RTC video PnP listener - prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 15 čer 2017 23:15



Tady tyto problémy se podařilo odstranit?

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 16 čer 2017 09:18

Myslel jsem , že si to smazal. Tak to uděláme teď.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\Program Files\Adobe\Acrobat\Reader\AcroRd32.exe Low
C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin\java.exe Low
C:\Program Files\Java\jre1.7.0\bin\java.exe Low
C:\Program Files\Java\jre6\bin\java.exe Low
C:\Program Files\Java\jre7\bin\java.exe Low

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 16 čer 2017 23:39

Omlovám se, chtěl jsem si stáhnout keygen na AV, protože mi skončila licence a omylem jsem si do systému nainstaloval hromadu virů. Toho nejhoršího jsem se asi zbavil. Pošlu sem logy v pořadí jak jsem prováděl čištění. :(

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 16 čer 2017 23:39

# AdwCleaner v6.046 - Logfile created 16/06/2017 at 20:46:43
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Adam2 - BBDRA2-3D0A5E7C
# Running from : C:\Documents and Settings\Adam2\Plocha\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\Adam2\Data aplikací\browsers
[-] Folder deleted: C:\Documents and Settings\Adam2\Data aplikací\SPI


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Amigo
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Hotspot
[-] Key deleted: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Speedownloader0099
[#] Key deleted on reboot: HKCU\Software\Amigo
[#] Key deleted on reboot: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[#] Key deleted on reboot: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\Hotspot
[#] Key deleted on reboot: HKCU\Software\Speedownloader0099
[-] Key deleted: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKLM\SOFTWARE\Speedownloader0099
[-] Data restored: HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [3997 Bytes] - [16/02/2017 20:08:23]
C:\AdwCleaner\AdwCleaner[C11].txt - [3862 Bytes] - [03/04/2017 21:22:59]
C:\AdwCleaner\AdwCleaner[C12].txt - [3851 Bytes] - [04/06/2017 13:43:41]
C:\AdwCleaner\AdwCleaner[C13].txt - [3879 Bytes] - [04/06/2017 19:56:30]
C:\AdwCleaner\AdwCleaner[C14].txt - [2841 Bytes] - [16/06/2017 20:46:43]
C:\AdwCleaner\AdwCleaner[C1].txt - [1086 Bytes] - [09/02/2016 10:21:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [1203 Bytes] - [06/08/2016 16:24:28]
C:\AdwCleaner\AdwCleaner[C5].txt - [3338 Bytes] - [05/11/2015 13:28:24]
C:\AdwCleaner\AdwCleaner[C6].txt - [2221 Bytes] - [12/11/2015 15:03:34]
C:\AdwCleaner\AdwCleaner[C7].txt - [1467 Bytes] - [25/11/2015 23:44:58]
C:\AdwCleaner\AdwCleaner[C8].txt - [2991 Bytes] - [27/10/2016 23:32:04]
C:\AdwCleaner\AdwCleaner[C9].txt - [3430 Bytes] - [27/10/2016 23:55:07]
C:\AdwCleaner\AdwCleaner[R0].txt - [1778 Bytes] - [02/05/2015 03:15:01]
C:\AdwCleaner\AdwCleaner[R11].txt - [1891 Bytes] - [06/12/2015 06:22:11]
C:\AdwCleaner\AdwCleaner[R1].txt - [4452 Bytes] - [26/07/2015 17:42:43]
C:\AdwCleaner\AdwCleaner[R2].txt - [4510 Bytes] - [26/07/2015 17:44:54]
C:\AdwCleaner\AdwCleaner[R3].txt - [1276 Bytes] - [26/07/2015 17:52:00]
C:\AdwCleaner\AdwCleaner[R4].txt - [1884 Bytes] - [11/10/2015 21:23:03]
C:\AdwCleaner\AdwCleaner[R5].txt - [1311 Bytes] - [24/10/2015 00:06:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [1856 Bytes] - [02/05/2015 03:15:28]
C:\AdwCleaner\AdwCleaner[S10].txt - [686 Bytes] - [25/11/2015 23:53:16]
C:\AdwCleaner\AdwCleaner[S11].txt - [685 Bytes] - [02/12/2015 19:11:14]
C:\AdwCleaner\AdwCleaner[S12].txt - [3279 Bytes] - [27/10/2016 23:05:51]
C:\AdwCleaner\AdwCleaner[S13].txt - [704 Bytes] - [20/12/2015 14:41:56]
C:\AdwCleaner\AdwCleaner[S14].txt - [704 Bytes] - [21/12/2015 20:16:17]
C:\AdwCleaner\AdwCleaner[S15].txt - [3353 Bytes] - [27/10/2016 23:12:14]
C:\AdwCleaner\AdwCleaner[S16].txt - [3125 Bytes] - [27/10/2016 23:31:54]
C:\AdwCleaner\AdwCleaner[S17].txt - [3540 Bytes] - [27/10/2016 23:54:57]
C:\AdwCleaner\AdwCleaner[S18].txt - [3378 Bytes] - [01/11/2016 17:20:38]
C:\AdwCleaner\AdwCleaner[S19].txt - [4041 Bytes] - [16/02/2017 20:07:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [7883 Bytes] - [26/07/2015 17:45:51]
C:\AdwCleaner\AdwCleaner[S20].txt - [3936 Bytes] - [03/04/2017 21:22:36]
C:\AdwCleaner\AdwCleaner[S21].txt - [3749 Bytes] - [09/05/2017 15:03:59]
C:\AdwCleaner\AdwCleaner[S22].txt - [3969 Bytes] - [04/06/2017 13:43:14]
C:\AdwCleaner\AdwCleaner[S23].txt - [3971 Bytes] - [04/06/2017 16:01:54]
C:\AdwCleaner\AdwCleaner[S24].txt - [4045 Bytes] - [04/06/2017 19:56:21]
C:\AdwCleaner\AdwCleaner[S25].txt - [5769 Bytes] - [16/06/2017 20:46:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [2039 Bytes] - [26/07/2015 17:52:25]
C:\AdwCleaner\AdwCleaner[S3].txt - [3026 Bytes] - [11/10/2015 21:23:48]
C:\AdwCleaner\AdwCleaner[S6].txt - [3104 Bytes] - [05/11/2015 13:27:02]
C:\AdwCleaner\AdwCleaner[S7].txt - [693 Bytes] - [05/11/2015 13:47:19]
C:\AdwCleaner\AdwCleaner[S8].txt - [2057 Bytes] - [12/11/2015 15:02:38]
C:\AdwCleaner\AdwCleaner[S9].txt - [1447 Bytes] - [25/11/2015 23:43:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C14].txt - [5701 Bytes] ##########

