjonalną pomoc

WINDOWS 7 64 Bit

UsbFix Listing 1 PIOTR-KOMPUTER.txt

Addition.txt

FRST.txt

Gmer.txt

jessica · 29 Czerwca 2015

1. Odinstaluj niepotrzebny do niczego Akamai NetSession Interface.

2. Otwórz Notatnik i wklej w nim:

C:\Users\Piotr\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

HKU\S-1-5-21-2773447309-4165682760-850709354-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msivxdc.exe <===== ATTENTION

R2 VSSS; C:\Users\Piotr\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [98436224 2015-06-23] (Microsoft Corporation) [File not signed]

HKU\S-1-5-21-2773447309-4165682760-850709354-1000\...\Policies\Explorer: []

CMD: attrib /d /s -s -h H:\*

CMD: attrib /d /s -s -h I:\*

CMD: attrib /d /s -s -h J:\*

H:\ *.LNK

I:\ *.LNK

J:\ *.LNK

C:\Windows\Minidump\*.dmp

Task: {364DEFD3-2564-43DD-9E3D-705D7BD58E95} - System32\Tasks\{7C7B15FD-1BEB-461E-8999-AC92E9521F7E} => pcalua.exe -a F:\CDSetup.exe -d F:\

C:\Users\Piotr\AppData\Local\Akamai\netsession_win.exe

HKLM-x32\...\Run: [fst_pl_96] => [X]

HKLM-x32\...\RunOnce: [] => [X]

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-2773447309-4165682760-850709354-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Piotr\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\TestServer.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> "D:\Inventor\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxAppCtrl.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\iDrop.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\TI.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> "D:\Inventor\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> "D:\Inventor\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxAppDocView.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxAppDocView.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxTest.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtCp.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxAppCtrl.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\SolidObject.Dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\UCxTextBtn.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\UCxTextBtn.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\SolidObject.Dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\TestServer.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\BodyReceiver.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> D:\Inventor\Inventor 2015\Bin\Inventor.exe /Automation No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> D:\Inventor\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxApprenticeServer.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ColorButton.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ColorButton.Ocx No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DtBridge.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\AcInetUI.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\RxInventorUtilities.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\pl-PL\acadficn.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\TestServer.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F2D4F4E5-EEA1-46FF-A83B-A270C92DAE4B}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DTInterop.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\InvResc.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\ServiceModule.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> D:\Inventor\Inventor 2015\Bin\InvTXTStack.exe /Automation No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FD703B01-4362-423E-9BDB-91BDCB16C1C9}\InprocServer32 -> D:\Inventor\Inventor 2015\Bin\DTInterop.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-2773447309-4165682760-850709354-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

3. Wejdź po kolei na dyski H, I i J. Na nich są foldery "Removable Drive" do których infekcja przesunęła wszystkie dane.

Przenieś z tych folderów pliki poziom wyżej, a foldery "Removable Drive" przez SHIFT+DEL skasuj.

4. Zrób nowe logi: Farbar Service Scanner, FRST, USBFix LISTING.

jessi

Szczyl · 29 Czerwca 2015

Zrobiłem tak jak kazałaś.

Jeszcze mam pytanko czy możliwe jest żeby ten wirus zaifekował USB w samochodzie ponieważ z jednego z tych pendrivów słuchałem muzyki

Fixlog.txt

FRST.txt

Addition.txt

UsbFix Listing 2 PIOTR-KOMPUTER.txt

FSS.txt

picasso · 29 Czerwca 2015

Infekcji tu było kilka - jedna z nich nie została usunięta, nadal w starcie jest wpis malware msqoer.exe odpowiadający za tworzenie takich obiektów na pendrive. Apropos tej części instrukcji:

Wejdź po kolei na dyski H; I i J. Na nich są foldery "Removable Drive" do których infekcja przesunęła wszystkie dane.

Przenieś z tych folderów pliki poziom wyżej, a foldery "Removable Drive" przez SHIFT+DEL skasuj.

