skan po trojanie

Janekk · 8 Lutego 2025

Witam wszystkich niedawno przydarzyła mi się sytuacja gdzie znalazłem na komputerze trojana przez ktorego wlamywali mi sie na konta lecz po jego usunięciu nie bylem pewny to przeskanowałem jeszcze raz dokładniej. Dodaje 2 linki do txt z prośbą o analize tych rzeczy z linków czy napewno nic nie zostało.

https://pastebin.com/1kHS9jkN

https://pastebin.com/cHJWu2FA

raven555 · 8 Lutego 2025

W logach tylko kosmetyka, wklej do notatnika poniższy tekst:

Cytat

CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA
HKU\S-1-5-21-834816989-2569568872-3492190611-1001\...\MountPoints2: {56f7fedd-c80c-11ef-ad51-7cb566cbf2d6} - "D:\autorun.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
U1 aswbdisk; Brak ImagePath
FirewallRules: [TCP Query User{6A836236-5DD2-49D5-92CA-F1261D8D1665}C:\users\janli\onedrive\pulpit\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\mysummercar.exe] => (Allow) C:\users\janli\onedrive\pulpit\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\mysummercar.exe => Brak pliku
FirewallRules: [UDP Query User{3BBB4C31-5CD0-4820-8036-EA6F2FBD3E74}C:\users\janli\onedrive\pulpit\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\mysummercar.exe] => (Allow) C:\users\janli\onedrive\pulpit\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\my.summer.car.v2023.02.22\mysummercar.exe => Brak pliku
784-0034192A1474}C:\program files (x86)\opentrack\opentrack.exe] => (Allow) C:\program files (x86)\opentrack\opentrack.exe => Brak pliku
FirewallRules: [UDP Query User{3A9C5138-590A-4BFB-94C1-1E48F5EE6523}C:\program files (x86)\opentrack\opentrack.exe] => (Allow) C:\program files (x86)\opentrack\opentrack.exe => Brak pliku

