Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Infekcja winlogon.exe ITP. - Komputery Firmowe infekcja, wyłączanie przeglądarek

dzi3k 20 Sty 2017 07:19 594 4
  • #1 20 Sty 2017 07:19
    dzi3k
    Poziom 2  

    Witam was serdecznie
    mamy problem w firmie, odkąd Białorusin korzysta z naszych komputerów wszystkie są zainfekowane.... nie wiem czym ale sprawia nam to wiele problemów.
    wszystkie pendrive dyski zewnętrzne i wszystkie komputery(nawet te w domu) są zainfekowane programami winlogoon, csrss.exe, i nie są to standardowe procesy tak mi sie wydaje.
    Komputery straciły wydajność, wieszają się strasznie, dodatkowo dochodzą problemy z przeglądarkami, włączają się po wpisaniu tekstu, lub pobraniu jakiegoś pliku.

    zarzucam wam logi z 4 kompów najważniejszych, na których cały czas ktoś pracuje.
    Komp Julia-pc jest najważniejszy, na nim jest Serwer SubiectGT BuchalterWin oraz drukarki udostępnione w sieci.


    [/syntax]

    0 4
  • Pomocny post
    #4 20 Sty 2017 09:56
    krzychupar
    Poziom 40  

    Dla Julia-PC
    Odinstaluj:
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    AVG PC TuneUp
    Update for PriceFountain (HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\...\{5E883F97-AC66-0074-398F-07D4EE652A8A}) (Version: - Update for PriceFountain) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {11E4B107-C048-46C1-93D3-7A2DECEB6B5E} - System32\Tasks\{BB33CC05-D13F-40CC-BDC7-6750D579A370} => pcalua.exe -a C:\Users\Klient\Downloads\jxpiinstall.exe -d C:\Users\Klient\Downloads
    Task: {57EED9D1-F046-4B52-AEBB-CBD584A5F13F} - System32\Tasks\KlientUnderscoresRecaptureV2 => Rundll32.exe MisliesChucking.dll,main 7 1 <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3294767028-2147052189-1141253506-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160630.008\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160630.008\EX64.SYS [X]
    2017-01-20 09:01 - 2017-01-20 09:04 - 00000000 ____D C:\AdwCleaner
    2017-01-20 06:53 - 2017-01-20 06:53 - 00011354 _____ C:\Users\Klient\Desktop\hijackthis-julia-pc.txt
    2017-01-20 06:36 - 2017-01-20 06:36 - 00002963 _____ C:\Users\Klient\Desktop\HiJackThis.lnk
    2017-01-20 06:36 - 2017-01-20 06:36 - 00000000 ____D C:\Users\Klient\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2017-01-20 06:36 - 2017-01-20 06:36 - 00000000 ____D C:\hijackthis
    2017-01-19 08:10 - 2017-01-19 08:10 - 00002650 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
    2017-01-19 08:10 - 2017-01-19 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
    2016-06-09 13:08 - 2016-06-09 13:08 - 6867968 _____ () C:\Users\Klient\AppData\Roaming\agent.dat
    2016-06-09 13:08 - 2016-06-09 13:08 - 0067968 _____ () C:\Users\Klient\AppData\Roaming\Config.xml
    2016-06-09 13:08 - 2016-06-09 13:08 - 1759964 _____ () C:\Users\Klient\AppData\Roaming\Iceing.tst
    2016-06-09 13:08 - 2016-06-09 13:08 - 0014448 _____ () C:\Users\Klient\AppData\Roaming\InstallationConfiguration.xml
    2016-06-09 13:08 - 2016-06-09 13:08 - 0128512 _____ () C:\Users\Klient\AppData\Roaming\Installer.dat
    2016-06-09 13:08 - 2016-06-09 13:08 - 0018432 _____ () C:\Users\Klient\AppData\Roaming\Main.dat
    2016-06-09 13:08 - 2016-06-09 13:08 - 0005568 _____ () C:\Users\Klient\AppData\Roaming\md.xml
    2016-06-09 13:08 - 2016-06-09 13:08 - 0126464 _____ () C:\Users\Klient\AppData\Roaming\noah.dat
    2016-06-09 13:08 - 2016-06-09 13:08 - 0032038 _____ () C:\Users\Klient\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Dla KAMIL-PC
    Odinstaluj:
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