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 16 čer 2017 23:39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86
Ran by Adam2 (Administrator) on p  16.06.2017 at 20:59:29,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Program Files\comodo\geekbuddy (Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  16.06.2017 at 21:02:44,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 16 čer 2017 23:40

{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.10.3.0",
"x64": false,
"date": "Apr 3 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows XP (5.1.2600 Service Pack 3) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Administrator",
"user_admin": true,
"program_location": "C:\\Documents and Settings\\Adam2\\Plocha\\RogueKiller_old.exe",
"x64": false,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "06/16/2017 21:03:25",
"duration": 2087,
"switches": 0,
"debug": false,
"count": 6,
"show_legit_hooks": false,
"expert_mode": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": false
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": false
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 1884,
"path": "C:\\WINDOWS2\\system32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": "",
"is_64": false
},
{
"name": "csrss.exe",
"name_parent": "smss.exe",
"pid": 2024,
"path": "C:\\WINDOWS2\\system32\\csrss.exe",
"command_line": "",
"pid_parent": 1884,
"path_parent": "C:\\WINDOWS2\\system32\\smss.exe",
"is_64": false
},
{
"name": "winlogon.exe",
"name_parent": "smss.exe",
"pid": 252,
"path": "C:\\WINDOWS2\\system32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 1884,
"path_parent": "C:\\WINDOWS2\\system32\\smss.exe",
"is_64": false
},
{
"name": "services.exe",
"name_parent": "winlogon.exe",
"pid": 340,
"path": "C:\\WINDOWS2\\system32\\services.exe",
"command_line": "C:\\WINDOWS2\\system32\\services.exe",
"pid_parent": 252,
"path_parent": "C:\\WINDOWS2\\system32\\winlogon.exe",
"is_64": false
},
{
"name": "lsass.exe",
"name_parent": "winlogon.exe",
"pid": 352,
"path": "C:\\WINDOWS2\\system32\\lsass.exe",
"command_line": "C:\\WINDOWS2\\system32\\lsass.exe",
"pid_parent": 252,
"path_parent": "C:\\WINDOWS2\\system32\\winlogon.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 552,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 620,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1464,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\System32\\svchost.exe -k netsvcs",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1716,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 584,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "spoolsv.exe",
"name_parent": "services.exe",
"pid": 872,
"path": "C:\\WINDOWS2\\system32\\spoolsv.exe",
"command_line": "C:\\WINDOWS2\\system32\\spoolsv.exe",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 1000,
"path": "C:\\WINDOWS2\\explorer.exe",
"command_line": "",
"pid_parent": 912,
"path_parent": "",
"is_64": false
},
{
"name": "Skype.exe",
"name_parent": "Explorer.EXE",
"pid": 1636,
"path": "C:\\Program Files\\Skype\\Phone\\Skype.exe",
"command_line": "",
"pid_parent": 1000,
"path_parent": "C:\\WINDOWS2\\explorer.exe",
"is_64": false
},
{
"name": "CCleaner.exe",
"name_parent": "Explorer.EXE",
"pid": 1660,
"path": "C:\\Program Files\\CCleaner\\CCleaner.exe",
"command_line": "",
"pid_parent": 1000,
"path_parent": "C:\\WINDOWS2\\explorer.exe",
"is_64": false
},
{
"name": "ctfmon.exe",
"name_parent": "Explorer.EXE",
"pid": 1664,
"path": "C:\\WINDOWS2\\system32\\ctfmon.exe",
"command_line": "",
"pid_parent": 1000,
"path_parent": "C:\\WINDOWS2\\explorer.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 836,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "avp.exe",
"name_parent": "services.exe",
"pid": 908,
"path": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 17.0.0\\avp.exe",
