VIRY.CZ

dobry den, pouzil som kms

malo 6.61mb necakal som ze bude infikovane... po tom co som videl log co to robi som vedel ze je zle...vytvorilo to openvpn zapisalo vynimky do firewallu zmenilo dnska atd...za 20 minut po instalacii ethernet odoslal cca 80gb.... v momente ked som pustil online scan (eset) traficc padol na nulu.... ale nic nanasiel chcem sa spytat ci to ma cenu zacharnovat a ci sa to vobec da ak ma takto natuneloval alebo to radsej pre instalovat? :/ dakujem za info a za ochotu.

frst+addition.rar: (15.93 KiB) Staženo 49 x

Dobry den.

Vy pouzivate aktivator koli nelegalnosti OS? Vecsina tychto aktivatorov su malware.

Dobry den, tak to som nevedel zjavne som to v minulosti tak neriesiel..Os je legalny len som ako poslednu vec po wipe poterboval outlook....co uz takze to preinstalujem najslabsi clanok bezpecnosti som zas raz ja;)

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-28-2021
# Duration: 00:00:07
# OS: Windows 10 Pro
# Scanned: 31959
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [1405 octets] - [28/05/2021 05:37:21]
AdwCleaner[C00].txt - [1595 octets] - [28/05/2021 05:37:44]
AdwCleaner[S01].txt - [1527 octets] - [28/05/2021 05:39:01]
AdwCleaner[C01].txt - [1934 octets] - [28/05/2021 05:39:13]
AdwCleaner[S02].txt - [1649 octets] - [28/05/2021 15:09:50]
AdwCleaner[S03].txt - [1710 octets] - [28/05/2021 15:11:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

Po skenovani som sa nedoakzal dostat na vasu stranku forum.viry.cz - prehliadac napisal ze ide o trojsky kon a ze nedokaze nadviazat spojenie so serverom nasledne som si zapol moju vpn - privatevpn a cez estonsko som sa sem bezproblemov dostal takze to vyzera ze aj ked v logu v podstate nic nie je asi zmenili nastavenia windowsu a som tunelvany niekde cez ich dns...alebo nieco podobne. nvm kazdopadne dakujem za kazdu pomoc.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Program Files (x86)\hik

HKLM-x32\...\Run: [SPUpDateServerrun] => C:\Program Files (x86)\hik\update_server\startUp.exe [27352 2020-07-30] (Hangzhou Ezviz Software Co., Ltd. -> )
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1317024891-3618091197-3869830503-1001\...\MountPoints2: {2f90a81e-bcff-11eb-a323-806e6f6e6963} - "E:\SISetup.exe" 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\hudk2ex1.default [2021-05-25]
FF ProfilePath: C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release [2021-05-28]
FF Extension: (Disconnect) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\2.0@disconnect.me.xpi [2021-05-25]
FF Extension: (Bloody Vikings!) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\bloodyvikings@ffs.bplaced.net.xpi [2021-05-25]
FF Extension: (Cookie AutoDelete) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\CookieAutoDelete@kennydo.com.xpi [2021-05-25]
FF Extension: (Decentraleyes) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2021-05-25]
FF Extension: (Privacy Badger) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-05-25]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-05-25]
FF Extension: (Privacy Possum) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2021-05-25]
FF Extension: (Link Cleaner) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\{6d85dea2-0fb4-4de3-9f8c-264bce9a2296}.xpi [2021-05-25]
FF Extension: (Smart HTTPS) - C:\Users\FUCKING SIS\AppData\Roaming\Mozilla\Firefox\Profiles\pf82ecmm.default-release\Extensions\{b3e677f4-1150-4387-8629-da738260a48e}.xpi [2021-05-25]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BC62BB00-1461-480B-A739-896C315D865E}F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe => No File
FirewallRules: [UDP Query User{F1DFDDD0-29B3-42EB-AC29-E4DEA7A33FDF}F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe => No File
FirewallRules: [TCP Query User{B1247EF7-123F-475F-9A5C-B23DE0BBE75F}F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [UDP Query User{7C89703F-B7D8-4F70-890B-9FA7DF390F8E}F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [TCP Query User{965B4EA2-21E5-4354-8986-803863BB74FD}F:\hikvision\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [UDP Query User{B22DAA08-7237-43D0-A8B4-8EE1BE357BDD}F:\hikvision\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\hikvision\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [TCP Query User{A5DD6082-0128-482C-B73F-3E55BF3C95E8}F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [UDP Query User{2FF03DB5-24F1-488A-B643-2072AC59841E}F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [TCP Query User{0F81CE39-6766-4CA3-AA54-2D564EB21FE3}F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [UDP Query User{0E5CF701-6568-4153-AAEB-983A4062E234}F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 ac\ivms-4200 ac client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [TCP Query User{81ADDBE7-C38C-45EF-A0B8-18EEFCAE7C31}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe => No File
FirewallRules: [UDP Query User{9C1A0210-5959-4214-BB35-1674BD0B750E}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe => No File
FirewallRules: [TCP Query User{F70A784D-E195-49BE-81B0-B9539CF72D1B}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [UDP Query User{8D5A27EB-3B32-4138-B72E-E26B82B6C846}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe => No File
FirewallRules: [TCP Query User{677EA5A1-2E2C-4FC8-AD0B-8458F101E1B7}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [UDP Query User{CD0813C4-01EE-4063-853F-2F80CEF33A66}F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) F:\ivms-4200alarmpicture\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe => No File
FirewallRules: [TCP Query User{3E6020F8-6FC0-4BF4-8721-4CD124CB390D}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{26C73491-D9B7-45CA-A66B-4ECB2B727D50}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{4E6322DE-DBBB-423F-8AE2-9E463150ADEE}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{8C2A4CBF-AD29-4FFE-899C-62D591A500FB}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{EBFDBAD4-2915-449A-97DD-8BEF1504097A}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{F7393472-4A24-489E-B379-4B448B224A6B}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{3511F4DB-55FB-4113-8C78-EA8ED7A4AF13}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{6EBEBEF4-1792-479E-AED7-E223F7F0C152}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )

EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

VIRY.CZ

KMS!

KMS!

Re: KMS!

Re: KMS!

Re: KMS!

Re: KMS!

Re: KMS!