    Otwórz notatnik systemowy i wklej:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    U0 aswVmm; Brak ImagePath
    2017-01-20 07:46 - 2017-01-20 07:49 - 00000000 ____D C:\AdwCleaner
    2017-01-20 07:06 - 2017-01-20 07:06 - 00002953 _____ C:\Users\user\Desktop\HiJackThis.lnk
    2017-01-20 07:06 - 2017-01-20 07:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2017-01-20 07:06 - 2017-01-20 07:06 - 00000000 ____D C:\hijackthis
    2016-10-25 07:41 - 2016-10-25 07:41 - 0042088 _____ () C:\Users\user\AppData\Local\Bron.tok.A12.em.bin
    2012-02-25 12:56 - 2012-01-03 19:30 - 0042687 _____ () C:\Users\user\AppData\Local\inetinfo.exe
    2016-10-25 07:42 - 2016-10-25 07:42 - 0000051 _____ () C:\Users\user\AppData\Local\Kosong.Bron.Tok.txt
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #5 20 Sty 2017 10:08
    Kolobos
    Spec od komputerów

    Komputery w firmie i na kazdym piracki office (lub pozostalosci w postaci aktywatora) ;)
    Nie mowiac juz o programach, ktorych nie mozna uzywac komercyjnie jak Avast i AVG oraz innych.

    -> Julia-PC
    Nie pobieraj programow z dobrychprogramow przy pomocy ich menadzera pobierania, ktory instaluje szkodliwe dodatki!

    Do Fixlist.txt dodaj jeszcze:
    FF user.js: detected! => C:\Users\Klient\AppData\Roaming\Mozilla\Firefox\Profiles\6v0hrc5c.default\user.js [2016-07-13]
    2017-01-02 16:16 - 2017-01-02 16:16 - 01259368 _____ ( ) C:\Users\Klient\Downloads\IrfanView-12867-dp(1).exe
    2017-01-02 16:14 - 2017-01-02 16:14 - 01259368 _____ ( ) C:\Users\Klient\Downloads\IrfanView-12867-dp.exe

    -> KLAUDIA-PC
    Odinstaluj Hijackthis.

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Fixlist.txt dla FRST:
    HKLM\...\Run: [CCE] => "E:\cleaner\CCE\CCE.exe" -showlog
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-15] (Microsoft Corporation)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
    Toolbar: HKU\S-1-5-21-920763586-2192554144-4087753356-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-01-20 09:21 - 2017-01-20 09:22 - 00000000 ____D C:\AdwCleaner
    2017-01-20 07:01 - 2017-01-20 07:01 - 00002963 _____ C:\Users\FRONT1\Desktop\HiJackThis.lnk
    2017-01-20 07:01 - 2017-01-20 07:01 - 00000000 ____D C:\Users\FRONT1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2017-01-20 07:01 - 2017-01-20 07:01 - 00000000 ____D C:\hijackthis




    2017-01-20 09:23 - 2016-10-13 07:37 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-01-20 09:23 - 2016-10-13 07:09 - 00000000 ____D C:\Program Files\TrueKey
    2016-10-20 07:45 - 2016-10-20 07:45 - 0042088 _____ () C:\Users\FRONT1\AppData\Local\Bron.tok.A12.em.bin
    2016-10-24 06:23 - 2016-10-24 09:30 - 0000635 _____ () C:\Users\FRONT1\AppData\Local\BronFoldNetDomList.txt
    2016-10-20 07:45 - 2016-10-20 07:45 - 0000051 _____ () C:\Users\FRONT1\AppData\Local\Kosong.Bron.Tok.txt
    2016-10-24 09:30 - 2016-10-24 09:30 - 0042088 _____ () C:\Users\FRONT1\AppData\Local\Update.12.Bron.Tok.bin
    Task: {A6234B52-30E8-4A16-86C4-61BA741FC8C1} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
    EmptyTemp:

