Proszę o pomoc - problemy z językiem strony (Facebook)
#1
Prawdopodobnie trojan facebook samoczynnie przeskoczyl na jezyk hiszpanski Sad Wesolych Swiat, Dziekuje Bardzo z Gory Smile


Załączone pliki
.txt   Shortcut.txt (Rozmiar: 45,57 KB / Pobrań: 116)
.txt   FRST.txt (Rozmiar: 70,9 KB / Pobrań: 84)
.txt   Addition.txt (Rozmiar: 35,78 KB / Pobrań: 110)
Odpowiedz
#2
Napisz do jakiegoś moderatora o przeniesienie tematu do działu @Pomoc po zainfekowaniu.
Tam edytuj post i wstaw brakujące logi.
SSFW + Sbie
Odpowiedz
#3
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351505018&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351515018&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351525019&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351525019&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351535019&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351535019&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-2286393275-2221825981-1864126036-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351515018&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-2286393275-2221825981-1864126036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935320351515018&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2286393275-2221825981-1864126036-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2286393275-2221825981-1864126036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
FF NetworkProxy: "type", 4
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [Brak podpisu cyfrowego]
S2 CyberLink PowerDVD 13 Media Server Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe" [X]
S2 CyberLink PowerDVD 13 Media Server Service; "C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe" [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; \??\C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [X]
C:\AdwCleaner
C:\temp
Task: {0710E9DB-B54D-438C-BF5E-F1A525D3A6B3} - System32\Tasks\{4D149841-84F9-4D6B-82AF-E0492021CE42} => pcalua.exe -a C:\Brother\mflpro\Data\Disk1\setup.exe -d C:\Brother\mflpro\Data\Disk1
Task: {239BFEEA-1217-4B9D-ACFF-FC331CE54044} - System32\Tasks\Driver Booster SkipUAC (Krzysiek) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {309DEBE5-C6B4-4DD3-85AA-E2E36A4CB516} - System32\Tasks\{3CB070F3-567F-4853-9A0E-C5CF16F50B1F} => pcalua.exe -a E:\Network\Rtl8139\Vista\setup.exe -d E:\Network\Rtl8139\Vista
Task: {50E829D1-D4D6-4FD8-A411-06B86559A875} - System32\Tasks\{DB99425C-26A9-41D5-B7A7-39C4000BCA95} => pcalua.exe -a E:\Network\Atheros\setup.exe -d E:\Network\Atheros
Task: {519CE688-385E-43B1-BB72-A934E4932DB5} - System32\Tasks\{83AB83D2-603E-40B5-8465-F4E235124A24} => pcalua.exe -a E:\Network\Rtl8139\Drivers\Setup.exe -d E:\Network\Rtl8139\Drivers
Task: {82C7C4EE-897A-4A81-8F34-B0D7D5E22A39} - System32\Tasks\{67CA2CC8-FFA2-4DCE-A118-1298A58AFA41} => pcalua.exe -a C:\Users\Krzysiek\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe -d C:\Users\Krzysiek\Downloads
Task: {9665FE09-C62C-413C-913E-AAB2B371B3E2} - System32\Tasks\{C08BC096-441E-413A-91C0-4302DF89C237} => pcalua.exe -a E:\Network\Intel\Autorun.exe -d E:\Network\Intel
Task: {CD5F5F25-9B88-40F7-80C0-9F83D7A52308} - System32\Tasks\{E349E93A-170E-4394-94C6-F7B25E3081B6} => pcalua.exe -a C:\Users\Krzysiek\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe -d C:\Users\Krzysiek\Downloads
Task: {DFF363B6-A2DC-4882-A6C2-A40E824BC91D} - System32\Tasks\{6A8EE60A-CAE2-44F4-8BB3-FD604A395E01} => pcalua.exe -a "C:\Users\Krzysiek\Downloads\Nero 8.3.2.1b Portable\Nero 8.3.2.1b Portable\NeroExpressPortable.exe" -d "C:\Users\Krzysiek\Downloads\Nero 8.3.2.1b Portable\Nero 8.3.2.1b Portable"
Task: {E0D1F5C1-E13B-4DF3-AE52-3EC15E20D9E9} - System32\Tasks\{E41E7CE5-9A5E-40DA-8E43-592A472299E7} => pcalua.exe -a "C:\Users\Krzysiek\Downloads\Nero_8.by.takky\Nero 8.3.6.0 PL\Nero-8.3.6.0_plk.exe" -d "C:\Users\Krzysiek\Downloads\Nero_8.by.takky\Nero 8.3.6.0 PL"
Task: {EDD0B2E5-68FA-4D42-BC5A-E63154B566EB} - System32\Tasks\{C7E784FA-ADD4-4547-B653-F13BA98758AB} => pcalua.exe -a "D:\Programy\Stery Mainboard\Atheros\setup.exe" -d "D:\Programy\Stery Mainboard\Atheros"
Task: {FD29AF0D-40BA-460B-9462-D370DD004A04} - System32\Tasks\{CFF76EEE-8B18-478E-89F2-35C8244F8A8B} => C:\Program Files (x86)\Paint XP\mspaint.exe [2005-02-23] (Microsoft Corporation)
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Napraw. Po wykonaniu pokaż raport z tego działania.

Kaspersky w ostatnim czasie coś też wykrył ? Oczywiście prócz cracków Smile
Odpowiedz
#4
Dziwekuje Panu Bardzo Smile
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 2 gości