FirewallRules: [TCP Query User{D28D8676-CB71-41F4-9ABD-3F0EFB239722}C:\program files (x86)\steam\steamapps\common\drunken wrestlers 2\dw2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drunken wrestlers 2\dw2.exe => Brak pliku
FirewallRules: [UDP Query User{CF5B571A-69B7-4FB5-A86C-55AFACFE1A20}C:\program files (x86)\steam\steamapps\common\drunken wrestlers 2\dw2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drunken wrestlers 2\dw2.exe => Brak pliku
FirewallRules: [{98A98F1E-6288-4D8B-8072-542F55E54C9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\vsPlaytimeLauncher\vsPlaytimeLauncher.exe => Brak pliku
FirewallRules: [{D477A355-8F4B-4699-8BC3-8E7C66261EE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poppy Playtime\vsPlaytimeLauncher\vsPlaytimeLauncher.exe => Brak pliku
FirewallRules: [TCP Query User{67285048-2EA7-440F-B655-0412FCF6E45A}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => Brak pliku
FirewallRules: [UDP Query User{53AA3648-225B-4DE7-BDF6-DFD0BE0EBBEF}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => Brak pliku
FirewallRules: [TCP Query User{377AC55B-B2C7-403C-ACEF-F88F78C396CA}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Brak pliku
FirewallRules: [UDP Query User{2EB8F089-C36A-4ACF-8A16-02A41A9B4D09}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Brak pliku
FirewallRules: [TCP Query User{E6E2327C-A006-4A81-AF68-321EED4941FF}C:\program files\epic games\torquedrift2\drift\binaries\win64\drift-win64-shipping.exe] => (Allow) C:\program files\epic games\torquedrift2\drift\binaries\win64\drift-win64-shipping.exe => Brak pliku
FirewallRules: [UDP Query User{9DF91E64-D8AF-4189-B024-7026D3D2B2F1}C:\program files\epic games\torquedrift2\drift\binaries\win64\drift-win64-shipping.exe] => (Allow) C:\program files\epic games\torquedrift2\drift\binaries\win64\drift-win64-shipping.exe => Brak pliku
FirewallRules: [TCP Query User{A8AB33DC-B4AD-4DC2-B46F-A4B6C13C7ECB}C:\program files\blazingpack launcher\blazingpack launcher.exe] => (Allow) C:\program files\blazingpack launcher\blazingpack launcher.exe => Brak pliku
FirewallRules: [UDP Query User{2D1E6B06-CE0C-406C-B1F6-9DAE0B7AA766}C:\program files\blazingpack launcher\blazingpack launcher.exe] => (Allow) C:\program files\blazingpack launcher\blazingpack launcher.exe => Brak pliku
FirewallRules: [TCP Query User{B1795FC9-ABFE-467E-9F83-607677583DB2}C:\users\janli\appdata\roaming\.blazingpackclient\jvm\jdk16_x64\bin\java.exe] => (Allow) C:\users\janli\appdata\roaming\.blazingpackclient\jvm\jdk16_x64\bin\java.exe
FirewallRules: [UDP Query User{68676119-CD19-402E-86F1-7A847D44CE18}C:\users\janli\appdata\roaming\.blazingpackclient\jvm\jdk16_x64\bin\java.exe] => (Allow) C:\users\janli\appdata\roaming\.blazingpackclient\jvm\jdk16_x64\bin\java.exe
FirewallRules: [TCP Query User{FEA77647-83DE-455F-9DC7-8D46B4CBCD74}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => Brak pliku
FirewallRules: [UDP Query User{24A34288-7874-4286-AA73-933539131535}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => Brak pliku
FirewallRules: [TCP Query User{29827BAF-C76E-4C06-9C7D-EB908D8E2DA9}C:\program files\tiktok live studio\0.37.6-beta\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.37.6-beta\tiktok live studio.exe => Brak pliku
FirewallRules: [UDP Query User{4FF197BE-5721-4536-887C-DB65418F72ED}C:\program files\tiktok live studio\0.37.6-beta\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.37.6-beta\tiktok live studio.exe => Brak pliku
FirewallRules: [TCP Query User{9BEE5C6F-3DF9-4205-AF78-43BB160D9C23}C:\program files\tiktok live studio\0.48.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.48.2\tiktok live studio.exe => Brak pliku
FirewallRules: [UDP Query User{D1A74D5A-6185-400E-848F-8049F7071409}C:\program files\tiktok live studio\0.48.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.48.2\tiktok live studio.exe => Brak pliku
FirewallRules: [TCP Query User{648A0ACD-0AF8-4AA0-A790-5AC4B7D21F3E}C:\program files\tiktok live studio\0.50.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.50.2\tiktok live studio.exe => Brak pliku
FirewallRules: [UDP Query User{F5DEE34A-89EE-4ABE-BCCE-70E944FCC57B}C:\program files\tiktok live studio\0.50.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.50.2\tiktok live studio.exe => Brak pliku
FirewallRules: [TCP Query User{895C5E32-51DC-443C-8FB5-93574138D399}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => Brak pliku
FirewallRules: [UDP Query User{A368EC35-0011-42A9-94A3-5077EDAB4842}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => Brak pliku
FirewallRules: [TCP Query User{6502C10A-CF65-4987-A92D-9D360CF082AD}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => Brak pliku
FirewallRules: [UDP Query User{8D56C276-7DAC-47D6-8383-8FA70A605AF4}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => Brak pliku
FirewallRules: [{B76AB32A-CB95-40F0-939D-553D4581AC60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Brak pliku
FirewallRules: [{F02F55B0-F674-4DBC-83D4-E42FA2CC296B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Brak pliku
FirewallRules: [{1BC39B49-70A0-46E5-9327-3A94FA199DF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Brak pliku
FirewallRules: [{6DB49D60-519F-4D4A-98BF-2EE61E548E02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Brak pliku
FirewallRules: [{7D0FDB91-DFC5-44C3-BE9B-82D37368117D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wallpaper Alive\wallpaper_service\WallpaperAlive.exe => Brak pliku
FirewallRules: [{3072D234-2375-4926-884A-7C836DEDEF98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wallpaper Alive\wallpaper_service\WallpaperAlive.exe => Brak pliku
FirewallRules: [TCP Query User{B9ADB594-C907-4D3C-BAF8-8A181A0A9A78}C:\program files\epic games\callofthewildtheangler\cotwtheangler_egs.exe] => (Allow) C:\program files\epic games\callofthewildtheangler\cotwtheangler_egs.exe => Brak pliku
FirewallRules: [UDP Query User{D2B25B39-AC37-463E-8E58-1F1B127E5360}C:\program files\epic games\callofthewildtheangler\cotwtheangler_egs.exe] => (Allow) C:\program files\epic games\callofthewildtheangler\cotwtheangler_egs.exe => Brak pliku
FirewallRules: [TCP Query User{650DC873-5AEF-44C4-8EB3-4BD7AAD6A1AC}C:\users\janli\appdata\local\discord\app-1.0.9170\discord.exe] => (Allow) C:\users\janli\appdata\local\discord\app-1.0.9170\discord.exe => Brak pliku
FirewallRules: [UDP Query User{DBC904B5-A1C4-43DA-9F7A-04B8C031F909}C:\users\janli\appdata\local\discord\app-1.0.9170\discord.exe] => (Allow) C:\users\janli\appdata\local\discord\app-1.0.9170\discord.exe => Brak pliku
FirewallRules: [TCP Query User{3F65E7AE-F0E3-4D31-9B54-B177FF7A357F}C:\users\janli\appdata\local\discord\app-1.0.9172\discord.exe] => (Allow) C:\users\janli\appdata\local\discord\app-1.0.9172\discord.exe => Brak pliku
FirewallRules: [UDP Query User{2920F8ED-3DBB-42E7-99E6-41AE9EF8D873}C:\users\janli\appdata\local\discord\app-1.0.9172\discord.exe] => (Allow) C:\users\janli\appdata\local\discord\app-1.0.9172\discord.exe => Brak pliku
FirewallRules: [{69ABBD4E-1B30-4F55-A86F-2CF98885A5F3}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\FarmingSimulator2017.exe => Brak pliku
FirewallRules: [{660EF582-A3EC-4095-A8AE-3412A08C58D3}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\FarmingSimulator2017.exe => Brak pliku
FirewallRules: [{C9C9C0C0-71F0-4E4B-976E-2B5D981081B2}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe => Brak pliku
FirewallRules: [{8D22212F-9DB1-424C-AF32-8AB014DF6B9C}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe => Brak pliku
FirewallRules: [{11B8850D-2CB1-4B07-A8EC-B7F5B423F5C3}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe => Brak pliku
FirewallRules: [{5E387A61-50E3-4DCA-8AAF-87184419D412}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe => Brak pliku
EmptyTemp:
EmptyEventLogs:

Plik zapisz jako FixList.txt i w FRST nacijśnij NAPRAW ,dla pewności zrób pełny skan systemu za pomocą EEK

---->>> https://www.emsisoft.com/en/home/emergency-kit/

Janekk · 8 Lutego 2025

@raven555 dzieki ziomek nic nie wykryto

Zaloguj się

skan po trojanie

Rekomendowane odpowiedzi

Janekk 0

raven555 484

Janekk 0

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Zarejestruj nowe konto

Zaloguj się

Ostatnio przeglądający 0 użytkowników

Popularne tematy

Najnowsze posty

Aktywni użytkownicy

ITHardware Portal

Przeglądaj

Cała aktywność