"command_line": "\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 17.0.0\\avp.exe\" -r",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 928,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\system32\\svchost.exe -k netsvcs",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "LMIGuardianSvc.exe",
"name_parent": "services.exe",
"pid": 1752,
"path": "C:\\Program Files\\LogMeIn Hamachi\\LMIGuardianSvc.exe",
"command_line": "\"C:\\Program Files\\LogMeIn Hamachi\\LMIGuardianSvc.exe\"",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "mbamscheduler.exe",
"name_parent": "services.exe",
"pid": 2548,
"path": "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamscheduler.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamscheduler.exe\"",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "nlsvc.exe",
"name_parent": "services.exe",
"pid": 3508,
"path": "C:\\Program Files\\NetLimiter 3\\nlsvc.exe",
"command_line": "\"C:\\Program Files\\NetLimiter 3\\nlsvc.exe\"",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1276,
"path": "C:\\WINDOWS2\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS2\\system32\\svchost.exe -k imgsvc",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "wscntfy.exe",
"name_parent": "svchost.exe",
"pid": 312,
"path": "C:\\WINDOWS2\\system32\\wscntfy.exe",
"command_line": "",
"pid_parent": 1464,
"path_parent": "C:\\WINDOWS2\\system32\\svchost.exe",
"is_64": false
},
{
"name": "wmiprvse.exe",
"name_parent": "svchost.exe",
"pid": 328,
"path": "C:\\WINDOWS2\\system32\\wbem\\wmiprvse.exe",
"command_line": "",
"pid_parent": 552,
"path_parent": "C:\\WINDOWS2\\system32\\svchost.exe",
"is_64": false
},
{
"name": "unsecapp.exe",
"name_parent": "svchost.exe",
"pid": 1916,
"path": "C:\\WINDOWS2\\system32\\wbem\\unsecapp.exe",
"command_line": "",
"pid_parent": 552,
"path_parent": "C:\\WINDOWS2\\system32\\svchost.exe",
"is_64": false
},
{
"name": "alg.exe",
"name_parent": "services.exe",
"pid": 3124,
"path": "C:\\WINDOWS2\\system32\\alg.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "avpui.exe",
"name_parent": "avp.exe",
"pid": 3684,
"path": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 17.0.0\\avpui.exe",
"command_line": "",
"pid_parent": 908,
"path_parent": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 17.0.0\\avp.exe",
"is_64": false
},
{
"name": "ZAM.exe",
"name_parent": "services.exe",
"pid": 5872,
"path": "C:\\Program Files\\Zemana AntiMalware\\ZAM.exe",
"command_line": "\"C:\\Program Files\\Zemana AntiMalware\\ZAM.exe\" /service",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "WPFFontCache_v0400.exe",
"name_parent": "services.exe",
"pid": 4320,
"path": "C:\\WINDOWS2\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\WPFFontCache_v0400.exe",
"command_line": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "ksde.exe",
"name_parent": "services.exe",
"pid": 1688,
"path": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Secure Connection 1.0\\ksde.exe",
"command_line": "\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Secure Connection 1.0\\ksde.exe\" -r",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"is_64": false
},
{
"name": "ksdeui.exe",
"name_parent": "ksde.exe",
"pid": 2516,
"path": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Secure Connection 1.0\\ksdeui.exe",
"command_line": "",
"pid_parent": 1688,
"path_parent": "C:\\Program Files\\Kaspersky Lab\\Kaspersky Secure Connection 1.0\\ksde.exe",
"is_64": false
},
{
"name": "RogueKiller_old.exe",
"name_parent": "svchost.exe",
"pid": 5136,
"path": "C:\\Documents and Settings\\Adam2\\Plocha\\RogueKiller_old.exe",
"command_line": "\"C:\\Documents and Settings\\Adam2\\Plocha\\RogueKiller_old.exe\" ",
"pid_parent": 1464,
"path_parent": "C:\\WINDOWS2\\system32\\svchost.exe",
"is_64": false
}
]
},
"results": {
"processes": [
{
"scan_what": 1,
"scan_how": [
1,
2,
4
],
"vendors": [
"Adw.DNSUnlocker"
],
"name": "nlsvc.exe",
"name_parent": "services.exe",
"pid": 3508,
"path": "C:\\Program Files\\NetLimiter 3\\nlsvc.exe",
"command_line": "\"C:\\Program Files\\NetLimiter 3\\nlsvc.exe\"",
