Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński wirus - prośba o pomoc - Komputer zainfekowany złośliwym wirusem

to17071990 11 Sty 2017 00:10 714 7
  • #1 11 Sty 2017 00:10
    to17071990
    Poziom 3  

    Witam serdecznie.
    W ostatnich dniach na forum zaroiło się od tematów złośliwych chińskich wirusów. Pech i głupota sprawiła, iż mój komputer również został zainfekowany. Co umiałem - to usunąłem, niestety widzę, że problem jest nadal, wyskakują niechciane strony bez mojej wiedzy, a w przeglądarkach otrzymuje komunikat o nieważnym certyfikacie zabezpieczeń i możliwości wykradnięcia danych.
    Proszę o pomoc, gdyż jestem laikiem w temacie, a widziałem, iż kolegom z analogicznymi problemami pomogliście.
    Z góry dziękuje i pozdrawiam.
    Załączam pliki z FRST.

    0 7
  • CControls
  • #2 11 Sty 2017 04:34
    genuine486
    Poziom 15  

    Próbowałeś programem AdwCleaner?

    0
  • #3 11 Sty 2017 06:37
    krzychupar
    Poziom 40  

    Odinstaluj:
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)

    Otwórz notatnik systemowy i wklej:
    CloseProcess:
    Hosts:
    Task: {2027119F-B4D4-4F15-B24C-BF326DFB940A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
    Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
    Task: {D1B99B8E-1497-4130-8DE7-78104CBCA7F1} - System32\Tasks\{8C491079-4BB8-4E98-8B51-423C78A2FFCE} => pcalua.exe -a "C:\Program Files (x86)\CleanBrowser\uninstall.exe" -c /uninstall
    Task: {D78E7405-EDE0-4B09-9AD6-B96792846572} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {F48EEB42-616F-4CEF-AD18-0916CFC2FAAF} - System32\Tasks\McAfee\McAfee Idle Detection Task
    2017-01-09 23:32 - 2017-01-09 23:32 - 00292352 _____ () C:\Program Files (x86)\Lersily Server\local64spl.dll
    2017-01-09 23:30 - 2017-01-09 23:30 - 01620992 _____ () C:\ProgramData\service.exe
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\MountPoints2: {688c6ad6-6fc7-11e6-9be0-34de1aebd1e1} - "G:\autorun.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\MountPoints2: {8a961a02-cd27-11e6-9bec-34de1aebd1e1} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\MountPoints2: {8a961a14-cd27-11e6-9bec-34de1aebd1e1} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\MountPoints2: {8a961a47-cd27-11e6-9bec-34de1aebd1e1} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\MountPoints2: {c01e000d-7f79-11e6-9be2-34de1aebd1e1} - "G:\setup.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    ShellExecuteHooks: - {E5BC1154-D1C8-11E6-9646-64006A5CFC23} - C:\Users\to170\AppData\Roaming\Prgughtzopaing\Shiverckgoferch.dll Brak pliku [ ]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => Brak pliku
    ProxyEnable: [S-1-5-21-1204273918-3952231618-3567470707-1001] => Proxy - funkcja włączona.
    ProxyServer: [S-1-5-21-1204273918-3952231618-3567470707-1001] => 127.0.0.1:8118
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com




