Skocz do zawartości

Szyman

Użytkownicy
  • Postów

    5
  • Dołączył

  • Ostatnia wizyta

Odpowiedzi opublikowane przez Szyman

  1. 41 minut temu, jessica napisał:

    Jest infekcja, choć jakaś niepełna.

     

    1) Odinstaluj:

     

    2)

    Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
    Otworzy się Notatnik - wklej do niego:

      Pokaż ukrytą zawartość

    HKU\S-1-5-21-4270790844-3150635915-1163093745-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
    HKLM-x32\...\Run: [RazerCortex] => "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun (Brak pliku)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    GroupPolicy: Ograniczenia ? <==== UWAGA
    Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {E09B3BE5-B547-4453-B5F9-BFF1C47EF2C0} - System32\Tasks\snp => C:\ProgramData\Voyasollam\Voyasollam.exe -> shuz -f "C:\ProgramData\Voyasollam\Whitelux.dat" -a SNP https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFWemonetize&co=PL&userid=ec6a11a7-24d9-065e-bd15-53e1a8f3769b&searchtype=sc&installDate=31.08.2020&barcodeid=51557004&channelid=4&av=avast snp
    Task: {855C19C0-6C4B-479F-927D-327DD29B9C6A} - System32\Tasks\sne => C:\ProgramData\Voyasollam\Voyasollam.exe -> shuz -f "C:\ProgramData\Voyasollam\Whitelux.dat" -a SNE "https://feed.sonic-search.com/?publisher=APSFWemonetize&co=PL&userid=ec6a11a7-24d9-065e-bd15-53e1a8f3769b&searchtype=ds&q={searchTerms}&installDate=31.08.2020&barcodeid=51557004&channelid=4&av=avast& --load-extension=\"C:\Users\Intel\AppData\Local\app\"" sne
    Task: {30141197-5970-45F3-BA5C-69835E648D13} - System32\Tasks\snf => C:\ProgramData\Voyasollam\Voyasollam.exe -> shuz -f "C:\ProgramData\Voyasollam\Whitelux.dat" -a SNF C:\ProgramData\Voyasollams\snp.sc snf
    RemoveDirectory: C:\ProgramData\Voyasollam
    CHR NewTab: Default ->  Not-active:"chrome-extension://bhoagceacaklimpcejjofabngcjkebfg/index.html"
    S3 mracsvc; C:\Windows\System32\mracsvc.exe [17442456 2019-07-29] (Mail.Ru LLC -> LLC Mail.Ru)
    S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16678400 2019-07-29] (Mail.Ru LLC -> LLC Mail.Ru)
    C:\Windows\System32\mracsvc.exe
    C:\WINDOWS\System32\drivers\mracdrv.sys
    S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
    S3 FACEITService; "C:\Program Files\FACEIT AC\faceitservice.exe" [X]
    2020-08-31 18:58 - 2020-08-31 18:58 - 000071712 _____ () C:\Users\Intel\AppData\Local\Config.xml
    2020-08-31 18:58 - 2020-08-31 18:58 - 002175482 _____ () C:\Users\Intel\AppData\Local\EcoSanity.tst
    2020-08-31 18:58 - 2020-08-31 18:58 - 000016464 _____ () C:\Users\Intel\AppData\Local\InstallationConfiguration.xml
    2020-08-31 18:58 - 2020-08-31 18:58 - 000141312 _____ () C:\Users\Intel\AppData\Local\installer.dat
    2020-08-31 18:58 - 2020-08-31 18:58 - 000126464 _____ () C:\Users\Intel\AppData\Local\lobby.dat
    2020-08-31 18:58 - 2020-08-31 18:58 - 000018432 _____ () C:\Users\Intel\AppData\Local\Main.dat
    2020-08-31 18:58 - 2020-08-31 18:58 - 000005568 _____ () C:\Users\Intel\AppData\Local\md.xml