"window": "",
"pid_parent": 340,
"path_parent": "C:\\WINDOWS2\\system32\\services.exe",
"file_status": "[7]",
"file_md5": "4E4532BB1DE3CED4B50D338094F55993",
"file_exists": true,
"file_signed": true,
"file_signer": "Locktime Software s.r.o.",
"file_vtscore": 0,
"status_str": "SMAZÁNO [TermThr]",
"status_choice": 2,
"status_kill": 5,
"is_64": false
}
],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
6,
7,
8
],
"scan_how_trigger": 8,
"vendors": [
"Suspicious.Path",
"PUP.Amonetize"
],
"rule_name": "RUN",
"view": 256,
"value": "HVEHCCMEEY.exe",
"subkey": "",
"value_old_data": "C:\\Documents and Settings\\Adam2\\Local Settings\\Temp\\2c-b1139-6f3-016b1-3c4ee609f3554\\HVEHCCMEEY.exe m_5 L_1",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-329068152-1645522239-839522115-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[-]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Documents and Settings\\Adam2\\Local Settings\\Temp\\2c-b1139-6f3-016b1-3c4ee609f3554\\HVEHCCMEEY.exe",
"path_compressed": "%SystemDrive%\\Documents and Settings\\Adam2\\Local Settings\\Temp\\2c-b1139-6f3-016b1-3c4ee609f3554\\HVEHCCMEEY.exe",
"md5": "0AB635D5F18E8ABF092A1CD0B1565A7B",
"exists": true,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "VYMAZÁNO",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 1,
"scan_how": [
6,
7,
8
],
"scan_how_trigger": 8,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 256,
"value": "rnndzfkxtfo",
"subkey": "",
"value_old_data": "\"C:\\Documents and Settings\\Adam2\\Data aplikací\\cdnc0onampl\\v3lxv155tfw.exe\"",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-329068152-1645522239-839522115-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[-]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Documents and Settings\\Adam2\\Data aplikací\\cdnc0onampl\\v3lxv155tfw.exe",
"path_compressed": "%_Adam2_appdata%\\cdnc0onampl\\v3lxv155tfw.exe",
"md5": "B43F6F0B4FA5A3ED93FBC9C2C6AEB2FB",
"exists": true,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "VYMAZÁNO",
"status_choice": 2,
"status_removed": 5
}
],
"tasks": [],
"filesystem": [
{
"scan_what": 1,
"scan_how": [
1,
2,
7
],
"vendors": [
"Suspicious.Path"
],
"status_choice": 2,
"processed": [
{
"type": 3,
"name": "WshShell.vbs.lnk",
"path_expanded": "C:\\Documents and Settings\\Adam2\\Nabídka Start\\Programy\\Po spu?t?ní\\WshShell.vbs.lnk",
"path_compressed": "%SystemDrive%\\Documents and Settings\\Adam2\\Nabídka Start\\Programy\\Po spu?t?ní\\WshShell.vbs.lnk",
"extra": "",
"md5": "69761194E38867A1A7A47808C662373B",
"md5_low_level": "",
"forged": false,
"lnk_target": "C:\\DOCUME~1\\Adam2\\DATAAP~1\\WshShell\\WshShell.vbs",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "VYMAZÁNO",
"status_removed": 1
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": [
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "ZwOpenProcess",
"index": 122,
"detour_module": "C:\\WINDOWS2\\system32\\drivers\\zamguard32.sys",
"entrypoint": -1366871804,
"code_entrypoint": -1366871804,
"stack_trace": "",
"stack_hextrace": ""
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "ZwTerminateProcess",
"index": 257,
"detour_module": "C:\\WINDOWS2\\system32\\drivers\\zamguard32.sys",
"entrypoint": -1366871470,
"code_entrypoint": -1366871470,
"stack_trace": "",
"stack_hextrace": ""
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
}
]
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD20EARS-00S8B1 +++++\n--- User ---\n[MBR] a5ced8a48748cd199ba61954ef8dd124\n[BSP] 970b64111ddb8e108d85fbe7f7707fa1 : Windows XP MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14 | Size: 1907727 MB [Windows XP Bootstrap | Windows XP Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: SAMSUNG HD502HI +++++\n--- User ---\n[MBR] 98233269bb5a58b110f235d5cf8cd70e\n[BSP] 7d509d352da6a11935c6d5a6e6d43cad : Windows XP MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB[Invalid]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 16 čer 2017 23:40

