Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

pozbycie się wirusa "żěŃą" -

cukier 26 Lut 2017 20:21 525 1
  • CControls
  • Pomocny post
    #2 26 Lut 2017 20:32
    Kolobos
    Spec od komputerów

    Nie podczepiaj sie pod inne watki.

    Odinstaluj:
    McAfee Security Scan Plus
    SafeFinder

    Podany Fixlist wykonaj w trybie awaryjnym.

    Fixlist.txt dla FRST:
    CloseProcesses:
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Standuck\Application\chrome.exe" "%1" <==== UWAGA
    Task: {05346916-F628-4E08-A77E-18DF34EFA0C8} - System32\Tasks\Cergerch Core => C:\Program Files (x86)\Phunshfowtain\wafering.exe
    Task: {054F4870-7A1E-4A57-AA26-25FEB779831E} - System32\Tasks\Dceried Host => C:\Program Files (x86)\Phunshfowtain\dclrik.exe
    Task: {1D652A2B-C08C-45FD-BA51-447B19FC0EB9} - System32\Tasks\SMW_UpdateTask_Time_323539313338323634362d2355786c325a5b5734412d34 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {1E6144F2-BD23-4B5C-9260-E2DF3999A0C7} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-14] (UCWeb Inc) <==== UWAGA
    Task: {557DEC44-4DA0-4FC0-B8FD-138135426FF6} - System32\Tasks\{81733B2D-DCFD-4D33-A350-815C5198E166} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Salthotbam\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Salthotbam\uninstall.dat" -a uninstallme 0A2D98E8-D6B7-4640-8095-A6FFDE3427EC DeviceId=f63da2ce-1661-c574-75f7-28aad2ebceb7 BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn
    Task: {5AC3405B-DEB5-4917-8E57-6B09EDF19DA6} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-14] (UCWeb Inc) <==== UWAGA
    Task: {6F8CB2C8-031D-4A4C-A6F9-407208A20E8A} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-23] (UC Web Inc.) <==== UWAGA
    Task: {80DFFE8D-AB9E-43FA-BB60-C7FBB24D1EE2} - System32\Tasks\Nimasy Engine => C:\Program Files (x86)\Divosh\plejither.exe [2017-02-20] (Glarysoft Ltd)
    Task: {C053A7D2-0778-414A-9800-6C7DF34C6840} - System32\Tasks\Plemerylsuward Update => C:\Program Files (x86)\Plowiseprunoght\pruherle.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/




    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...rom=che0812&uid=395049983_266034_0000DA42
    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\piwnica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-02-22 10:42 - 2017-02-22 03:18 - 00064184 _____ () C:\Program Files (x86)\Explorer\iedvutils.exe
    2017-02-16 18:45 - 2017-02-16 18:45 - 00306688 _____ () C:\Program Files (x86)\Cergerch Core\local64spl.dll
    2017-02-16 18:47 - 2017-02-14 12:19 - 00597208 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-02-22 10:25 - 2017-02-14 12:40 - 02148056 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.914\UCAgent.exe
    2017-02-22 10:42 - 2017-02-22 03:18 - 01759928 _____ () C:\Program Files (x86)\Explorer\iedvtoolex.dll
    2017-02-22 10:42 - 2017-02-22 03:18 - 02157752 _____ () C:\Program Files (x86)\Explorer\WINNSI.DLL
    2017-02-20 15:15 - 2017-02-17 07:20 - 00111104 _____ () c:\programdata\apple\apple application support\support.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1496610]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1221154]
    Hosts:
    () C:\Program Files (x86)\Explorer\iedvutils.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.914\UCAgent.exe
    HKLM\...\RunOnce: [OMEWPRODUCT_U4VBD] => C:\Users\piwnica\AppData\Local\Temp\lh3f8sNh3t0RbEnceLY8.exe [79872 2017-02-26] () <===== UWAGA
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [02443264-749e-44b3-b295-6acc266a9130] => "C:\Program Files\SPU8RYZ1WH\SPU8RYZ1W.exe"
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [8dd545a6-e954-437f-9be8-736e47eb75d0] => "C:\Program Files\LWIR3R7XGM\LWIR3R7XG.exe"
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [4f612d1c-5489-422d-8e2f-fa9179a78a25] => "C:\Users\piwnica\AppData\Local\Temp\Vz357JtWzL.exe" <===== UWAGA
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [bd5a908c-95d9-4ea6-aca9-a9eb54a7f81c] => "C:\Program Files\6C7W03WP34\6C7W03WP3.exe"
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [4b107952-210d-4756-bf84-fdc5249f991e] => "C:\Program Files\V5PMEET64P\XNVF5LF9T.exe"
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\...\Run: [5177f448-b616-4904-9fe1-01550791447c] => "C:\Program Files\Z3AQPS2YEO\Z3AQPS2YE.exe"
    HKLM\...\Providers\d6xr5dra: C:\Program Files (x86)\Cergerch Core\local64spl.dll [306688 2017-02-16] ()
    ShellExecuteHooks: Brak nazwy - {F7D806D2-F36A-11E6-806F-64006A5CFC23} - C:\Users\piwnica\AppData\Roaming\Fuweskiish\Hebuied.dll -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {4ED33EDA-F36B-11E6-AEE4-64006A5CFC23} - C:\Users\piwnica\AppData\Roaming\Jipelegernise\Plindomfenuph.dll -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {5AD340E8-F445-11E6-B566-64006A5CFC23} - C:\Program Files (x86)\Divosh\Reuqutain.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...CovH1FA1c5ulFu7hD_rfje-WA19j3fYBwn2WQw&q={searchTerms}
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-2908911856-1897210473-3400956769-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...rom=che0812&uid=395049983_266034_0000DA42
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-2908911856-1897210473-3400956769-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2908911856-1897210473-3400956769-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...0812&uid=395049983_266034_0000DA42&q={searchTerms}
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\2s18kA.dll => Brak pliku
    Toolbar: HKU\S-1-5-21-2908911856-1897210473-3400956769-1000 -> Brak nazwy - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Brak pliku
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Mozilla\Firefox\Profiles\oomjavyo.default\searchplugins\0z1eoxz1.xml [2017-02-16]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Mozilla\Firefox\Profiles\oomjavyo.default\searchplugins\d6xr5dra.xml [2017-02-16]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Mozilla\Firefox\Profiles\oomjavyo.default\searchplugins\jebnkuvk.xml [2017-02-20]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Mozilla\Firefox\Profiles\oomjavyo.default\searchplugins\startpageing123.xml [2017-02-22]
    FF Extension: (SimilarWeb) - C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-24] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-22] [Brak podpisu cyfrowego]
    FF Extension: (Polski Language Pack) - C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-02-22] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\searchplugins\0z1eoxz1.xml [2017-02-16]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\searchplugins\d6xr5dra.xml [2017-02-16]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\searchplugins\jebnkuvk.xml [2017-02-20]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\searchplugins\searchinme.xml [2017-02-22]
    FF SearchPlugin: C:\Users\piwnica\AppData\Roaming\Firefox\Firefox\Profiles\oomjavyo.default\searchplugins\startpageing123.xml [2017-02-22]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-16] [Brak podpisu cyfrowego]
    R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [Brak podpisu cyfrowego]
    R2 iedvutils; C:\Program Files (x86)\Explorer\iedvutils.exe [64184 2017-02-22] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [597208 2017-02-14] ()
    S2 gemeloki; C:\Program Files (x86)\a4f6c9ee-5c56-4001-842d-c4c9ab71ea301487267085\prota4f6c9ee-5c56-4001-842d-c4c9ab71ea30.tmpfs [X]
