Mirexks16 Opublikowano 28 Lutego 2020 Zgłoś Udostępnij Opublikowano 28 Lutego 2020 Dzień dobry, po włączeniu komputera na kilka sekund pojawia się czarne okno z rozszerzeniem 32cmd i znika, a gdy próbuję uruchomić cmd również pojawia się na sekundę i znika. Byłbym wdzięczny za pomoc. Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 28 Lutego 2020 Zgłoś Udostępnij Opublikowano 28 Lutego 2020 Jest infekcja SoundModule! Są też inne infekcje. Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y. Otworzy się Notatnik - wklej do niego: Spoiler HKU\S-1-5-21-2727661047-39304191-4070543931-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA HKU\S-1-5-21-2727661047-39304191-4070543931-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundModule.exe" 2>NUL | find /I /N "SoundModule.exe">NUL && exit & if exist "C:\Users\Mirex\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" ( start /MIN "" "C:\Users\Mirex\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA RemoveDirectory: C:\Users\Mirex\AppData\Roaming\Microsoft\SoundModule FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Unlock: HKLM\System\CurrentControlSet\Services\SegurazoIC Unlock: HKLM\System\CurrentControlSet\Services\SegurazoSvc Unlock: HKLM\System\CurrentControlSet\Services\SEGURAZOKD Unlock: C:\Program Files (x86)\Segurazo\SegurazoIC.exe Unlock: C:\Program Files (x86)\Segurazo\SegurazoService.exe Unlock: C:\Program Files (x86)\Segurazo\SegurazoKD.sys Reg: reg delete HKLM\System\CurrentControlSet\Services\SegurazoIC /f Reg: reg delete HKLM\System\CurrentControlSet\Services\SegurazoSvc /f Reg: reg delete HKLM\System\CurrentControlSet\Services\SEGURAZOKD /f HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise HKU\S-1-5-21-2727661047-39304191-4070543931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_08_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtAtCzztB0DyE0A0A0C0EtN0D0Tzu0StBzyyByDtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0E0AtBtCtDtGyC0B0BzztGtByD0FtDtGtAtCtB0AtGtA0EzytAyE0E0BtAyEyC0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztAyE1O1Q1TtCzytG1SyD1P1PtGyEtA1RtDtGzytC1O1TtG1QyDzyyBtCyD1RzyyC1StDzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztByEzytCyBtDyE%26cr%3D120723155%26a%3Dwsg_iorusko0_20_08_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://start.qone8.com/?type=hp&ts=1399747197&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1399799736&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1399807011&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1399961789&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1399994385&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400050981&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400073550&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400091670&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400161534&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400174270&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400179002&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400179705&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400255106&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400312808&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400343136&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400403287&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400559458&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400596442&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400683009&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400769352&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400856785&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400934939&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1400936002&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401007481&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401013364&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401016437&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401028974&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401105606&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401168432&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401198770&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401288531&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401291681&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401297340&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401371216&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401387603&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401463962&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401464709&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401522751&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401537246&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401552312&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401614981&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401618515&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401723204&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1401964361&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402155236&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402155653&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402322410&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402676122&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402678374&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402678528&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402733576&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402829075&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402851017&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402893337&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1402931801&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403078360&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403241342&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403246986&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403269847&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403277480&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403328696&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403434000&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403496718&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403518095&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403533924&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403587489&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403617869&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403674828&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403679755&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403680812&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403869856&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403892945&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1403979789&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404040807&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404061858&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404228786&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404323580&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404472722&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404472796&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404545521&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404637747&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404807268&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404825128&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404826327&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404831681&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1404914034&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405089201&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405090107&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405245420&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://rts.dsrlte.com","hxxp://start.qone8.com/?type=hppp&ts=1405328455&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405331529&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405353684&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405410438&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405418180&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405512459&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR","hxxp://start.qone8.com/?type=hppp&ts=1405514754&from=smt&uid=ST1000DM003-1CH162_W1D32MRRXXXXW1D32MRR" CHR NewTab: Default -> Active:"chrome-extension://bhoagceacaklimpcejjofabngcjkebfg/index.html" CHR Extension: (Search Manager) - C:\Users\Mirex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoagceacaklimpcejjofabngcjkebfg [2020-02-23] CHR Extension: (Search Manager) - C:\Users\Mirex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccfgpamboionigdpfjmijhlgmgdbael [2020-02-23] R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4561616 2019-12-28] (Digital Communications Inc -> Digital Communications Inc) <==== UWAGA R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [187088 2019-12-28] (Digital Communications Inc -> Digital Communications Inc) <==== UWAGA RemoveDirectory: C:\Program Files (x86)\Segurazo R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-12-28] (Digital Communications Inc. -> Digital Communications Inc) <==== UWAGA C:\WINDOWS\Minidump\022*.dmp 2020-02-23 22:02 - 2020-02-26 07:55 - 000000000 ____D C:\Program Files (x86)\Chromium 2020-02-23 22:02 - 2020-02-23 22:02 - 000000000 ____D C:\Users\Mirex\AppData\Roaming\segurazoclient 2020-02-23 22:01 - 2020-02-28 08:04 - 000000000 ____D C:\Program Files (x86)\Segurazo 2020-02-23 22:01 - 2020-02-23 22:02 - 000000000 ____D C:\Users\Mirex\AppData\Local\{F464C238-D0CC-AE80-BD54-8B68993C77F0} 2020-02-23 22:01 - 2020-02-23 22:01 - 000000000 ____D C:\ProgramData\Segurazo 2020-02-23 22:01 - 2020-02-23 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Daj z tego usuwania raport. 2) Masz już Adw-Cleaner - użyj go, i daj z niego raport. 3) Zrób nowe logi FRST. jessi Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się