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
http://www.malwarebytes.org

Database version:
main: v2017.05.08.08
rootkit: v2017.04.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: BBDRA2-3D0A5E7C [administrator]

16.6.2017 22:14:25
mbar-log-2017-06-16 (22-14-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 588557
Time elapsed: 53 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|86VHVVVFEPEMAMQ (Adware.Tuto4PC.Generic) -> Data: "C:\Program Files\CE6RP17YF5\N2JG597NW.exe" -> Delete on reboot. [d7e127ee9910e254825fb997a55ca35d]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\_isetup (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\0d-887a5-e74-18f82-9bc0182fb3ae6 (Adware.Tuto4PC.Generic) -> Delete on reboot. [a2168f8670392f073a296a45dd23a35d]
C:\Documents and Settings\Adam2\Local Settings\Temp\2c-b1139-6f3-016b1-3c4ee609f3554 (Adware.Tuto4PC.Generic) -> Delete on reboot. [8b2d55c0dbcec76f86ddd9d644bc0af6]
C:\Documents and Settings\Adam2\Local Settings\Temp\bf-43bac-2e9-bb7a4-705297baebff7 (Adware.Tuto4PC.Generic) -> Delete on reboot. [dfd9090c9e0bb0868bd8ffb0718f9a66]

Files Detected: 14
C:\Documents and Settings\Adam2\Local Settings\Temp\09PJ8ZK.exe (Adware.Tuto4PC) -> Delete on reboot. [dade40d529809c9a47d15349a95714ec]
C:\Documents and Settings\Adam2\Local Settings\Temp\2c-b1139-6f3-016b1-3c4ee609f3554\AJLVEPTBTT.exe (Adware.Amonetize) -> Delete on reboot. [2c8cd3423277ed49bed468b0c73a2dd3]
C:\Documents and Settings\Adam2\Local Settings\Temp\2c-b1139-6f3-016b1-3c4ee609f3554\HVEHCCMEEY.exe (Trojan.Agent.Generic) -> Delete on reboot. [6751ed28832688aeef214e5fb14f8a76]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\DataCol.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\DataCol.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\itdownload.dll (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\psvince.dll (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\is-DQP7M.tmp\_isetup\_shfoldr.dll (Adware.Tuto4PC.Generic) -> Delete on reboot. [4d6baa6b20891b1b913ddf58a25e2cd4]
C:\Documents and Settings\Adam2\Local Settings\Temp\0d-887a5-e74-18f82-9bc0182fb3ae6\RMYZKLVPIW.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [a2168f8670392f073a296a45dd23a35d]
C:\Documents and Settings\Adam2\Local Settings\Temp\0d-887a5-e74-18f82-9bc0182fb3ae6\RMYZKLVPIW.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [a2168f8670392f073a296a45dd23a35d]
C:\Documents and Settings\Adam2\Local Settings\Temp\2c-b1139-6f3-016b1-3c4ee609f3554\AJLVEPTBTT.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [8b2d55c0dbcec76f86ddd9d644bc0af6]
C:\Documents and Settings\Adam2\Local Settings\Temp\2c-b1139-6f3-016b1-3c4ee609f3554\HVEHCCMEEY.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [8b2d55c0dbcec76f86ddd9d644bc0af6]
C:\Documents and Settings\Adam2\Local Settings\Temp\bf-43bac-2e9-bb7a4-705297baebff7\XEXRZPMPCD.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [dfd9090c9e0bb0868bd8ffb0718f9a66]
C:\Documents and Settings\Adam2\Local Settings\Temp\bf-43bac-2e9-bb7a4-705297baebff7\XEXRZPMPCD.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [dfd9090c9e0bb0868bd8ffb0718f9a66]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 17 čer 2017 00:24

Zemana AntiMalware 2.74.2.4 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.6.17
Operating System : Windows XP 32-bit
Processor : 4X AMD Phenom(tm) II X4 965 Processor
BIOS Mode : Legacy
CUID : 1411D8038D943CE9720D4E
Scan Type : Skenování systému
Duration : 68m 55s
Scanned Objects : 365680
Detected Objects : 3
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : SKUPINA,0,2

Detected Objects
-------------------------------------------------------

Soubor hosts
Status : Skenováno
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : D4F7EB0654FFCFE3F0E11F122E8651DD
Publisher : -
Size : 934
Version : -
Detection : Změna v hosts souboru
Cleaning Action : Opravit
Related Objects :
Soubor hosts - Příliš mnoho prázdných řádek v Hosts souboru
Soubor - %systemroot%\system32\drivers\etc\hosts

EOCJX.exe
Status : Skenováno
Object : %programfiles%\odn3vuwkmfb\eocjx.exe
MD5 : 698D0571327A0C37FC364A59341A119B
Publisher : -
Size : 1040384
Version : 4.8.7.5
Detection : Trojan:Win32/Cognito.A!Eael
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\odn3vuwkmfb\eocjx.exe
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NZTXJBBH87LYX02 = "C:\Program Files\odn3vuwkmfb\EOCJX.exe"
Proces - 3956 - C:\Program Files\odn3vuwkmfb\EOCJX.exe

3KTL3Y7UKEJ2XNR.exe
Status : Skenováno
Object : %programfiles%\odn3vuwkmfb\3ktl3y7ukej2xnr.exe
MD5 : 2246E4523018A6617C00693C0F585360
Publisher : -
Size : 340480
Version : 4.8.7.5
Detection : Trojan:Win32/Cognito.A!Etkl
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\odn3vuwkmfb\3ktl3y7ukej2xnr.exe
Záznam registru - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\OMEWPRODUCT_YSB36 = "C:\Program Files\odn3vuwkmfb\3KTL3Y7UKEJ2XNR.exe"


Cleaning Result
-------------------------------------------------------
Cleaned : 3
Reported as safe : 0
Failed : 0

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 17 čer 2017 01:40

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 169.50066

Windows XP Service Pack 3 (Version 5.1, Build 2600, 32-bit Edition)
Internet Explorer 8.0.6001.18702
Administrator :: BBDRA2-3D0A5E7C

17.6.2017 0:29:04
9lab-log-2017-06-17 (00-29-04).txt

Scan type: Full
Objects scanned: 31045
Time Elapsed: 1 h 4 m

Registry Keys detected: 3
Adware.RPL.Gen.tv [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib]
Adware.RPL.Gen.dd [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}]
Adware.RPL.Gen.dd [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}]