    S2 mypizibu; C:\Program Files (x86)\a4f6c9ee-5c56-4001-842d-c4c9ab71ea301487267085\knsBDF3.tmp [X]
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-02-26 19:36 - 2017-02-26 19:36 - 00002564 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-02-26 19:36 - 2017-02-26 19:36 - 00000296 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-26 18:43 - 2017-02-26 19:15 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-26 18:43 - 2017-02-26 19:15 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-02-26 17:30 - 2017-02-26 17:47 - 00004720 _____ C:\Program Files (x86)\metadata
    2017-02-26 17:19 - 2017-02-26 17:19 - 00000000 ____D C:\Users\piwnica\AppData\Roaming\Shukocult
    2017-02-26 17:19 - 2017-02-26 17:19 - 00000000 ____D C:\Users\piwnica\AppData\Roaming\Paceghvoqs
    2017-02-26 15:55 - 2017-02-26 15:55 - 00006060 _____ C:\Windows\System32\Tasks\Plemerylsuward Update
    2017-02-26 15:55 - 2017-02-26 15:55 - 00000000 ____D C:\Users\piwnica\AppData\Local\Lcogeqamuk
    2017-02-22 10:42 - 2017-02-26 19:32 - 00001031 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
    2017-02-22 10:42 - 2017-02-22 10:42 - 00000000 ____D C:\Program Files (x86)\Explorer
    2017-02-22 10:08 - 2017-02-22 10:08 - 00000000 ____D C:\Users\piwnica\AppData\Roaming\Firefox
    2017-02-22 10:08 - 2017-02-22 10:08 - 00000000 ____D C:\Users\piwnica\AppData\Local\Firefox
    2017-02-20 15:40 - 2017-02-26 19:08 - 00000000 ____D C:\Program Files (x86)\Divosh
    2017-02-20 15:40 - 2017-02-22 10:22 - 00000000 ____D C:\Users\piwnica\AppData\Local\Google
    2017-02-20 15:40 - 2017-02-20 15:40 - 00005966 _____ C:\Windows\System32\Tasks\Nimasy Engine
    2017-02-20 15:40 - 2017-02-20 15:40 - 00000000 ____D C:\Users\piwnica\AppData\Local\Standuck
    2017-02-20 15:40 - 2017-02-20 15:40 - 00000000 ____D C:\Users\piwnica\AppData\Local\Grusert
    2017-02-20 15:15 - 2017-02-26 19:32 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-02-20 15:15 - 2017-02-20 15:15 - 00000000 ____D C:\ProgramData\Apple
    2017-02-20 15:15 - 2017-02-20 15:15 - 00000000 ____D C:\Program Files (x86)\Standuck
    2017-02-16 19:25 - 2017-02-16 19:25 - 00003588 _____ C:\Windows\System32\Tasks\{81733B2D-DCFD-4D33-A350-815C5198E166}
    2017-02-16 19:21 - 2017-02-16 19:21 - 00419798 __RSH C:\TDSYW
    2017-02-16 19:03 - 2017-02-26 19:33 - 00000000 ____D C:\AdwCleaner
    2017-02-16 18:49 - 2017-02-16 18:49 - 00004248 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323539313338323634362d2355786c325a5b5734412d34
    2017-02-16 18:48 - 2017-02-26 19:36 - 00000460 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-16 18:48 - 2017-02-16 18:48 - 00003438 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-02-16 18:48 - 2017-02-16 18:48 - 00000000 ____D C:\Users\piwnica\AppData\Local\UCBrowser
    2017-02-16 18:48 - 2017-02-16 18:48 - 00000000 ____D C:\Users\piwnica\AppData\Local\Nox
    2017-02-16 18:47 - 2017-02-16 19:13 - 00000000 ____D C:\Users\piwnica\AppData\Roaming\Jipelegernise
    2017-02-16 18:47 - 2017-02-16 18:47 - 01938536 _____ C:\Users\piwnica\AppData\Roaming\Dam-Nix.bin
    2017-02-16 18:47 - 2017-02-16 18:47 - 01907571 _____ C:\Users\piwnica\AppData\Roaming\Tresdax.tst
    2017-02-16 18:47 - 2017-02-16 18:47 - 00005988 _____ C:\Windows\System32\Tasks\Dceried Host
    2017-02-16 18:47 - 2017-02-16 18:47 - 00000000 ____D C:\Users\piwnica\AppData\Local\Chromium
    2017-02-16 18:47 - 2017-02-16 18:47 - 00000000 ____D C:\Program Files (x86)\Dceried Host
    2017-02-16 18:47 - 2017-02-16 18:44 - 00982016 _____ C:\Users\piwnica\AppData\Roaming\Tresdax.exe
    2017-02-16 18:46 - 2017-02-22 10:41 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-16 18:46 - 2017-02-16 18:46 - 00278517 _____ C:\Users\piwnica\AppData\Roaming\Groovefind.bin
    2017-02-16 18:45 - 2017-02-26 19:08 - 00000000 ____D C:\Users\piwnica\AppData\Roaming\Fuweskiish
    2017-02-16 18:45 - 2017-02-16 18:45 - 01536777 _____ C:\Users\piwnica\Desktop\Windows.Loader.v2.2.2.DW.debil1324.rar
    2017-02-16 18:45 - 2017-02-16 18:45 - 00006028 _____ C:\Windows\System32\Tasks\Cergerch Core
    2017-02-16 18:45 - 2017-02-16 18:45 - 00000000 ____D C:\Users\piwnica\AppData\Local\Fagertain
    2017-02-16 18:45 - 2017-02-16 18:45 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-16 18:45 - 2017-02-16 18:45 - 00000000 ____D C:\Program Files (x86)\Cergerch Core
    2017-02-16 18:44 - 2017-02-16 18:44 - 00000000 ____D C:\Users\piwnica\AppData\Local\Ltishclufiied
    2017-02-26 17:53 - 2017-01-05 18:52 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-02-26 17:28 - 2017-01-05 18:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2017-02-26 17:21 - 2017-01-05 18:43 - 00000000 ____D C:\ProgramData\McAfee
    2017-01-31 14:00 - 2017-01-05 19:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2017-01-31 14:00 - 2017-01-05 18:43 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2017-02-26 17:30 - 2017-02-26 17:47 - 0004720 _____ () C:\Program Files (x86)\metadata
    2017-02-16 18:47 - 2017-02-16 18:47 - 1938536 _____ () C:\Users\piwnica\AppData\Roaming\Dam-Nix.bin
    2017-02-16 18:46 - 2017-02-16 18:46 - 0278517 _____ () C:\Users\piwnica\AppData\Roaming\Groovefind.bin
    2017-02-16 18:47 - 2017-02-16 18:44 - 0982016 _____ () C:\Users\piwnica\AppData\Roaming\Tresdax.exe
    2017-02-16 18:47 - 2017-02-16 18:47 - 1907571 _____ () C:\Users\piwnica\AppData\Roaming\Tresdax.tst
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0