Jump to content
Sign in to follow this  
Ronex763

Proces explorer.exe zwiększa użycie CPU

Recommended Posts

Witam !

Otóż od pewnego czasu zauważyłem, że wykorzystanie mojego procesora wzrosło. Postanowiłem sprawdzić jakiego czym było to spowodowane. Przyczyną był proces explorer.exe(32bity) bez ikony. Gdy wyłączam proces obciążenie maleje do normalnego stanu. Niestety problem nie ustępuje, gdyż włącza on się ponownie po jakimś czasie. W programie process monitor zauważyłem ( mam nadzieję, że nie błędnie), że strona mojego routera to jest www.huaweimobilewifi.com wysyła i odbiera jakieś pakiety przez port TCP z serwera eu2.wemineltc.com:http.

Proszę o pomoc w tym, aby jakoś ten proces wyłączyć lub naprawić na stałe.

Edited by Ronex763

Share this post


Link to post
Share on other sites

Wygląda na malware kopiące BitCoiny, które podczepia się do procesu explorer.exe. Ze starszymi wersjami tego szkodnika Malwarebytes' Anti-Malware sobie radziło, więc liczę, że i tu da radę.

Zainstaluj ten program, przeskanuj kompa i zamieść na forum wygenerowany log.

Edited by Sevard
  • Upvote 1

Share this post


Link to post
Share on other sites

Ok. Widzę, że znalazło tego bitcoin minera. Mógłbyś mi wyjaśnić na czym polega to podczepianie do procesów ?

Trochę potrwa skanowanie plików systemowych.

Jak na razie znalazło 15 obiektów.

Proszę bardzo :

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2014-12-31

Scan Time: 22:50:21

Logfile: ihj.txt

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2014.11.20.06

Rootkit Database: v2014.11.18.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Ronex

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 429862

Time Elapsed: 13 min, 15 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 1

Trojan.Agent, C:\Users\Ronex1\pwo5\svchost.exe, 5996, , [2ed84fef5c20e650f7cdb1da52b1669a]

Modules: 1

Trojan.BitcoinMiner, c:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\minerd.dll, , [21e574cabac200366dfd751ee121d927],

Registry Keys: 17

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [7492d8667efe26103a36dce4d42e6997],

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [7492d8667efe26103a36dce4d42e6997],

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [7492d8667efe26103a36dce4d42e6997],

PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [7492d8667efe26103a36dce4d42e6997],

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0afcea54bdbf1c1addee1f7846be18e8],

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [7b8b72ccf78579bd74186ed8ba4941bf],

PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [b353f44a0c7073c3511384e6ed1650b0],

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [21e576c80c7058de92391b7c9b6944bc],

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [2adc61ddcdaf52e41a71f254857ee11f],

PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [4eb8211d1c6091a5d24cfd3b778c7987],

PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [7393ae90f08c45f1474a57e49370d42c],

PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [f31399a596e62214543ea89331d29e62],

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [bf47f14dc5b74cea7f08ace17094cc34],

PUP.Optional.WebSearches.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, , [b452f7470a7246f0003cb98f1ae9a060],

PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [a165d8661963a98d3336ab04d72dd42c],

PUP.Optional.PassShow.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PassShow, , [947277c76f0d3006f2a54eef48bbb848],

PUP.Optional.Qone8, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0afcf945a1db48eef9d1f89f877de41c],

Registry Values: 2

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, , [2adc61ddcdaf52e41a71f254857ee11f]

Trojan.Agent, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pwo5, C:\Users\Ronex1\pwo5\svchost.exe, , [2ed84fef5c20e650f7cdb1da52b1669a]

Registry Data: 5

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[699dbf7f710b8ea848ab57ed679e18e8]

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[5da9a39bfd7f290dc54eef609174d62a]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[5da9ad91cbb12016be35ac98b64fa759]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[e71f122cfa82d75ff81b61eeb5507f81]

PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[7e882915f488ea4cb93775cfb1543fc1]

Folders: 4

PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS, , [689e8fafb3c994a213778a969f6452ae],

PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS\res, , [689e8fafb3c994a213778a969f6452ae],

PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS emp, , [689e8fafb3c994a213778a969f6452ae],

PUP.Optional.SupTab.A, C:\Users\Ronex1\AppData\Roaming\SupTab, , [db2b74caf18b84b25e3c55d1649f2ed2],

Files: 51

Trojan.BitcoinMiner, c:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\minerd.dll, , [21e574cabac200366dfd751ee121d927],

PUP.Optional.SupTab.A, C:\Users\Ronex1\AppData\Roaming\SupTab\SupTab.dll, , [42c4f24cff7d5ed8acd987ae2ed20cf4],

Trojan.Agent.H, C:\Users\Ronex1\AppData\Local\Temp\is-5N9H7.tmp\precomp042.exe, , [040298a68cf044f20586c48dca38b44c],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI56762\bin\csrss.exe, , [7690e35bb6c6d165beb6048f2cd66f91],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI56762\bin\minerd.dll, , [7c8a4cf2d9a365d15a100390b94918e8],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI57842\bin\csrss.exe, , [5aacaa94df9dad895c18048fa45e6997],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI57842\bin\minerd.dll, , [be48eb53b1cb221495d532612cd68d73],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\csrss.exe, , [d13542fcc6b6181ecea696fd59a94db3],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI23282\bin\csrss.exe, , [d2342717d9a3b77f5f15dfb418eaa55b],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI23282\bin\minerd.dll, , [55b1d96582fab77f5416e2b13bc7a15f],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI28322\bin\csrss.exe, , [d82ebd81d9a3201613618310b0525fa1],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI28322\bin\minerd.dll, , [b74f013d8cf04aecbcae385b72901ae6],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI42162\bin\csrss.exe, , [7393221c82fa2c0a1c580c87689a669a],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI42162\bin\minerd.dll, , [02047ec00973b680fa703360be44f907],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI42322\bin\csrss.exe, , [44c2ad911765191d4b29642f13ef6898],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI42322\bin\minerd.dll, , [9571a39b85f781b507631c774ab87e82],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI43442\bin\csrss.exe, , [6e9874cadd9ffc3a264e9ff4659d0df3],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI43442\bin\minerd.dll, , [b65081bd3f3d00361f4b098a44be2ad6],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI43962\bin\csrss.exe, , [20e60638eb910432680c444ff60c04fc],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI43962\bin\minerd.dll, , [12f4c47a4e2eed49f6742a6953afe31d],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI46322\bin\csrss.exe, , [e02641fd4c3086b00e66751e2ad8758b],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI46322\bin\minerd.dll, , [29dd8bb3fb81ea4ca8c2662d1de50000],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI48002\bin\csrss.exe, , [b84ec7778bf1ba7c5123771cf40e0bf5],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI48002\bin\minerd.dll, , [6c9a79c52f4da29479f1563d2ed4619f],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI49362\bin\csrss.exe, , [a75f88b6b3c9a294fd77fb9860a2f60a],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI49362\bin\minerd.dll, , [fa0c4fefa7d551e55c0ea5ee4cb641bf],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI50442\bin\csrss.exe, , [ca3ca9952b5120161163583b57ab38c8],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI50442\bin\minerd.dll, , [da2c59e587f5e551bab0bdd6bb47629e],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI51442\bin\csrss.exe, , [d72fa599e498e94d9fd53c57ae54e818],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI51442\bin\minerd.dll, , [e4229ba38def181e55150d8644be9c64],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI51682\bin\csrss.exe, , [df27b5892953c175254fd0c3c14119e7],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI51682\bin\minerd.dll, , [0df9b589b0cc8fa75416e6adc63c738d],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI52802\bin\csrss.exe, , [9373cc722a520c2a1262048f51b16799],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI52802\bin\minerd.dll, , [c83e52ec18645fd73f2bcac93bc726da],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI52882\bin\csrss.exe, , [b65035098eeeaf8714608c07946e5da3],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI52882\bin\minerd.dll, , [19edfc42374575c12b3fd0c3ef137a86],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53122\bin\csrss.exe, , [d333f34b5e1e6ec8caaa6c27bf43b64a],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53122\bin\minerd.dll, , [b1554fef13698aacb9b19df6ee14f709],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53442\bin\csrss.exe, , [44c2a8966e0eec4a96de563dfa08728e],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53442\bin\minerd.dll, , [c5411a2496e6bd797ded157e738f2ed2],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53443\bin\csrss.exe, , [26e080be82fa082e1d5799fac43eea16],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53443\bin\minerd.dll, , [2dd9112dfd7f4beb09619af9a55d6f91],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54122\bin\csrss.exe, , [15f152ec19631026c6aeddb6788a34cc],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54122\bin\minerd.dll, , [af57e6589ede092d6604efa4ec163dc3],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54202\bin\csrss.exe, , [61a56fcf96e6ce68d79d147f758d738d],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54202\bin\minerd.dll, , [bc4ad569027a3df943278d06bd45e41c],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54282\bin\csrss.exe, , [8e78ea54ee8edd59d4a0147fa45e8080],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54282\bin\minerd.dll, , [719526187903e74f96d46a298c7610f0],

Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI55642\bin\csrss.exe, , [9076a49a81fb9c9a7afa068dd131f709],

Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI55642\bin\minerd.dll, , [f70f95a9e498d36387e3f69da1612ed2],

Trojan.Agent, C:\Users\Ronex1\pwo5\svchost.exe, , [2ed84fef5c20e650f7cdb1da52b1669a],

Physical Sectors: 0

(No malicious items detected)

(end)

Co chwila wyskakuje mi okienko z explorer.exe, że nie można uruchomić programu, ponieważ na komputerze nie znaleziono minerd.dll oraz okienko programu w dolnym prawym rogu z informacja o blokowanej domenie i jej ip 111.111.111.111 oraz porcie co chwila innym.

Edited by Ronex763

Share this post


Link to post
Share on other sites

Ok. Widzę, że znalazło tego bitcoin minera. Mógłbyś mi wyjaśnić na czym polega to podczepianie do procesów ?

Malware wszczepia kod do prawidłowego procesu lub wykorzystuje jego mechanizmy/luki, by odpalić się i być widocznym w systemie jako ten proces. Dzięki temu ukrywa się on przed użytkownikiem.

Jedna rzecz:

Malware Database: v2014.11.20.06

Rootkit Database: v2014.11.18.01

Skanowanie wykonałeś na nieaktualnych bazach. Uaktualnij program i przeprowadź je jeszcze raz. Usuń wszystkie zagrożenia, które znajdzie MBAM. Dodatkowo zrestartuj komputer.

Wtedy napisz, czy wszystko działa i wrzuć nowego loga.

Edited by Sevard

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2014-12-31

Scan Time: 23:22:26

Logfile: asd.txt

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2014.12.31.05

Rootkit Database: v2014.12.30.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Ronex

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 442546

Time Elapsed: 21 min, 47 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 4

PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [e9780069483494a2770ccc94000308f8],

PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [322fee7bbac2270f98ebd28ee41f0000],

PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK, , [73eea4c5e5974ee8ccd5ec7d8c777f81],

PUP.Optional.Qone8, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [adb4f673443866d06dffbb0b8b7942be],

Registry Values: 1

PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [73eea4c5e5974ee8ccd5ec7d8c777f81]

Registry Data: 0

(No malicious items detected)

Folders: 4

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x64, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x86, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.Enabler.A, C:\ProgramData\SetApp\WS.Enabler, , [88d97aef3d3f44f2abfa243636cd9c64],

Files: 46

PUP.Optional.OpenCandy, C:\Users\Ronex1\AppData\Local\Temp\nsh7AAD.tmp\KMPAddedCode_OpperCD.exe, , [ce936702e29af6401f8beebcce375ca4],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, , [afb2650415672214752b79f03fc403fd],

PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, , [afb2650415672214752b79f03fc403fd],

Physical Sectors: 0

(No malicious items detected)

(end)

Na 4 linijkę 3 akapitu nie musisz zwracać uwagi ...

Share this post


Link to post
Share on other sites

OK, to teraz jeszcze napisz, czy wszystko działa jak należy, czy też masz jakieś błędy. Malware już być nie powinno, ale mogły pozostać po tym jakieś śmieci.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...