Files detected: 101
[DCFDD3E0E4F019AA4BF6E9416E6269C7] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\background_plugin.js]
[5C5A9A735215B5D75A4DA55A065F436B] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\button_control.js]
[53FE18C274C32E5ED7E3A1033A81BD41] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\factory_settings.js]
[B17E5F07C87442ACBA5EF509A670D9D2] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\fakes.js]
[2E109085299524CC2D6447F123CCFDFA] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\injection_id_init.js]
[B82ADDA3D0D8785A12D1CC65A6566F8C] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\main.html]
[F3C256ED507B41BE72859D42280CA7D3] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\popup_control.js]
[85402F85014C90022CE637B655499B24] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\background\tabs.js]
[857F32287339314F3A97081FF2590A6B] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\common\defaults.js]
[0B87F26AECE14F78ED5D80C4B2322E39] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\common\tracing.js]
[357D907734061E3E25DFAFFB6C088C43] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\content\api_injection.js]
[2789EF7DBF05045391DF7E74EAAF06B0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\content\content_plugin.js]
[EE4E21CE00F41BE216C54E8BC5E1579B] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\content\fakes.js]
[7AC2EF0C114F3A0306092F9F8069F254] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\content\product_info.js]
[4944E8D6FFF2524B4B542E400123AD79] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\content\script_injection.js]
[C13185C34C7E2A043ABEFC0B22952F22] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\active_19.png]
[A075301958362016D24FB39C6D4E3718] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\active_38.png]
[7851FB1D878AEB9AF8C2A72BD4EA31FA] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\inactive_19.png]
[EE80F14D05BBDE9FA20D00F1CBC0D9A0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\inactive_38.png]
[58697D48815C3D78EE04BA060F1B30F2] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\warning_19.png]
[15CA3DF73C14C1F7159FC388A92EEDD4] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\button\warning_38.png]
[393FC9A6EFDDECB9053AF2374A56099A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\icon_128.png]
[53B81A3CE3466F27802B7767E9B2146E] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\icon_16.png]
[B8DB317A822818534C9C931CC85B8D43] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\icon_32.png]
[2D6E193A3214007DF80415A147A91822] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\icon_48.png]
[194288C92711C4EB603714781686B9C8] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\images\icon_64.png]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\locales_copy.target]
[4B675404304DFE43CDBC0696D555BA8D] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\manifest.json]
[790AF089887CA58F0061E4DB60828588] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\offline_popup.css]
[6B23662388884765CD42C7BB686E87CB] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\offline_popup.html]
[7126A077EA753374B002ACC0062B1FF2] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\popup.css]
[31ED2F72C1790038C31766DCBC24D54E] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\popup.html]
[86CFCBA3E1CC9C79D875D4539BFD9264] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\popup.js]
[21CD1A46BF039E260234123A519B0E1E] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\popup\popup_plugin.js]
[8FCF27753D709F983D009E0634442EEE] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\snapshot\script.light.js]
[E3F4D7C53DE106C56794586638BF214A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\snapshot\script.main.js]
[35B52FD47D8A94D1DD5A6ABDE2DFF5B4] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\snapshot\script.popup.js]
[A719A53C71287888EDDDA341E45DFDC5] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\ar\messages.json]
[A4D991834E56D036A2EC6309C6D0C68C] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\bg\messages.json]
[313727F96219447B468BEF249DA5A719] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\cs\messages.json]
[80D27A98E067930E90CFA6C17E0B2CE7] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\da\messages.json]
[EE2F5077C5150128C1D12A121290772A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\de\messages.json]
[B45212F15F0669AB9B1C99E48061147B] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\el\messages.json]
[356B2D2BC48CCB3B724C121A38B1EF69] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\en\messages.json]
[4C43D94FC3F45AA20C90AE43D9786255] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\es\messages.json]
[AA9FC72A1A2B6494A52AD8336B90EFFE] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\es-MX\messages.json]
[23FE775F49AD47BA493B452CB8048137] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\et\messages.json]
[7B2D1CE606263AEDCB2687E1EBB8FE75] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\fa\messages.json]
[4BE3DF35B88ABD3F82A1D8056578F0AD] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\fi\messages.json]
[9D8B6969EFB58C85D312879BF522ECA8] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\fr\messages.json]
[A020ABA8A4EBD21F00D8EAECE18F339A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\hu\messages.json]
[A6EC25F296A4C9DC27806854D1D4AA98] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\it\messages.json]
[49526BD2B1AFC08EA3C873561F12D88F] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\ja\messages.json]
[79E5165E2FF4FD344C15E77B72A49579] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\kk\messages.json]
