Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Znikający wiersz poleceń Windows 10

mint432 12 Sty 2019 19:46 111 4
  • #2 12 Sty 2019 23:46
    fotomh-s
    Poziom 18  

    Cytat:
    (SoundMixer) C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe

    Ponoć ten proces to miner. Używa Twojego kompa do kopania kryptowalut. Wyślij ten plik do jakiegoś internetowego skanera wirusów dla pewności.
    Chociażby tutaj: https://www.virustotal.com/pl/

    0
  • #3 12 Sty 2019 23:59
    RADU23
    Moderator - Komputery Serwis

    @mint432
    Otwórz notatnik i wklej zawartość:

    Cytat:
    HKU\S-1-5-21-488430010-3958336729-2395324283-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-488430010-3958336729-2395324283-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    CHR HKU\S-1-5-21-488430010-3958336729-2395324283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po tym wykonaj skanowanie MBAM oraz ADWcleaner i usuń wszystko co wykryją
    https://www.malwarebytes.com/dl-confirm/
    http://www.bleepingcomputer.com/download/adwcleaner/

    0
  • #4 13 Sty 2019 00:06
    Kolobos
    Spec od komputerów

    @fotomh-s to infekcja, nie trzeba sprawdzac tylko usunac.

    @mint432 wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {2B80CAC3-8C64-475F-A25F-E5058483C288} - System32\Tasks\{96FC97F0-0C94-4776-ABBB-24610FCFE7C1} => E:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2018-01-30] (Panda Security, S.L.)
    Task: {47C303A6-3C34-4D91-92E0-FFDA89CD6B84} - no filepath
    Task: {4BA3A384-A520-4FD7-AE87-78B2A0C71402} - System32\Tasks\DriverToolkit Autorun => E:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    Task: {4FC9C625-C17C-4867-AC01-1ED52D00279D} - no filepath
    Task: {542898B3-00BD-4DE0-AEF4-582A37EDE746} - no filepath
    Task: {C0D43A26-9B99-4BAD-BE86-2368D66CFBD3} - System32\Tasks\Opera scheduled Autoupdate 1461254599 => C:\Program Files (x86)\Opera\launcher.exe [2019-01-09] (Opera Software)
    Task: {CF64C4B4-E757-42FA-9D29-7EBC12F24B02} - no filepath
    Task: {F3D71952-FCEB-4B9A-BAD1-887A8E9324D3} - no filepath
    Task: {F5ECAA55-905C-4F45-914A-5EBD18CB45A6} - no filepath
    Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => E:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    Task: C:\WINDOWS\Tasks\{96FC97F0-0C94-4776-ABBB-24610FCFE7C1}.job => E:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
    (SoundMixer) C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
    (© 2015 Microsoft Corporation) C:\Users\Admin_PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (SoundMixer) C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe
    HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SysWOW64\userinit.exe,
    HKU\S-1-5-21-488430010-3958336729-2395324283-1001\...\Run: [BingSvc] => C:\Users\Admin_PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-488430010-3958336729-2395324283-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    ShellServiceObjects: No Name -> {59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} =>
    ShellServiceObjects-x32: No Name -> {59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} =>
    Startup: C:\Users\Admin_PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-06-29]
    ShortcutTarget: Curse.lnk -> C:\Users\Admin_PC\AppData\Roaming\Curse Client\Bin\Curse.exe (No File)
    C:\Users\Admin_PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\neajcpkhiinpmcadldefpcfhgcbglgbi
    CHR Extension: (FunSafeTab) - C:\Users\Admin_PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\neajcpkhiinpmcadldefpcfhgcbglgbi [2017-04-19]
    CHR HKU\S-1-5-21-488430010-3958336729-2395324283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-04-21] (Basil Projects)
    2019-01-08 23:29 - 2019-01-08 23:29 - 000000020 ___SH C:\Users\Admin_PC\ntuser.ini
    2019-01-08 23:27 - 2019-01-11 13:35 - 000004008 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1461254599
    2019-01-08 23:27 - 2019-01-08 23:28 - 000002726 _____ C:\WINDOWS\System32\Tasks\{96FC97F0-0C94-4776-ABBB-24610FCFE7C1}
    2019-01-08 21:23 - 2019-01-12 18:12 - 004712448 _____ (SoundMixer) C:\Users\Admin_PC\AppData\Roaming\Launcher_01.exe
    C:\Users\Admin_PC\AppData\Roaming\Microsoft\SoundMixer\
    2019-01-08 21:23 - 2019-01-12 18:12 - 004712448 _____ (SoundMixer) C:\Users\Admin_PC\AppData\Roaming\Launcher_01.exe
    C:\Windows\Tasks\{96FC97F0-0C94-4776-ABBB-24610FCFE7C1}.job

    0
  • #5 13 Sty 2019 22:39
    mint432
    Poziom 2  

    Dziękuję, wszystkim za pomoc temat do zamknięcia.
    Znikający wiersz poleceń Windows 10

    0