VIRY.CZ

Při vložení jakékoliv usb flešky (i nově zformátované) do PC se po nově vložených souborech (word, excel, pdf) na flešce objevuje hláška System volume information a další soubor se stejným názvem (zástupce) jako vládaný (napřiklad word soubor). Současně windows defender hlasí Našel se malware Windows defender ho odebírá". Hláška se objevuje při každém přechodu na flešku. Název havěti dle defenderu Worm: VBS/Jenxcus!lnk



Zkusil jsem Spybot, Malwarebytes anti-malware, Adw cleaner vše bez výsledku. Prosím o pomoc, srozumitelný návod pro blbce, krok po kroku jak a s čím havěť odstranit.
Prosím o shovívavost, nejsem žádný odborník. Předem děkuji za pomoc

Zdravím!
Na flešku pusťte USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 . Pak dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Soubory jsou velké, dal jsem je do příloh. ten USB Fix report je též třeba zaslat?

FRST

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\RunOnce: [] => [X]
HKU\S-1-5-21-798431979-707112409-3440404418-1000\...\Run: [Windows 7 Loader 2015 ] => wscript.exe //B "C:\Users\ERSZEB~1\AppData\Local\Temp\Windows 7 Loader 2015 .vbs" <===== ATTENTION
SearchScopes: HKU\S-1-5-21-798431979-707112409-3440404418-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {0667DCDF-B4EF-49FB-9562-6C59D344E70F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0C7D43F8-1429-43F8-9E9C-61A1655A8966} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {198D524B-C667-48E3-80CB-8F7E6BFEB099} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3F424098-C827-4501-8D12-8B5820816EA6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {403161D6-432C-4A1D-8524-39DD41459310} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {546E8FE2-1A2D-4EEF-8687-2D3BF5DE051C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {83F324AD-A2D3-42AA-B2AA-30F664D0B875} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8EEE0938-0B8F-4313-9D24-30956E551898} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96277E57-1CEA-4339-A863-1929BB996D55} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A2EE7E54-B655-4F24-8A5E-8CBEC119816D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BF6E50A0-5CBF-4AAD-80D5-BEB4EB21B955} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CF200169-02B4-423F-A6F7-E01EEB217504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

x result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Erszebeth (2016-02-28 20:07:12) Run:1
Running from C:\Users\Erszebeth\Desktop
Loaded Profiles: Erszebeth (Available Profiles: Erszebeth)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\RunOnce: [] => [X]
HKU\S-1-5-21-798431979-707112409-3440404418-1000\...\Run: [Windows 7 Loader 2015 ] => wscript.exe //B "C:\Users\ERSZEB~1\AppData\Local\Temp\Windows 7 Loader 2015 .vbs" <===== ATTENTION
SearchScopes: HKU\S-1-5-21-798431979-707112409-3440404418-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {0667DCDF-B4EF-49FB-9562-6C59D344E70F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0C7D43F8-1429-43F8-9E9C-61A1655A8966} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {198D524B-C667-48E3-80CB-8F7E6BFEB099} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3F424098-C827-4501-8D12-8B5820816EA6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {403161D6-432C-4A1D-8524-39DD41459310} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {546E8FE2-1A2D-4EEF-8687-2D3BF5DE051C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {83F324AD-A2D3-42AA-B2AA-30F664D0B875} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8EEE0938-0B8F-4313-9D24-30956E551898} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96277E57-1CEA-4339-A863-1929BB996D55} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A2EE7E54-B655-4F24-8A5E-8CBEC119816D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BF6E50A0-5CBF-4AAD-80D5-BEB4EB21B955} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CF200169-02B4-423F-A6F7-E01EEB217504} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
HKU\S-1-5-21-798431979-707112409-3440404418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows 7 Loader 2015 => value removed successfully
"HKU\S-1-5-21-798431979-707112409-3440404418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0667DCDF-B4EF-49FB-9562-6C59D344E70F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0667DCDF-B4EF-49FB-9562-6C59D344E70F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C7D43F8-1429-43F8-9E9C-61A1655A8966}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C7D43F8-1429-43F8-9E9C-61A1655A8966}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{198D524B-C667-48E3-80CB-8F7E6BFEB099}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198D524B-C667-48E3-80CB-8F7E6BFEB099}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F424098-C827-4501-8D12-8B5820816EA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F424098-C827-4501-8D12-8B5820816EA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{403161D6-432C-4A1D-8524-39DD41459310}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{403161D6-432C-4A1D-8524-39DD41459310}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{546E8FE2-1A2D-4EEF-8687-2D3BF5DE051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{546E8FE2-1A2D-4EEF-8687-2D3BF5DE051C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83F324AD-A2D3-42AA-B2AA-30F664D0B875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83F324AD-A2D3-42AA-B2AA-30F664D0B875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EEE0938-0B8F-4313-9D24-30956E551898}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EEE0938-0B8F-4313-9D24-30956E551898}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96277E57-1CEA-4339-A863-1929BB996D55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96277E57-1CEA-4339-A863-1929BB996D55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2EE7E54-B655-4F24-8A5E-8CBEC119816D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2EE7E54-B655-4F24-8A5E-8CBEC119816D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6E50A0-5CBF-4AAD-80D5-BEB4EB21B955}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6E50A0-5CBF-4AAD-80D5-BEB4EB21B955}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF200169-02B4-423F-A6F7-E01EEB217504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF200169-02B4-423F-A6F7-E01EEB217504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

==== End of Fixlog 20:07:14 ====

Smazáno. Nastala nějaká změna?

Zkusil jsem 3 flešky, všechny šlapou bez problému a vystražných hlášení. Děkuji za pomoc a vaši profesionalitu. čím jsem to zprasil, tím Windows 7 loaderem?

Možná ano, i když možností je více. Nemáte zač!