[DDC4C8EEB9C5BC6C75E4B806CEE0EB9C] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\ko\messages.json]
[0D0B7F86E277A97246DE717F03DE55B8] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\lt\messages.json]
[F8F08F6B6206C8B36B6664D116F0B248] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\lv\messages.json]
[C0305CECDD846CF7BE406BB411F880E0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\mk\messages.json]
[893082C6B16044056462DD4AA2DF46E1] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\nb\messages.json]
[7CEBAB431B6E130DEA74CEC51FF1FEBF] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\nl\messages.json]
[72109FFE6DFFC1AB263F92274AC31CF0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\pl\messages.json]
[BB109F39B6F7C5A8E346B98D430783C0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\pt\messages.json]
[E32E7333AD638A52D3CAFECE1DA6D108] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\pt-BR\messages.json]
[20FA4D22DA33F2A99B1884DA53B931D4] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\ro\messages.json]
[1280EB0A531F86956326BF6C07E6FAC0] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\ru\messages.json]
[83ED05EF5E96B2C9237829BF5916DDEA] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\sr-Cyrl\messages.json]
[A2DF2B26515DF1401E79BFCF434A5F8C] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\sr-Latn\messages.json]
[E1B08AA9293F42AE196C2EF753B99D62] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\sv\messages.json]
[D9ED457DCFE40D63E33ADE462A670D04] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\tr\messages.json]
[54E814B62A50E3D40340C6592D5AB327] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\uk\messages.json]
[0B999DEC9FFEAC443814CBA9B67A860A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\vi\messages.json]
[81E6F64D92526A541468C7DAFFDA3688] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\zh-Hans\messages.json]
[CC047B84E612BB2D6B661CC38882234A] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_locales\zh-Hant\messages.json]
[AA2AB36C9C98F4EAD7A7F6B8D5C7CC09] Adware.FPL.Gen.tv [C:\Program Files\Comodo\Chromodo\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib\5.0.141.0_0\_metadata\verified_contents.json]
[70210A6EEB6670AE46DC6C89279150F1] Malware.PL.OxyPumper.dd [c:\windows2\tasks\Manager.job]
[FF65E300000EAA8C1B5BE988540C1469] PUP.Gen.vl!c [C:\DbzB7E2D\dpinst.exe]
[7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.cc [C:\Documents and Settings\1234\Plocha\utility\zoek\zoek.exe]
[7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.cc [C:\Documents and Settings\1234\Plocha\utility\zoek.exe]
[4C4354D7CB83FDAF4EAB2BB1016EDD81] Malware.Win32.Gen.CCC5.vb!ff [C:\Documents and Settings\Adam\Dokumenty\Downloads\directwavevst_install.exe]
[5213EA0748A109863B25374F21529B47] Adware.Win32.OpenCandy.dd!i [C:\Documents and Settings\Adam\Nabídka Start\Programy\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk]
[498A4FC8F7AF3AE396C1417742525A16] Malware.Win32.Gen.vb!s1 [C:\Documents and Settings\Adam\Plocha\složky\utlity\get sysinfo\Nová složka (2)\D3DWindower-English.exe]
[9557B81DADAF7DD98D7A6FC38D0499CA] Malware.Win32.Gen.vb!s8 [C:\Documents and Settings\Adam2\Dokumenty\Downloads\movtrial.exe]
[5E1013AC32F7DFE78B26542D7770F02A] Malware.Win32.Gen.sm!s5 [C:\Documents and Settings\Adam2\Dokumenty\Downloads\nový fm8\Native.Instruments.FM8.v1.4.1.Update.Incl.Patched.and.Keygen-R2R\R2R\NativeInstruments_Keygen.exe]
[A1D46A2E17A837B48D7BC613C69782C9] Malware.Win32.Gen.cc!s1 [C:\Documents and Settings\Adam2\Local Settings\Temp\WshShell.exe]
[3D4B53EB549585EE077617F61072C6E7] Hack.Win32.Gen.ad [C:\Documents and Settings\Adam2\Plocha\LEGO Worlds - kopie\????.exe]
[02A1651F97C59F4EC29E407A6DB5DE58] Malware.Win32.Gen.cc!s1 [C:\Documents and Settings\Adam2\Plocha\Rust-Revolution.cz Klient.exe]
[3EAE90B1A0BB0A9B96A054BFAD2FCB50] Malware.Win32.Gen.cld [C:\Documents and Settings\Adam\Plocha\složky\utlity\adwcleaner_5.023.exe]
[D3BE4AC211276300742F856CD4547777] Malware.Win32.Gen.cld [C:\Documents and Settings\Adam2\Dokumenty\Downloads\neurofun tut\Ohm Force Ohmicide Pro [CRACKED]\keygen.exe]
[131B21A48898A8027FA57224D7015B17] Malware.Win32.Gen.cld [C:\Documents and Settings\Adam2\Local Settings\Temp\Rar$EXa0.323\Universal-Keygen-Generator\Universal_KeyGen_Generator.exe]
[98312E3001D9785C02324E0D0041215B] Malware.Win32.Gen.cs0 [C:\Documents and Settings\Adam2\Plocha\rust\steamclient.dll]
[7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.cc [C:\Documents and Settings\Adam2\Plocha\zoek.exe]
[94C8CC6B4780E42924DC6EE59EA63C74] Virtool.Win32.Steam.vb!s1 [C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\ČeskejPařan.cz - RUST Client\ČeskejPařan.cz - RUST Client.lnk]
[7B8EB6A7F89A4B8211749DF2CCC2C652] Virtool.Win32.Steam.vb!s1 [C:\Documents and Settings\All Users.WINDOWS2\Plocha\ČeskejPařan.cz - RUST Client.lnk]
[66DCBEE3CD459A5E8C508E450FA6CFC1] Adware.Win32.OpenCandy.dd!i [C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe]
[D7822021031F04A4CA640F20D3F06A2C] Adware.Win32.OpenCandy.dd!i [C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe]
[8A080BA59A1002E983A857836E4DC497] Malware.Win32.Gen.9FAB.cc!ff [C:\Program Files\Retreive\Newtonsoft.Json.dll]
[AC3AF54D08529C24CA8A7CC08736CBC0] Virtool.Win32.Steam.vb!s1 [C:\Program Files\ČeskejPařan.cz - RUST Client\CeskejParanRUSTClient.exe]
[3410BF3A90908AF6B6BB9D376D8CC613] PUP.Win32.GameHack.FA5C.vb!ff [C:\Program Files\ČeskejPařan.cz - RUST Client\Steam.dll]
[37C61CDBD96FF6AA59FFDB2014E1FC65] Malware.Win32.Gen.vb [C:\Program Files\ČeskejPařan.cz - RUST Client\steam_api.dll]
[CC7AA7B42CF418FC3D926913490048F8] Malware.Win32.Gen.cs1 [C:\WINDOWS\zoek-delete.exe]
[CC7AA7B42CF418FC3D926913490048F8] Malware.Win32.Gen.cs1 [C:\WINDOWS2\zoek-delete.exe]

