Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

[Solved] Zainfekowany komputer po instalacji programu - obciążenie przez proces dll-propagation

Karolekkawa 22 Sep 2021 17:28 309 3
| New topic
  • #2
    krzychupar
    Level 43  
    Otwórz notatnik i wklej:

    CloseProcesses:
    CreateRestorePoint:
    Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.51.0 - RCS LT) Hidden
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\dllservices.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\Rodzina 500\AppData\Local\Temp\1xq0MkKMTM0YtEl1JnXJ2x0ArfP\dll-propagation.exe <3>
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=IT201116&iDate=2021-09-20 04:08:29&iid=6ec04a3a-91d5-403a-b342-3bcdb05d260a&bName=
    SearchScopes: HKU\S-1-5-21-3609781110-749929545-1924397060-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
    HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [1705088 2021-08-20] (RCS LT, UAB -> RCS LT)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\Run: [electron.app.dllservices] => C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\dllservices.exe [63924677 2021-09-20] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu]
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\MountPoints2: {a73b67e5-d24b-11eb-a6c5-08606e7fd117} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    Task: {6F73FC4E-651F-46D8-876A-C31E84C0BF2A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
    S3 fiddrv64; Brak ImagePath
    U5 UnlockerDriver5; C:\Users\Rodzina 500\AppData\Local\Temp\Rar$EXa11132.24246\x64\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> ) <==== UWAGA
    S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
    S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
    2021-09-22 04:25 - 2021-09-22 04:25 - 000000000 ____D C:\Users\Rodzina 500\Downloads\FRST-OlderVersion
    2021-09-22 03:56 - 2021-09-22 03:56 - 000000000 ____D C:\Users\Rodzina 500\AppData\Roaming\dll-propagation
    2021-09-22 03:55 - 2021-09-22 03:55 - 000000000 ____D C:\Users\Rodzina 500\AppData\Roaming\dllservices
    2021-09-22 03:37 - 2021-09-22 03:39 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
    2021-09-22 03:37 - 2021-09-22 03:37 - 000001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
    2021-09-22 03:37 - 2021-09-22 03:37 - 000001961 _____ C:\Users\Public\Desktop\Combo Cleaner.lnk
    2021-09-22 03:37 - 2021-09-22 03:37 - 000000000 ____D C:\Users\Rodzina 500\AppData\Local\RCS_LT
    2021-09-22 03:37 - 2021-09-22 03:37 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu odinstaluj Combo Cleaner
  • #3
    Kolobos
    IT specialist
    Odinstaluj: Combo Cleaner

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\dllservices.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\Rodzina 500\AppData\Local\Temp\1xq0MkKMTM0YtEl1JnXJ2x0ArfP\dll-propagation.exe <3>
    (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\Rodzina 500\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\dllservices.exe <4>
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=IT201116&iDate=2021-09-20 04:08:29&iid=6ec04a3a-91d5-403a-b342-3bcdb05d260a&bName=
    SearchScopes: HKU\S-1-5-21-3609781110-749929545-1924397060-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
    HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [1705088 2021-08-20] (RCS LT, UAB -> RCS LT)
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\Run: [electron.app.dllservices] => C:\Users\Rodzina 500\AppData\Roaming\.dllbackups\dllservices.exe [63924677 2021-09-20] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu]
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-3609781110-749929545-1924397060-1001\...\MountPoints2: {a73b67e5-d24b-11eb-a6c5-08606e7fd117} - "E:\HiSuiteDownLoader.exe"
    Task: {6F73FC4E-651F-46D8-876A-C31E84C0BF2A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
    Task: {C2923D08-8916-4203-80D6-FD4170C67A9C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 164C5F8653AEC128 => C:\Users\Rodzina 500\AppData\Local\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-08] (Mozilla Corporation -> Mozilla Foundation)
    FF user.js: detected! => C:\Users\Rodzina 500\AppData\Roaming\Mozilla\Firefox\Profiles\6k2dox9o.default\user.js [2021-08-06]
    FF user.js: detected! => C:\Users\Rodzina 500\AppData\Roaming\Mozilla\Firefox\Profiles\l2kpvzsf.default-release-1625697509300\user.js [2021-08-06]
    S3 fiddrv64; Brak ImagePath
    S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
    S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
    2021-09-22 04:25 - 2021-09-22 04:25 - 000000000 ____D C:\Users\Rodzina 500\Downloads\FRST-OlderVersion
    2021-09-22 03:56 - 2021-09-22 03:56 - 000000000 ____D C:\Users\Rodzina 500\AppData\Roaming\dll-propagation
    2021-09-22 03:55 - 2021-09-22 03:55 - 000000000 ____D C:\Users\Rodzina 500\AppData\Roaming\dllservices
    2021-09-22 03:37 - 2021-09-22 03:39 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
    2021-09-22 03:37 - 2021-09-22 03:37 - 000001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
    2021-09-22 03:37 - 2021-09-22 03:37 - 000001961 _____ C:\Users\Public\Desktop\Combo Cleaner.lnk
    2021-09-20 18:07 - 2021-09-20 18:07 - 000000000 ____D C:\Users\Rodzina 500\AppData\Roaming\Ookla
    2021-09-20 18:07 - 2021-09-20 18:07 - 000000000 ____D C:\Users\Rodzina 500\AppData\Local\AdvinstAnalytics
    2021-09-20 18:07 - 2021-09-20 18:07 - 000000000 ____D C:\Program Files (x86)\AW Manager
    2021-09-20 18:07 - 2021-07-06 22:20 - 000000000 ___HD C:\Users\Rodzina 500\AppData\Roaming\.dllbackups
    EmptyTemp:
  • #4
    Karolekkawa
    Level 2  
    Działa. 5. Dzięki
| New topic