    -> Natalia-PC
    Odinstaluj:
    HiJackThis

    Fixlist.txt:
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-472793631-3222835876-3111809641-1000\...\localhost -> localhost
    Hosts:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-472793631-3222835876-3111809641-1000\...\Policies\system: [DisableCMD] 0
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nhyxpj7f.default -> Yahoo®
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nhyxpj7f.default -> Yahoo®
    2017-01-20 09:26 - 2017-01-20 09:28 - 00000000 ____D C:\AdwCleaner
    2017-01-20 07:03 - 2017-01-20 07:03 - 00002953 _____ C:\Users\user\Desktop\HiJackThis.lnk
    2017-01-20 07:03 - 2017-01-20 07:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2017-01-20 07:03 - 2017-01-20 07:03 - 00000000 ____D C:\hijackthis
    2016-10-20 07:47 - 2016-10-20 07:47 - 0042088 _____ () C:\Users\user\AppData\Local\Bron.tok.A12.em.bin
    2016-10-21 07:56 - 2016-10-25 08:40 - 0000000 _____ () C:\Users\user\AppData\Local\BronFoldNetDomList.txt
    2016-10-20 07:47 - 2016-10-20 07:47 - 0000051 _____ () C:\Users\user\AppData\Local\Kosong.Bron.Tok.txt
    2016-10-20 07:42 - 2016-10-20 07:42 - 0042088 _____ () C:\Users\user\AppData\Local\ListHost12.txt
    2016-10-25 08:49 - 2016-10-25 08:49 - 0042088 _____ () C:\Users\user\AppData\Local\Update.12.Bron.Tok.bin
    EmptyTemp:

    -> Oleg-PC
    W koncu w pracy najwazniejsze sa gry i sciaganie pirackich programow z torrentow ;)

    Odinstaluj:
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.206 - McAfee, Inc.)

    Tutaj tez uzyj podanego wczesniej: RemoveMcAfee_silent.exe

    Skroty z cyrylica usun recznie.