    SearchScopes: HKU\.DEFAULT -> DefaultScope {9FD4A772-0025-487B-AF68-C2317E4AF896} URL =
    SearchScopes: HKU\.DEFAULT -> {9FD4A772-0025-487B-AF68-C2317E4AF896} URL =
    SearchScopes: HKU\S-1-5-21-1204273918-3952231618-3567470707-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={130E7D3D-DC7B-4012-AAD5-822523C1662D}&mid=7f05d20059d847ccb864e5975c0f3812-4a6cf02b9700e5573355043d2d4ce8b7ff501543&lang=en&ds=rc011&coid=avgtbdisrc&cmpid=0816tb2&pr=sa&d=2016-08-21 18:07:58&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-19]
    S2 0109981482339333mcinstcleanup; C:\WINDOWS\TEMP\010998~1.EXE [962400 2016-04-12] (McAfee, Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
    R3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
    S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [920616 2016-08-08] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-08] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-08] (McAfee, Inc.)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    R2 Nunesstither; C:\Program Files (x86)\Platoty\ppetystsuyreports.dll [X]
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
    U1 ucdrv; \??\C:\WINDOWS\System32\drivers:ucdrv-x64.sys [X]
    2017-01-09 23:32 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\Lersily Server
    2017-01-09 23:32 - 2017-01-09 23:50 - 00000000 ____D C:\ProgramData\Microleaves
    2017-01-09 23:32 - 2017-01-09 23:43 - 00000000 ____D C:\Users\to170\AppData\Roaming\Prgughtzopaing
    2017-01-09 23:32 - 2017-01-09 23:35 - 00000000 ____D C:\Users\to170\AppData\Local\Faraent
    2017-01-09 23:32 - 2017-01-09 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
    2017-01-09 23:32 - 2017-01-09 23:32 - 00000000 ____D C:\Program Files\V2HO3H5ZXI
    2017-01-09 23:32 - 2017-01-09 23:32 - 00000000 ____D C:\Program Files\PANHBF41C2
    2017-01-09 23:31 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\Platoty
    2017-01-09 23:31 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\baidu
    2017-01-09 23:31 - 2017-01-09 23:43 - 00000000 ____D C:\Program Files (x86)\95ee7fc5-53e5-4d6f-aa89-628b636071701484001079
    2017-01-09 23:31 - 2017-01-09 23:32 - 00000000 ____D C:\Program Files\SaFiPlayer
    2017-01-09 23:31 - 2017-01-09 23:31 - 00000000 ____D C:\Users\to170\AppData\Local\UCBrowser
    2017-01-09 23:31 - 2017-01-09 23:31 - 00000000 _____ C:\TOSTACK
    2017-01-09 23:30 - 2017-01-10 00:53 - 00000000 ____D C:\Program Files\żěŃą
    2017-01-09 23:30 - 2017-01-10 00:42 - 00000000 ____D C:\Users\to170\AppData\Roaming\KuaiZip
    2017-01-09 23:30 - 2017-01-09 23:30 - 01620992 _____ C:\ProgramData\service.exe
    2017-01-09 23:30 - 2017-01-09 23:30 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-01-09 23:30 - 2017-01-09 23:30 - 00000889 _____ C:\Users\to170\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-01-09 23:30 - 2017-01-09 23:30 - 00000000 ____D C:\Users\to170\AppData\Roaming\Softlink
    2017-01-09 23:30 - 2017-01-09 23:30 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-01-09 23:30 - 2017-01-09 23:30 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-01-09 23:29 - 2017-01-10 00:47 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-01-09 23:29 - 2017-01-09 23:30 - 00000000 ____D C:\Users\to170\AppData\Roaming\Microleaves
    2017-01-09 23:29 - 2017-01-09 23:29 - 00000000 ____D C:\Users\to170\AppData\Roaming\Mozilla
    2017-01-09 23:28 - 2017-01-10 00:58 - 00000000 ____D C:\ProgramData\Hotfresh
    2017-01-09 23:28 - 2017-01-09 23:29 - 07316480 _____ C:\Users\to170\AppData\Roaming\agent.dat
    2017-01-09 23:28 - 2017-01-09 23:29 - 00018432 _____ C:\Users\to170\AppData\Roaming\Main.dat
    2017-01-09 23:28 - 2017-01-09 23:28 - 00000000 ____D C:\ProgramData\Hotfreshs
    2017-01-09 23:27 - 2017-01-10 00:52 - 00000000 ____D C:\ProgramData\CloudPrinter
    2017-01-09 23:27 - 2017-01-09 23:28 - 00000000 ____D C:\Users\to170\AppData\Roaming\8zom3
    2017-01-09 23:27 - 2017-01-09 23:27 - 00140288 _____ C:\Users\to170\AppData\Roaming\Installer.dat
    2017-01-09 23:27 - 2017-01-09 23:27 - 00000001 _____ C:\Users\to170\AppData\Roaming\lgWwns
    2017-01-09 21:56 - 2017-01-09 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2017-01-09 21:47 - 2017-01-09 21:47 - 00000000 ___HD C:\OneDriveTemp
    2016-12-23 00:13 - 2015-12-19 18:29 - 00000000 ____D C:\ProgramData\McAfee
    2016-12-15 00:49 - 2016-10-05 17:20 - 00000000 ____D C:\Users\to170
    C:\ProgramData\service.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #4 11 Sty 2017 07:50
    Kolobos
    Spec od komputerów