Te foldery nie miały widocznej nazwy, ich nazwa to "spacja" (wizualnie "bez nazwy") a nie "Removable Drive". Foldery te nadal są na wszystkich urządzeniach i to w formie ukrytej:

[28/05/2015 - 09:11:38 | SHD] - H:\ 
[23/06/2015 - 21:38:06 | SHD] - I:\ 

[17/06/2015 - 13:40:34 | SHD] - J:\

Kolejne akcje:

1. Zakładam, że dyski H, I, J są mapowane pod tymi samymi literami. Otwórz Notatnik i wklej w nim:

CloseProcesses:
HKLM\...\Policies\Explorer\Run: [1817807662] => C:\ProgramData\msqoer.exe [100130816 2010-11-21] (Redtail Technology)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
CHR HKU\S-1-5-21-2773447309-4165682760-850709354-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fnelgfmpooffemibikhmcklfnnimgijo] - C:\Users\Piotr\AppData\Local\CRE\fnelgfmpooffemibikhmcklfnnimgijo.crx [2014-04-01]
CHR HKLM-x32\...\Chrome\Extension: [fnelgfmpooffemibikhmcklfnnimgijo] - C:\Users\Piotr\AppData\Local\CRE\fnelgfmpooffemibikhmcklfnnimgijo.crx [2014-04-01]
C:\Program Files\DSHJYB1M.exe
C:\Program Files (x86)\is.dat
C:\Program Files (x86)\uik.dat
C:\ProgramData\msivxdc.exe
C:\ProgramData\msqoer.exe
C:\Users\Piotr\AppData\Local\CRE
RemoveDirectory: J:\Autorun.inf
CMD: attrib /d /s -s -h H:\*
CMD: attrib /d /s -s -h I:\*
CMD: attrib /d /s -s -h J:\*
CMD: netsh advfirewall reset
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Po wyżej wymienionej akcji wejdź na dyski H, I, J - z folderów "bez nazwy" przenieś wszystkie dane poziom wyżej, a foldery te skasuj.

3. Jedna z infekcji skasowała usługę Windows Defender. Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]

"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"

"ErrorControl"=dword:00000001

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00

"Start"=dword:00000002

"Type"=dword:00000020

"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"

"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00

"ObjectName"="LocalSystem"

"ServiceSidType"=dword:00000001

"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\

00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\

65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\

74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\

00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\

69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\

00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\

6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\

00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\

72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\

00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\

69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\

00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

00,00

"DelayedAutoStart"=dword:00000001

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]

"ServiceDllUnloadOnStop"=dword:00000001

"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\

00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\

20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\

00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]

"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\

05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\

00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\

84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\

00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\

05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\

04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\

01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo\0]

"Type"=dword:00000005

"Action"=dword:00000001

"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

Kliknij prawym na plik i z menu wybierz opcję Scal. Potwierdź import do rejestru. Zresetuj system.

4. Przywracanie systemu jest wyłączone:

==================== Restore Points ========================= 

ATTENTION: System Restore is disabled

Wejdź do Panelu sterowania do sekcji Przywracania systemu i włącz Ochronę dla dysku C.

5. Zrób nowe logi: FRST z opcji Scan (bez Addition i Shortcut), Farbar Service Scanner oraz USBFix z opcji Listing. Dołącz też plik fixlog.txt.

Szczyl · 29 Czerwca 2015

Dziękuję za wskazówki. Załączam potrzebne logi. I ponawiam pytanie o to auto xD czy jest to możliwe aby tam ten wirus się zainstalował to jest system BMW jak coś.

Fixlog.txt

FRST.txt

UsbFix Listing 3 PIOTR-KOMPUTER.txt

FSS.txt

picasso · 29 Czerwca 2015

I ponawiam pytanie o to auto xD czy jest to możliwe aby tam ten wirus się zainstalował to jest system BMW jak coś.

Nie wiem. Jestem w stanie sprawdzić tylko te urządzenia USB, które zostały podpięte do Windows i wykazane w skanie USBFix.

Wszystko wykonane, z tym że aktualnie log USBFix robiłeś bez podpiętego jednego z dysków USB (mapowany wcześniej jako H). Kolejne poprawki:

1. Otwórz Notatnik i wklej w nim:

Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
RemoveDirectory: C:\FRST\Quarantine

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Pokaż wynikowy fixlog.txt.

2. Zrób pełny skan systemu za pomocą Malwarebytes Anti-Malware. Jeśli coś wykryje, przedstaw raport wynikowy.

Szczyl · 29 Czerwca 2015

Wyniki skanu usunąć to co wykrył Malwarebytes ?

Malwerebytes.txt

Fixlog.txt

picasso · 29 Czerwca 2015

1. MBAM wykrył drobne rzeczy w kluczach Google Chrome - usuń za pomocą programu.

2. Zastosuj DelFix. Pobrany GMER usuń ręcznie.

3. Na wszelki wypadek pozmieniaj hasła logowania w ważnych serwisach (banki, poczta, etc.).

To tyle.

Zaloguj się

Wirus tworzący skróty na Pendrive

Rekomendowane odpowiedzi

Szczyl

Odnośnik do komentarza

jessica

Odnośnik do komentarza

Szczyl

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Szczyl

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Szczyl

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność