Potential Keylogger?

2023-10-26 01:04| 来源: 网络整理| 查看: 265

Posted 27 July 2021 - 09:56 AM

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling Adobe Flash

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.

Download Adobe Flash Player Uninstaller and save it to your DesktopRight click on the icon and select Run as administratorClick Uninstall then Done to reboot your comptuer===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administratorHighlight the below information then hit the Ctrl + C keys at the same time and the text will be copiedThere is no need to paste the information anywhere, FRST will do it for youStart:: CreateRestorePoint: CloseProcesses: File: C:\Windows\Temp\jna-1060845270\jna6424001576395865264.dll C:\Windows\Temp SearchScopes: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001 -> DefaultScope {F70D7B1E-8594-4F22-A198-11BB3B2B7BD0} URL = SearchScopes: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001 -> {F70D7B1E-8594-4F22-A198-11BB3B2B7BD0} URL = CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1619883276-1864714895-2913937634-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\snowf\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File FirewallRules: [{39EB51E0-9739-4552-8F13-28B7207D80C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{13BF857E-A19C-43FD-A57C-B4E38C00E15F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{18362184-8386-48D7-B4A0-CA3C114A72F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{309A8B13-66E2-42FF-8DF5-1C7690AB49F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{A48211AC-A9D7-498A-ACE8-CFAD14DF5DD4}] => (Block) C:\program files\openvpn\bin\openvpn.exe => No File FirewallRules: [{8E42645B-5C21-47E2-9C38-91C9D82D410C}] => (Block) C:\program files\openvpn\bin\openvpn.exe => No File FirewallRules: [UDP Query User{A3220E94-073D-4105-9707-5D3D2E685496}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe => No File FirewallRules: [TCP Query User{58589040-F9BB-4474-9D3F-0B562E144798}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe => No File FirewallRules: [{018BC21D-8CEE-487D-874F-FCB271B84217}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe => No File FirewallRules: [{09369ED6-3568-45D4-B7F9-D5E4554555D8}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe => No File FirewallRules: [{7312CF8A-A520-4056-BFF1-C371C0C662A2}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{81A4F965-E9C1-4F97-B4A5-18A2B6A49671}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{8FF548FE-C69F-4B90-B8E3-E5735E3B4C1D}] => (Allow) C:\Users\snowf\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{F0580888-93E1-4CDC-89D8-B6E0B652DEF1}] => (Allow) C:\Users\snowf\AppData\Roaming\Zoom\bin\airhost.exe => No File cmd: icacls c:\windows\system32\config\sam End:: Click FixWhen completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Adobe removed?Fixlog

Gary

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”Where to Start

【本文地址】

公司简介

联系我们