    @krzychupar dlaczego usuwasz McAfee LiveSafe i jego wpisy?

    0
  • #5 12 Sty 2017 23:07
    to17071990
    Poziom 3  

    Serdecznie dziękuję za pomoc.
    Wykonałem wskazane czynności.
    Czy moglibyście rzucić okiem ponownie na skan - czy wszystko jest ok?
    Pozdrawiam

    0
  • #6 12 Sty 2017 23:25
    Kolobos
    Spec od komputerów

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Wykonaj nowy Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {C31A921F-3237-48F9-8AF7-FA938DA4B0E6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5222d2c4-7619-41e0-ad13-b896156dd39c => C:\WINDOWS\System32\WindowsPowerShell\v1.0\\powershell.exe [2016-09-15] (Microsoft Corporation) <==== UWAGA
    Task: {C6975249-7B3A-4388-BE55-DACB5FD6EA35} - System32\Tasks\108593v3a242h10 => Rundll32.exe "C:\ProgramData\108593v3a242h10\108593v3a242h10.dll",bgozrak
    Task: {D1B99B8E-1497-4130-8DE7-78104CBCA7F1} - System32\Tasks\{8C491079-4BB8-4E98-8B51-423C78A2FFCE} => pcalua.exe -a "C:\Program Files (x86)\CleanBrowser\uninstall.exe" -c /uninstall
    Task: {DB4644D5-8DB0-4308-9464-334622A2F06F} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\to170\AppData\Roaming\Adobe\Manager.exe
    Task: {E50DC0E5-7545-4EDD-88A5-52633469FE76} - System32\Tasks\Driver Booster SkipUAC (to170) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
    2017-01-09 23:30 - 2017-01-09 23:30 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-01-09 23:27 - 2017-01-09 23:27 - 00629760 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    2017-01-09 23:28 - 2017-01-09 23:27 - 00629760 _____ () C:\ProgramData\Hotfresh\Hotfresh.exe
    2017-01-09 23:29 - 2017-01-09 23:29 - 00373760 _____ () C:\Users\to170\AppData\Local\Temp\00030535\RandomDelJiheReg.exe
    2017-01-09 23:30 - 2017-01-09 23:30 - 01620992 _____ () C:\ProgramData\service.exe
    2017-01-09 23:31 - 2017-01-09 23:32 - 01758208 _____ () C:\WINDOWS\Temp\666.tmp
    2017-01-09 23:32 - 2017-01-09 23:32 - 00369664 _____ () C:\Program Files\V2HO3H5ZXI\8RO3BGB0W.exe
    2017-01-09 23:32 - 2017-01-09 23:32 - 00292352 _____ () C:\Program Files (x86)\Lersily Server\local64spl.dll
    2017-01-09 23:32 - 2017-01-09 23:32 - 00369664 _____ () C:\Program Files\PANHBF41C2\PANHBF41C.exe
    2017-01-09 23:32 - 2017-01-09 23:32 - 00369664 _____ () C:\Users\to170\AppData\Local\Temp\ZX0LD33Q3J.exe
    2017-01-09 23:33 - 2014-03-22 19:17 - 02844160 _____ () C:\ProgramData\108593v3a242h10\108593v3a242h10.dll
    2017-01-09 23:45 - 2017-01-09 23:45 - 01447320 _____ () C:\Users\to170\AppData\Roaming\Kuaizip\kytips.exe
    2017-01-09 23:33 - 2017-01-09 23:35 - 03258880 _____ () C:\Users\to170\AppData\Local\Temp\gBF9C.tmp
    2017-01-09 23:30 - 2017-01-09 23:30 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    2017-01-09 23:32 - 2017-01-03 03:49 - 00324336 _____ () c:\program files\safiplayer\safisvc.dll
