Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Orange - Ransomware.Locky, prosze o sprawdzenie logow

schafff 19 Sie 2016 17:33 690 1
  • #1 19 Sie 2016 17:33
    schafff
    Poziom 1  

    Witam, jestem abonentem Orange, dzis okolo godziny temu cybertarcza orange zablokowala mi internet, ze wzgledu ransomware.locky, ktorego polaczenie zablokowala. Zrobilem skan, prosilbym o sprawdzenie logow

    0 1
  • #2 19 Sie 2016 18:49
    krzychupar
    Poziom 40  

    Odinstaluj:
    Price Metar (remove only) (HKU\S-1-5-21-3374929210-149855154-3371010479-1001\...\Price Metar) (Version: 1.0.6.3 - Price Meter) <==== UWAGA
    Price Metar (remove only) (HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Price Metar) (Version: 1.0.6.3 - Price Meter) <==== UWAGA
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.4.2 - Reimage) <==== UWAGA
    Update for PriceMeter (HKU\S-1-5-21-3374929210-149855154-3371010479-1001\...\PriceMeterUpdater) (Version: - Update for PriceMeter) <==== UWAGA
    Yahoo! Search (HKU\S-1-5-21-3374929210-149855154-3371010479-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== UWAGA
    Yahoo! Search (HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== UWAGA

    Otwórr notatniok i wklej:
    HKU\S-1-5-21-3374929210-149855154-3371010479-1004\...\MountPoints2: {94ae90b6-3f20-11e6-bf7d-3085a9a99847} - "G:\HiSuiteDownLoader.exe"
    Task: {09865666-C863-48CD-8AEE-27B9A827E6EA} - \WPD\SqmUpload_S-1-5-21-3374929210-149855154-3371010479-1001 -> Brak pliku <==== UWAGA
    Task: {132592A9-7147-4E36-9924-2BA888EB3162} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {30F33072-289D-4CAF-BDE4-460E36D41112} - System32\Tasks\Opera scheduled Autoupdate 1406208986 => C:\Users\MAGIXVIDEO\AppData\Local\Programs\Opera\launcher.exe [2016-08-03] (Opera Software)
    Task: {352522AE-A8A9-4BFF-9D77-31C0101DC997} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {5978CD22-A852-460E-AD3E-FB8E3535239B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {5DC22725-3423-48D5-9126-068AA4E23918} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {6A8195DB-6246-489D-843C-9FFCBA0FBCE8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {7FD9457D-EADC-496D-B558-9C5EED5DD420} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {86751222-0C5E-479C-B9B4-1E52A59FC9A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {9978351F-7C06-4EEC-B969-02686C619912} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {9BBBF304-26EE-4446-8385-9945B6B749F1} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-07-24] (Reimage ltd.) <==== UWAGA
    Task: {A76B8785-C0A4-4103-A83D-222138E87755} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {BBDEBF9D-1893-495B-9EFC-BA430CE8ACD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {C43EB0B5-2D51-431E-A35E-803B4906D954} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA




    Task: {DA67A4B9-3120-44E7-8CF6-597BCF960F42} - \WPD\SqmUpload_S-1-5-21-3374929210-149855154-3371010479-1004 -> Brak pliku <==== UWAGA
    Task: {F0EA3C21-0A55-4512-8F44-B0B78D3B2058} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-08-18] (Reimage®) <==== UWAGA
    Shortcut: C:\Users\MAGIXVIDEO\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
    Shortcut: C:\Users\MAGIXVIDEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com/
    ShortcutTarget: AdFender.lnk -> C:\Users\MAGIXVIDEO\Desktop\AdFender\AdFender.exe (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=C...SP103437A0-76F8-41BA-BA2C-C6DF92C34AEA&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.conduit.com/Results.aspx?ctid=C...SP103437A0-76F8-41BA-BA2C-C6DF92C34AEA&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1004 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    SearchScopes: HKU\S-1-5-21-3374929210-149855154-3371010479-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Brak pliku
    FF Keyword.URL:
    FF SelectedSearchEngine: Google
    FF DefaultSearchEngine: Google
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
    FF Extension: Brak nazwy - C:\Users\MAGIXVIDEO\AppData\Roaming\Mozilla\Firefox\Profiles\xo8wdgjh.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [nie znaleziono]
    FF Extension: Brak nazwy - C:\Users\MAGIXVIDEO\AppData\Roaming\Mozilla\Firefox\Profiles\xo8wdgjh.default\extensions\detgdp@gmail.com [nie znaleziono]
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension => nie znaleziono
    FF HKU\S-1-5-21-3374929210-149855154-3371010479-1001\...\Firefox\Extensions: [{86C49D36-C806-9725-781F-AA2BF51F530C}] - C:\Program Files (x86)\PassShow-soft\161.xpi => nie znaleziono
    FF HKU\S-1-5-21-3374929210-149855154-3371010479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{86C49D36-C806-9725-781F-AA2BF51F530C}] - C:\Program Files (x86)\PassShow-soft\161.xpi => nie znaleziono
    StartMenuInternet: (HKLM) OperaStable - C:\Users\MAGIXVIDEO\AppData\Local\Programs\Opera\Launcher.exe
    C:\Users\MAGIXVIDEO\update-Outlast.bat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw

    0