Ronex763 Napisano Grudzień 31, 2014 Zgłoś Share Napisano Grudzień 31, 2014 Witam !Otóż od pewnego czasu zauważyłem, że wykorzystanie mojego procesora wzrosło. Postanowiłem sprawdzić jakiego czym było to spowodowane. Przyczyną był proces explorer.exe(32bity) bez ikony. Gdy wyłączam proces obciążenie maleje do normalnego stanu. Niestety problem nie ustępuje, gdyż włącza on się ponownie po jakimś czasie. W programie process monitor zauważyłem ( mam nadzieję, że nie błędnie), że strona mojego routera to jest www.huaweimobilewifi.com wysyła i odbiera jakieś pakiety przez port TCP z serwera eu2.wemineltc.com:http.Proszę o pomoc w tym, aby jakoś ten proces wyłączyć lub naprawić na stałe. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2014 Zgłoś Share Napisano Grudzień 31, 2014 Wygląda na malware kopiące BitCoiny, które podczepia się do procesu explorer.exe. Ze starszymi wersjami tego szkodnika Malwarebytes' Anti-Malware sobie radziło, więc liczę, że i tu da radę.Zainstaluj ten program, przeskanuj kompa i zamieść na forum wygenerowany log. Link do komentarza Udostępnij na innych stronach More sharing options...
Ronex763 Napisano Grudzień 31, 2014 Autor Zgłoś Share Napisano Grudzień 31, 2014 Ok. Widzę, że znalazło tego bitcoin minera. Mógłbyś mi wyjaśnić na czym polega to podczepianie do procesów ?Trochę potrwa skanowanie plików systemowych.Jak na razie znalazło 15 obiektów.Proszę bardzo :Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2014-12-31Scan Time: 22:50:21Logfile: ihj.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.11.20.06Rootkit Database: v2014.11.18.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: RonexScan Type: Threat ScanResult: CompletedObjects Scanned: 429862Time Elapsed: 13 min, 15 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1Trojan.Agent, C:\Users\Ronex1\pwo5\svchost.exe, 5996, , [2ed84fef5c20e650f7cdb1da52b1669a]Modules: 1Trojan.BitcoinMiner, c:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\minerd.dll, , [21e574cabac200366dfd751ee121d927], Registry Keys: 17PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [7492d8667efe26103a36dce4d42e6997], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [7492d8667efe26103a36dce4d42e6997], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [7492d8667efe26103a36dce4d42e6997], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [7492d8667efe26103a36dce4d42e6997], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0afcea54bdbf1c1addee1f7846be18e8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [7b8b72ccf78579bd74186ed8ba4941bf], PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [b353f44a0c7073c3511384e6ed1650b0], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [21e576c80c7058de92391b7c9b6944bc], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [2adc61ddcdaf52e41a71f254857ee11f], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [4eb8211d1c6091a5d24cfd3b778c7987], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [7393ae90f08c45f1474a57e49370d42c], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [f31399a596e62214543ea89331d29e62], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [bf47f14dc5b74cea7f08ace17094cc34], PUP.Optional.WebSearches.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, , [b452f7470a7246f0003cb98f1ae9a060], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [a165d8661963a98d3336ab04d72dd42c], PUP.Optional.PassShow.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PassShow, , [947277c76f0d3006f2a54eef48bbb848], PUP.Optional.Qone8, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0afcf945a1db48eef9d1f89f877de41c], Registry Values: 2PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, , [2adc61ddcdaf52e41a71f254857ee11f]Trojan.Agent, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pwo5, C:\Users\Ronex1\pwo5\svchost.exe, , [2ed84fef5c20e650f7cdb1da52b1669a]Registry Data: 5PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[699dbf7f710b8ea848ab57ed679e18e8]PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[5da9a39bfd7f290dc54eef609174d62a]PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[5da9ad91cbb12016be35ac98b64fa759]PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[e71f122cfa82d75ff81b61eeb5507f81]PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7,'>http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp&ts=1417618975&from=brd&uid=ST1000LM014-1EJ164_W380AYV7XXXXW380AYV7),,[7e882915f488ea4cb93775cfb1543fc1]Folders: 4PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS, , [689e8fafb3c994a213778a969f6452ae], PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS\res, , [689e8fafb3c994a213778a969f6452ae], PUP.Optional.Spigot.A, C:\Users\Ronex1\AppData\LocalLow\SEARCH SETTINGS