    Fixlist.txt:
    Task: {55B516A8-516A-4E58-BBDE-6D2CEA3DCA24} - System32\Tasks\Opera scheduled Autoupdate 1482653864 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
    Task: {5CF4E0A5-0664-4650-8099-978F64BC1597} - System32\Tasks\Opera_helper => C:\Users\user\AppData\Roaming\OPERA_~1\OPERA_~1.EXE
    Task: {88C5D261-29E4-4110-AC3C-59717BF86CE2} - System32\Tasks\famousaactors => Chrome.exe hxxp://famousaactors.ru/syforge
    Task: {B8DBCC9E-A033-4279-ADBE-FFF6DBF3E29F} - System32\Tasks\{F6A4A75C-A72D-440A-B543-F69B691A8E76} => pcalua.exe -a D:\1000009921\Setup.exe -d D:\1000009921
    Task: C:\Windows\Tasks\Opera_helper.job => C:\Users\user\AppData\Roaming\OPERA_~1\OPERA_~1.EXE
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Амиго.Музыка.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\ВКонтакте.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Мини-игры Mail.Ru.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Мой Мир.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Одноклассники.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo\Почта Mail.Ru.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
    HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {31a22d86-ab39-11e6-bf6e-642737833831} - E:\setup.exe
    HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {a278fc64-ab0e-11e6-878e-642737833831} - G:\setup.exe
    HKU\S-1-5-21-615750280-2091331665-3815443580-1000\...\MountPoints2: {de32a2a9-ab34-11e6-89a1-642737833831} - I:\setup.exe
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-23]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    Hosts: 0.0.0.1 mssplus.mcafee.com
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
    FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4nry3le7.default\user.js [2016-11-15]
    FF NewTab: Mozilla\Firefox\Profiles\4nry3le7.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=...nnel-17_8323051c_1201_1403_20161224_PL_ff_nt_
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4nry3le7.default -> Amazon
    FF Homepage: Mozilla\Firefox\Profiles\4nry3le7.default -> hxxps://go.mail.ru/?fr=ffhp1.0.4&gp=818409
    FF Keyword.URL: Mozilla\Firefox\Profiles\4nry3le7.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B34...-FEC6-4347-AFEF-74C2D19396F4%7D&gp=811041
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-01]
    FF Extension: (Brak nazwy) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4nry3le7.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [nie znaleziono]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BB37DFC17-D455-4547-96B7-BA5E84B1D6CE%7D&gp=811037
    CHR DefaultSearchKeyword: Default -> go.mail.ru
    CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/cr
    S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
    S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
    S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
    S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
    S3 AIDA64Driver; \??\E:\AIDA64 Extreme Edition\kerneld.x64 [X]
    2017-01-20 08:16 - 2017-01-20 08:16 - 00000000 ___HD C:\Users\user\AppData\Roaming\GoldenGate
    2017-01-20 08:04 - 2017-01-20 08:15 - 00000000 ____D C:\AdwCleaner
    2017-01-02 16:28 - 2017-01-02 16:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Amigo
    2017-01-02 08:51 - 2017-01-08 17:50 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
    2017-01-02 08:47 - 2017-01-02 08:47 - 00003640 _____ C:\Windows\System32\Tasks\famousaactors
    2016-12-25 14:16 - 2016-12-25 14:16 - 00249328 _____ C:\Users\user\Downloads\Update(6).exe
    2016-12-25 09:17 - 2016-12-25 09:17 - 00496416 _____ (MediaGet LLC) C:\Users\user\Downloads\hello-neighbor_id4131914ids1s.exe
    2016-12-25 09:17 - 2016-12-25 09:17 - 00003890 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482653864
    2016-12-25 09:17 - 2016-12-25 09:17 - 00000000 ____D C:\Program Files\McAfee
    2016-12-25 09:16 - 2017-01-20 08:25 - 00000000 ____D C:\Users\user\AppData\Roaming\opera_helper
    2016-12-25 09:16 - 2017-01-20 08:17 - 00000270 _____ C:\Windows\Tasks\Opera_helper.job
    2016-12-25 09:16 - 2016-12-25 09:16 - 00003222 _____ C:\Windows\System32\Tasks\Opera_helper
    2016-12-23 19:20 - 2016-12-23 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-12-23 18:19 - 2016-12-23 18:19 - 00249328 _____ C:\Users\user\Downloads\Update(5).exe
    2016-12-23 18:09 - 2016-12-23 18:09 - 00249328 _____ C:\Users\user\Downloads\Update(4).exe
    2016-12-23 18:06 - 2016-12-23 18:13 - 197127223 _____ ( ) C:\Users\user\Downloads\Counter-Strike_1.6.exe
    2016-12-23 17:45 - 2016-12-23 17:45 - 00017133 _____ C:\Users\user\Downloads\Hello-Neighbor-Alpha-2.rar.torrent
    2016-12-23 17:45 - 2016-12-23 17:45 - 00017133 _____ C:\Users\user\Downloads\Hello-Neighbor-Alpha-2.rar(1).torrent
    2017-01-20 08:15 - 2016-11-26 19:19 - 00000000 ____D C:\Program Files\TrueKey
    2017-01-20 05:50 - 2016-11-26 19:33 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2017-01-20 05:49 - 2016-11-26 19:32 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-12-25 09:16 - 2016-11-26 19:19 - 00000000 ____D C:\ProgramData\McAfee
    2016-12-23 19:20 - 2016-11-26 20:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-12-23 19:20 - 2016-11-26 19:19 - 00001968 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\user\AppData\Roaming\JomCap.dll
    EmptyTemp:

    Wszystkie komputery przeskanuj przy pomocy mbam oraz cureit i usun to co wykryja, po wykonaniu odinstaluj i usun.
    http://download.drweb.co.jp/pub/drweb/cureit/cureit.exe

    Pirackie gry i programy, do tego programy, ktorych nie mozna uzywac w firmie. Warto cos z tym zrobic zanim ktos to skontroluje.

    Oleg jak chce pograc w simsy to niech to robi w domu, a nie w firmie, w sumie to nie powinien sie dotykac do komputera skoro tylko infekuje.

    0