Skocz do zawartości

Wolny komputer po infekcji VulkanRT


Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

1) Odinstaluj ten program:

Cytat

Search the Web (Yahoo) (HKLM-x32\...\{1503FDC3-4583-2C43-F403-5CC324838F43}) (Version:  - ) <==== UWAGA

 

2) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

C:\Users\pati_\AppData\Local\xhRvfPtdNr
CHR StartupUrls: Default -> "hxxp://www.global-pl.com/"
RemoveDirectory:
Task: {98157223-DC1B-4C9C-B7F6-1EFDA3DCE9C1} - System32\Tasks\Chromium tatem
Task: C:\WINDOWS\Tasks\Chromium tatem.job => Wscript.exe  C:\ProgramData\{B48871EB-3ECA-FB2D-B80C-656F224EEEA1}\fado.txt <==== UWAGA
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2021-03-16]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Brak pliku)
Edge HomeButtonPage: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> hxxp://www.global-pl.com/
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HOSTS:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-03-29 05:10:33&bName=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> DefaultScope {BF61237C-1EAC-454C-B624-BB80E7E481D8} URL = hxxp://www.global-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {BF61237C-1EAC-454C-B624-BB80E7E481D8} URL = hxxp://www.global-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FirewallRules: [{DAD2FD7D-58FB-4D87-8DD2-7AC1D4C5EF18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku
FirewallRules: [{080C8E36-60BE-414D-89FD-268EDBBBF6A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku
FirewallRules: [{79B2DD67-B578-419D-A2D4-91FD6C9BBE36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{24887DC5-8350-4080-BAA8-FEA6A5FD1630}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{B4A98538-A3A9-4F73-9F64-28D1906CA911}] => (Allow) C:\Users\pati_\AppData\Local\Programs\Opera\52.0.2871.40\opera.exe => Brak pliku
FirewallRules: [{4FDFE447-332A-485C-AEC1-3C6245155994}] => (Allow) C:\Users\pati_\AppData\Local\Programs\Opera\51.0.2830.55\opera.exe => Brak pliku
FirewallRules: [{6B247683-D743-4FC7-BB93-3C823083F27C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{0A471C7F-624B-4BDC-A8C1-D8C1112D32E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{FB46B7DD-2267-494D-9E6A-6982A2213BDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{F8F36016-9E4F-4B57-9AFB-5C3302B2FFB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{767505BB-3F7A-43A2-B3C0-0CD5CBAE0A59}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [{77C123EE-3870-499F-A413-BB116F2ABC35}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [{63591F09-341F-4814-8907-58EB75001130}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => Brak pliku
FirewallRules: [{7A7B4EA8-D3D0-493E-BF28-12BFE1B63376}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => Brak pliku
FirewallRules: [{A28F6B9A-9E82-42BE-BD79-80B9D4FE800F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => Brak pliku
FirewallRules: [{2EA046C8-CBA0-480E-BDA1-7B8243C53803}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL + S.
W FRST kliknij na Fix (NAPRAW).

 

Nic więcej podejrzanego w logach nie widzę.

 

jessi

Odnośnik do komentarza

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1503FDC3-4583-2C43-F403-5CC324838F43}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1503FDC3-4583-2C43-F403-5CC324838F43}
CHR StartupUrls: Default -> "hxxp://www.global-pl.com/"
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL + S.
W FRST kliknij na Fix (NAPRAW).

 

jessi

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...