emp, , [689e8fafb3c994a213778a969f6452ae], PUP.Optional.SupTab.A, C:\Users\Ronex1\AppData\Roaming\SupTab, , [db2b74caf18b84b25e3c55d1649f2ed2], Files: 51Trojan.BitcoinMiner, c:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\minerd.dll, , [21e574cabac200366dfd751ee121d927], PUP.Optional.SupTab.A, C:\Users\Ronex1\AppData\Roaming\SupTab\SupTab.dll, , [42c4f24cff7d5ed8acd987ae2ed20cf4], Trojan.Agent.H, C:\Users\Ronex1\AppData\Local\Temp\is-5N9H7.tmp\precomp042.exe, , [040298a68cf044f20586c48dca38b44c], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI56762\bin\csrss.exe, , [7690e35bb6c6d165beb6048f2cd66f91], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI56762\bin\minerd.dll, , [7c8a4cf2d9a365d15a100390b94918e8], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI57842\bin\csrss.exe, , [5aacaa94df9dad895c18048fa45e6997], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI57842\bin\minerd.dll, , [be48eb53b1cb221495d532612cd68d73], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI59002\bin\csrss.exe, , [d13542fcc6b6181ecea696fd59a94db3], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI23282\bin\csrss.exe, , [d2342717d9a3b77f5f15dfb418eaa55b], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI23282\bin\minerd.dll, , [55b1d96582fab77f5416e2b13bc7a15f], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI28322\bin\csrss.exe, , [d82ebd81d9a3201613618310b0525fa1], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI28322\bin\minerd.dll, , [b74f013d8cf04aecbcae385b72901ae6], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI42162\bin\csrss.exe, , [7393221c82fa2c0a1c580c87689a669a], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI42162\bin\minerd.dll, , [02047ec00973b680fa703360be44f907], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI42322\bin\csrss.exe, , [44c2ad911765191d4b29642f13ef6898], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI42322\bin\minerd.dll, , [9571a39b85f781b507631c774ab87e82], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI43442\bin\csrss.exe, , [6e9874cadd9ffc3a264e9ff4659d0df3], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI43442\bin\minerd.dll, , [b65081bd3f3d00361f4b098a44be2ad6], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI43962\bin\csrss.exe, , [20e60638eb910432680c444ff60c04fc], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI43962\bin\minerd.dll, , [12f4c47a4e2eed49f6742a6953afe31d], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI46322\bin\csrss.exe, , [e02641fd4c3086b00e66751e2ad8758b], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI46322\bin\minerd.dll, , [29dd8bb3fb81ea4ca8c2662d1de50000], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI48002\bin\csrss.exe, , [b84ec7778bf1ba7c5123771cf40e0bf5], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI48002\bin\minerd.dll, , [6c9a79c52f4da29479f1563d2ed4619f], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI49362\bin\csrss.exe, , [a75f88b6b3c9a294fd77fb9860a2f60a], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI49362\bin\minerd.dll, , [fa0c4fefa7d551e55c0ea5ee4cb641bf], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI50442\bin\csrss.exe, , [ca3ca9952b5120161163583b57ab38c8], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI50442\bin\minerd.dll, , [da2c59e587f5e551bab0bdd6bb47629e], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI51442\bin\csrss.exe, , [d72fa599e498e94d9fd53c57ae54e818], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI51442\bin\minerd.dll, , [e4229ba38def181e55150d8644be9c64], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI51682\bin\csrss.exe, , [df27b5892953c175254fd0c3c14119e7], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI51682\bin\minerd.dll, , [0df9b589b0cc8fa75416e6adc63c738d], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI52802\bin\csrss.exe, , [9373cc722a520c2a1262048f51b16799], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI52802\bin\minerd.dll, , [c83e52ec18645fd73f2bcac93bc726da], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI52882\bin\csrss.exe, , [b65035098eeeaf8714608c07946e5da3], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI52882\bin\minerd.dll, , [19edfc42374575c12b3fd0c3ef137a86], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53122\bin\csrss.exe, , [d333f34b5e1e6ec8caaa6c27bf43b64a], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53122\bin\minerd.dll, , [b1554fef13698aacb9b19df6ee14f709], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53442\bin\csrss.exe, , [44c2a8966e0eec4a96de563dfa08728e], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53442\bin\minerd.dll, , [c5411a2496e6bd797ded157e738f2ed2], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI53443\bin\csrss.exe, , [26e080be82fa082e1d5799fac43eea16], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI53443\bin\minerd.dll, , [2dd9112dfd7f4beb09619af9a55d6f91], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54122\bin\csrss.exe, , [15f152ec19631026c6aeddb6788a34cc], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54122\bin\minerd.dll, , [af57e6589ede092d6604efa4ec163dc3], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54202\bin\csrss.exe, , [61a56fcf96e6ce68d79d147f758d738d], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54202\bin\minerd.dll, , [bc4ad569027a3df943278d06bd45e41c], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI54282\bin\csrss.exe, , [8e78ea54ee8edd59d4a0147fa45e8080], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI54282\bin\minerd.dll, , [719526187903e74f96d46a298c7610f0], Trojan.Agent, C:\Users\Ronex1\AppData\Local\Temp\_MEI55642\bin\csrss.exe, , [9076a49a81fb9c9a7afa068dd131f709], Trojan.BitcoinMiner, C:\Users\Ronex1\AppData\Local\Temp\_MEI55642\bin\minerd.dll, , [f70f95a9e498d36387e3f69da1612ed2], Trojan.Agent, C:\Users\Ronex1\pwo5\svchost.exe, , [2ed84fef5c20e650f7cdb1da52b1669a], Physical Sectors: 0(No malicious items detected)(end)Co chwila wyskakuje mi okienko z explorer.exe, że nie można uruchomić programu, ponieważ na komputerze nie znaleziono minerd.dll oraz okienko programu w dolnym prawym rogu z informacja o blokowanej domenie i jej ip 111.111.111.111 oraz porcie co chwila innym. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2014 Zgłoś Share Napisano Grudzień 31, 2014 Ok. Widzę, że znalazło tego bitcoin minera. Mógłbyś mi wyjaśnić na czym polega to podczepianie do procesów ?Malware wszczepia kod do prawidłowego procesu lub wykorzystuje jego mechanizmy/luki, by odpalić się i być widocznym w systemie jako ten proces. Dzięki temu ukrywa się on przed użytkownikiem.Jedna rzecz:Malware Database: v2014.11.20.06Rootkit Database: v2014.11.18.01Skanowanie wykonałeś na nieaktualnych bazach. Uaktualnij program i przeprowadź je jeszcze raz. Usuń wszystkie zagrożenia, które znajdzie MBAM. Dodatkowo zrestartuj komputer.Wtedy napisz, czy wszystko działa i wrzuć nowego loga. Link do komentarza Udostępnij na innych stronach More sharing options...
Ronex763 Napisano Grudzień 31, 2014 Autor Zgłoś Share Napisano Grudzień 31, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2014-12-31Scan Time: 23:22:26Logfile: asd.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.12.31.05Rootkit Database: v2014.12.30.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: RonexScan Type: Threat ScanResult: CompletedObjects Scanned: 442546Time Elapsed: 21 min, 47 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 4PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [e9780069483494a2770ccc94000308f8], PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [322fee7bbac2270f98ebd28ee41f0000], PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK, , [73eea4c5e5974ee8ccd5ec7d8c777f81], PUP.Optional.Qone8, HKU\S-1-5-21-2797637584-790094135-2825667820-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [adb4f673443866d06dffbb0b8b7942be], Registry Values: 1PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [73eea4c5e5974ee8ccd5ec7d8c777f81]Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x64, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x86, , [afb2650415672214752b79f03fc403fd], PUP.Optional.Enabler.A, C:\ProgramData\SetApp\WS.Enabler, , [88d97aef3d3f44f2abfa243636cd9c64], Files: 46PUP.Optional.OpenCandy, C:\Users\Ronex1\AppData\Local\Temp\nsh7AAD.tmp\KMPAddedCode_OpperCD.exe, , [ce936702e29af6401f8beebcce375ca4], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, , [afb2650415672214752b79f03fc403fd], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, , [afb2650415672214752b79f03fc403fd], Physical Sectors: 0(No malicious items detected)(end)Na 4 linijkę 3 akapitu nie musisz zwracać uwagi ... Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2014 Zgłoś Share Napisano Grudzień 31, 2014 OK, to teraz jeszcze napisz, czy wszystko działa jak należy, czy też masz jakieś błędy. Malware już być nie powinno, ale mogły pozostać po tym jakieś śmieci. Link do komentarza Udostępnij na innych stronach More sharing options...
Ronex763 Napisano Styczeń 1, 2015 Autor Zgłoś Share Napisano Styczeń 1, 2015 Wielkie dzięki stary. Wszystko jest dobrze - żadnych błędów. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Styczeń 1, 2015 Zgłoś Share Napisano Styczeń 1, 2015 No OK, dla pewności możesz jeszcze wykonać skan programami AdwCleaner, Emsisoft Emergency Kit oraz Hitman Pro, żeby sprawdzić, czy one czegoś dodatkowego nie pokażą.Warto odpalić zwłaszcza AdwCleaner, bo miałeś trochę reklamowego śmiecia. Link do komentarza Udostępnij na innych stronach More sharing options...