W załączniku logi.
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlorеr.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехрlorеr (No Add-ons).lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Еxрlоrеr Вrowser.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfoх.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gоogle Сhrоme.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Мozilla Firefоx.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfoх.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrome.lnk -> C:\Users\LB-Dawid\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlorеr.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехрlorеr (No Add-ons).lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Еxрlоrеr Вrowser.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfoх.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gоogle Сhrоme.lnk
C:\Users\LB-Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Мozilla Firefоx.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firеfoх.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chrome.lnk
RemoveDirectory: C:\Users\LB-Dawid\AppData\Roaming\Browsers
RemoveDirectory: C:\ProgramData\cpafService
C:\Users\LB-Dawid\AppData\Local\Temp\nsr59F3.tmp
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
FF NewTab: Mozilla\Firefox\Profiles\lgst2td7.dawid -> hxxp://www.istartpageing.com/newtab/?type=nt&ts=1453460954&z=aaacc94489132273885f1a9gcz0wfcfzfqbe4t3gdq&from=pcs&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DL3184131841
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\LB-Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\lgst2td7.dawid\extensions\deskCutv2@gmail.com => nie znaleziono
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [Brak pliku]
R2 cpafService; C:\ProgramData\cpafService\cpafService.exe [2186752 2018-08-01] () [Brak podpisu cyfrowego]
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
2018-08-01 14:16 - 2018-08-01 14:16 - 000001274 _____ () C:\Program Files\!!!WANNACRY_RESTORE_FILES!!!.txt
2018-08-01 14:16 - 2018-08-01 14:16 - 000294912 _____ () C:\Program Files\a.exe
2018-08-01 14:20 - 2018-08-01 14:20 - 000001274 _____ () C:\Program Files\Common Files\!!!WANNACRY_RESTORE_FILES!!!.txt
C:\Users\LB-Dawid\Documents\Corel\CorelDRAW X5 Samples\target.lnk
C:\Users\LB-Dawid\Documents\Corel\Próbki CorelDRAW X7\target.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
HKU\S-1-5-21-2977622527-2048772856-3257422506-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqxssEvb0fZsdq3tMuT7tKj9JeR9usSyjKwe0rLuaY0QUSu0oBGmlcYJyl_pIgwSHdRu50WUl6ir76g6qnEb_fddbu3wdBj9H9gqQbyMJryzpI6VacEIVdlmH1hc2ggevQAlnwLQ4Ot0m4wUsQ6lFFNLF-Clec,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 15 gości