    2017-01-09 23:32 - 2016-12-21 02:13 - 00261360 _____ () c:\program files\safiplayer\updater\checkupdate.dll
    2017-01-09 23:32 - 2016-10-25 04:33 - 00166128 _____ () c:\program files\safiplayer\substat.dll
    2017-01-09 23:32 - 2016-12-20 05:38 - 01778928 _____ () c:\program files\safiplayer\softconfig.dll
    2017-01-09 23:33 - 2017-01-09 23:33 - 03603456 _____ () C:\Users\to170\AppData\Local\Temp\gBF89.tmp
    AlternateDataStreams: C:\Programy:Win32App_1
    AlternateDataStreams: C:\Program Files\Dolby Digital Plus:Win32App_1
    AlternateDataStreams: C:\Program Files\Intel:Win32App_1
    AlternateDataStreams: C:\Program Files\mcafee:Win32App_1
    AlternateDataStreams: C:\Program Files\Pinnacle:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Cisco:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App_1
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gywkatjl.sys:changelist
    AlternateDataStreams: C:\Program Files\Common Files\Intel:Win32App_1
    AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\Run: [REUA6BTCO5] => "C:\Program Files\V2HO3H5ZXI\8RO3BGB0W.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\Run: [QZVN4FSB6A] => "C:\Program Files\PANHBF41C2\PANHBF41C.exe"
    HKU\S-1-5-21-1204273918-3952231618-3567470707-1001\...\Run: [dpinst] => C:\Users\to170\AppData\Roaming\DIFX\dpinst.exe [7293280 2013-02-19] (TeamViewer GmbH)
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 SaFiSvc; C:\Users\to170\AppData\Local\SaFiSvc\SaFiSvc.dll [324336 2017-01-03] ()
    S2 0308371484151593mcinstcleanup; C:\Users\to170\AppData\Local\Temp\030837~1.EXE -cleanup -nolog [X]
    2017-01-10 01:24 - 2017-01-10 01:24 - 00000000 ____D C:\Users\to170\AppData\Local\SaFiSvc
    2017-01-10 00:52 - 2017-01-10 00:20 - 02101248 _____ (Farbar) C:\FRST64_02.5.2015.exe
    2017-01-09 23:48 - 2017-01-09 23:48 - 00000000 ____D C:\Users\to170\AppData\Local\AdvinstAnalytics
    2017-01-09 23:36 - 2017-01-09 23:40 - 00000000 ____D C:\Users\to170\AppData\Local\app
    2017-01-09 23:35 - 2017-01-09 23:35 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
    2017-01-09 23:35 - 2017-01-09 23:35 - 00003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (to170)
    2017-01-09 23:35 - 2017-01-09 23:35 - 00000000 ____D C:\WINDOWS\IObit
    2017-01-09 23:33 - 2017-01-09 23:33 - 00000000 ___HD C:\Users\to170\AppData\Roaming\DIFX
    2017-01-09 23:32 - 2017-01-10 01:10 - 00000000 ____D C:\Program Files (x86)\mpck
    2017-01-09 23:31 - 2017-01-09 23:31 - 0099678 _____ () C:\Users\to170\AppData\Roaming\booking.ico

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania. Razem z nowym addition!

    0
  • #8 13 Sty 2017 11:24
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    S3 dtldrvhelp; \??\c:\users\to170\appdata\local\safisvc\dtldrvhelp64.sys [X]
    S1 HWiNFO32; \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [X]

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0