Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mail.ru - proszę o przejrzenie logów

karolkustron 27 Lut 2018 19:24 165 2
  • Pomocny post
    #2 27 Lut 2018 19:49
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {32120FC7-E3C2-450A-BFA8-CC7E63E5BE3F} - System32\Tasks\{D3D44CAB-9B13-4517-AFBC-E056684A2888} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\HASP\hinstall.exe" -d "C:\Program Files (x86)\HASP\" -c -info
    Task: {5847224A-88A8-4F9C-80ED-5561B812937A} - System32\Tasks\curls => C:\Users\Karol\AppData\Roaming\curl\curl.exe <==== UWAGA
    Task: {89F6BDB3-DD7F-44DB-A483-B93B4274F193} - System32\Tasks\curl => C:\Users\Karol\AppData\Roaming\curl\curl_7_54.exe [2018-01-31] (curl, hxxps://curl.haxx.se/) <==== UWAGA
    C:\Users\Karol\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
    ShortcutWithArgument: C:\Users\Karol\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://emwesug.ru/?utm_source=startlink03&utm_content=202ba20fdc4264d4e41b5707c84a7478&utm_term=58871F040E611A89437C64FB106EE0CA&utm_d=20180131"
    () C:\Windows\Microsoft\svchost.exe
    C:\Windows\Microsoft\svchost.exe
    (© 2015 Microsoft Corporation) C:\Users\Karol\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\Run: [BingSvc] => C:\Users\Karol\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\Run: [rkndjczuxp] => explorer "hxxp://emwesug.ru/?utm_source=uoua03&utm_content=2f43e5543a908075443ddee16a929830&utm_term=58871F040E611A89437C64FB106EE0CA&utm_d=20180131" <==== UWAGA
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {04dd6750-6d0d-11e6-a945-806e6f6e6963} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {0607c115-e133-11e3-8d4c-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {69e64ef8-4e66-11e5-9688-aab609420a8b} - F:\AutoRun.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {73ff9926-b70c-11e6-a9d4-f48caa023d6d} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {7e6367a4-93ef-11e7-b836-2089845c205a} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\...\MountPoints2: {83465400-8c64-11e4-8994-2089845c205a} - F:\LGAutoRun.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-3734145384-859898746-2856569002-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp




    SearchScopes: HKU\S-1-5-21-3734145384-859898746-2856569002-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BCCE00F50-795F-4FBE-B1C2-97175F691FFB%7D&gp=811014
    SearchScopes: HKU\S-1-5-21-3734145384-859898746-2856569002-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3734145384-859898746-2856569002-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BCCE00F50-795F-4FBE-B1C2-97175F691FFB%7D&gp=811014
    FF NewTabOverride: Mozilla\Firefox\Profiles\5vmkdzj6.default -> Disabled: homepage(malpa)mail.ru
    FF SearchPlugin: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\5vmkdzj6.default\searchplugins\bing-.xml [2017-01-12]
    CHR HomePage: Default -> msn.com
    CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811013"
    C:\Users\Karol\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jnoejnlbkbnckikbkmnpippafneemknp
    CHR Extension: (Brak nazwy) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jnoejnlbkbnckikbkmnpippafneemknp [2018-01-31]
    CHR HKU\S-1-5-21-3734145384-859898746-2856569002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3734145384-859898746-2856569002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3734145384-859898746-2856569002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3734145384-859898746-2856569002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3734145384-859898746-2856569002-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dloebpogmbloiggbbkganacecpobmlde] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
    R2 AppFrameHost; C:\Windows\system32\AppFrameHost.exe [960512 2018-01-31] () [Brak podpisu cyfrowego]
    R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    2018-02-25 18:23 - 2018-02-27 18:26 - 000000000 ____D C:\AdwCleaner
    2018-02-10 09:04 - 2018-02-10 09:04 - 000000000 _____ C:\autoexec.bat
    2018-01-31 10:26 - 2018-01-31 10:26 - 000000000 ____D C:\Users\Karol\AppData\Local\Chromium
    2018-01-31 10:24 - 2018-02-26 21:32 - 000000000 ____D C:\Users\Karol\AppData\Roaming\curl
    2018-01-31 10:24 - 2018-01-31 12:02 - 000000000 ____D C:\Users\Karol\AppData\Local\yc
    2018-01-31 10:24 - 2018-01-31 10:28 - 000960512 _____ C:\Windows\system32\AppFrameHost.exe
    2018-01-31 10:24 - 2018-01-31 10:24 - 000003532 _____ C:\Windows\System32\Tasks\curl
    2018-01-31 10:24 - 2018-01-31 10:24 - 000003322 _____ C:\Windows\System32\Tasks\curls
    2018-01-31 10:15 - 2018-01-31 10:15 - 000000000 ____D C:\Program Files (x86)\PAaFRntpKTdU2wavkxiqbyt
    2018-01-31 10:15 - 2018-01-31 10:15 - 000000000 ____D C:\Program Files (x86)\OahiAhLMPlKqCwavkxiqbyt
    2018-01-31 10:15 - 2018-01-31 10:15 - 000000000 ____D C:\Program Files (x86)\jtPeraHZWlxuYtVRBkRwavkxiqbyt
    2018-01-31 10:15 - 2018-01-31 10:15 - 000000000 ____D C:\Program Files (x86)\EIVqbhZCUwavkxiqbyt
    2018-01-31 10:06 - 2018-01-31 10:06 - 000000503 _____ C:\Users\Karol\Downloads\windows-loader-by-daz______akeevka.torrent
    2018-01-30 16:49 - 2018-01-30 16:49 - 001647364 _____ ( ) C:\Users\Karol\Downloads\pobierz_Rufus_32-64-bit_wersja_stabilna_V2.18_0679435255.exe
    2018-02-22 17:41 - 2014-06-24 16:44 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2016-03-25 12:28 - 2013-04-05 18:28 - 004444160 ____R (Microsoft Corporation) C:\Program Files (x86)\AoK HD.exe
    EmptyTemp:

    0
  • #3 28 Lut 2018 08:03
    karolkustron
    Poziom 2  

    Dziękuję za pomoc

    0