    2020-08-31 18:58 - 2020-08-31 18:58 - 000126464 _____ () C:\Users\Intel\AppData\Local\noah.dat
    2020-08-31 18:58 - 2020-08-31 18:58 - 000067937 _____ () C:\Users\Intel\AppData\Local\Topplus.tst
    ShortcutWithArgument: C:\Users\Intel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-Dt0YgrCWlD5-a8psOIHJGigaPw0nLyg-qqfxF4qKqYolRbSecpN6cxE7sGVSvH-NoHD1xAI1o2tEWNNN_4KUu6QEPxrEltbr285Q4R4UgECYufziF13sNL4JueBmTcQvolY52QH-tGkHdJELkwLZLH4EA,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4270790844-3150635915-1163093745-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-Dt0YgrCWlD5-a8psOIHJGigaPw0nLyg-qqfxF4qKqYolRbSecpN6cxE7sGVSvH-NoHD1xAI1o2tEWNNN_4KUu6QEPxrEltbr285Q4R4UgECYufziF13sNL4JueBmTcQvolY52QH-tGkHdJELkwLZLH4EA,&q={searchTerms}
    FirewallRules: [{B47D1D49-D408-4BD6-B070-13EE4B791161}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Brak pliku
    FirewallRules: [{626ACB06-47F8-44B9-9F24-E06D73983A8C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Brak pliku
    FirewallRules: [{EBD92B6A-8829-43E6-9613-24CBF5D91DEC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
    FirewallRules: [{1770FEB2-752D-48D0-A77B-E7173565CC9E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
    FirewallRules: [{4EB922DA-B50B-44B3-9A03-4D4FD518CDA8}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯潜捃敎攮數 => Brak pliku
    FirewallRules: [{7AB9C209-BFD7-4EC1-8A4C-FF1515777D1B}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯捜牨浯摥楲敶⹲硥e => Brak pliku
    FirewallRules: [{33B18C47-3626-443C-9048-4528957B909B}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯䍜牨浯履灁汰捩瑡潩屮桃潲敭攮數 => Brak pliku
    FirewallRules: [{9A96630D-4DEA-4D3F-B9A0-1D62A8C3DCFE}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯煜㕩⹋硥e => Brak pliku
    FirewallRules: [{B86CDD1A-B503-401B-B8CD-942DC9F5CF46}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯潜捃敎攮數 => Brak pliku
    FirewallRules: [{AD03FCAD-46CF-44C5-A917-57947F2F0D34}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯捜牨浯摥楲敶⹲硥e => Brak pliku
    FirewallRules: [{17233528-35D2-43A4-9B14-E524AD8907CB}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯䍜牨浯履灁汰捩瑡潩屮桃潲敭攮數 => Brak pliku
    FirewallRules: [{5C880E5D-B73B-4864-90D0-1976E849100F}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯煜㕩⹋硥e => Brak pliku
    FirewallRules: [{E82FE8DA-6401-4592-BD29-3B14D882B4CE}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯潜捃敎攮數 => Brak pliku
    FirewallRules: [{1341E363-3E73-4DBD-B533-A71BE52FAFA2}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯捜牨浯摥楲敶⹲硥e => Brak pliku
    FirewallRules: [{51DA8745-E9B8-4E25-A39E-907E1E563A58}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯䍜牨浯履灁汰捩瑡潩屮桃潲敭攮數 => Brak pliku
    FirewallRules: [{374B73C7-F3F2-4A29-8626-8449BFF5A8EC}] => (Allow) 㩃啜敳獲䥜瑮汥䅜灰慄慴剜慯業杮瑜捯煜㕩⹋硥e => Brak pliku
    Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
    EmptyTemp:

    Na klawiaturze naciśnij jednocześnie CTRL + S.
    W FRST kliknij na Fix (NAPRAW).

     

    3) Zrób nowe logi FRST.

     

    jessi

    jak odisntalowac to ?

     

     

×
×
  • Dodaj nową pozycję...