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 17 čer 2017 03:19

2017-06-04 21:53:59.406 Sophos Virus Removal Tool version 2.6.0
2017-06-04 21:53:59.406 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-04 21:53:59.406 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-04 21:53:59.406 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2017-06-04 21:53:59.406 Checking for updates...
2017-06-04 21:54:00.593 Update progress: proxy server not available
2017-06-04 21:54:03.265 Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd.com/update/2/9e/29 ... a00871.dat: WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd.net/update/2/9e/29 ... a00871.dat: WinHttpSendRequest 12029
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-06-04 21:54:22.343 Error initialising detection engine - virus data checksum error
2017-06-04 21:54:25.593 Error level 1

2017-06-04 21:54:32.859 Scan failed due to fatal error.
2017-06-04 21:54:32.859

------------------------------------------------------------

2017-06-04 21:54:34.812 Sophos Virus Removal Tool version 2.6.0
2017-06-04 21:54:34.812 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-04 21:54:34.812 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-04 21:54:34.812 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2017-06-04 21:54:34.812 Checking for updates...
2017-06-04 21:54:35.859 Update progress: proxy server not available
2017-06-04 21:54:45.015 Error initialising detection engine - virus data checksum error
2017-06-04 21:54:51.359 Downloading updates...
2017-06-04 21:54:51.359 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-06-04 21:54:51.359 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.359 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.359 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-06-04 21:54:51.359 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-06-04 21:54:51.359 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-06-04 21:54:51.375 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-06-04 21:54:51.375 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-04 21:54:51.531 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-06-04 21:54:51.531 Update progress: [I19463] Product download size 165113825 bytes
2017-06-04 21:55:49.953 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-06-04 21:55:49.953 Update progress: [I19463] Product download size 1784068 bytes
2017-06-04 21:55:57.218 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-06-04 21:55:57.218 Update progress: [I19463] Product download size 2265483 bytes
2017-06-04 21:56:07.390 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-06-04 21:56:07.390 Update progress: [I19463] Product download size 353040 bytes
2017-06-04 21:56:12.421 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-06-04 21:56:13.468 Installing updates...
2017-06-04 21:56:14.078 Error level 1
2017-06-04 21:57:43.984 Update successful
2017-06-04 21:58:20.468 Option all = no
2017-06-04 21:58:20.468 Option recurse = yes
2017-06-04 21:58:20.468 Option archive = no
2017-06-04 21:58:20.468 Option service = yes
2017-06-04 21:58:20.468 Option confirm = yes
2017-06-04 21:58:20.468 Option sxl = yes
2017-06-04 21:58:20.468 Option max-data-age = 35
2017-06-04 21:58:20.468 Option vdl-logging = yes
2017-06-04 21:58:20.578 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-06-04 21:58:20.578 Machine ID: 5f788f5f83d4461292853faca75187c0
2017-06-04 21:58:20.593 Component SVRTcli.exe version 2.6.0
2017-06-04 21:58:20.593 Component control.dll version 2.6.0
2017-06-04 21:58:20.593 Component SVRTservice.exe version 2.6.0
2017-06-04 21:58:20.593 Component engine\osdp.dll version 1.44.1.2285
2017-06-04 21:58:20.593 Component engine\veex.dll version 3.68.5.2285
2017-06-04 21:58:20.593 Component engine\savi.dll version 9.0.7.2285
2017-06-04 21:58:20.593 Component rkdisk.dll version 1.5.31.1
2017-06-04 21:58:20.593 Version info: Product version 2.6.0
2017-06-04 21:58:20.593 Version info: Detection engine 3.68.5
2017-06-04 21:58:20.593 Version info: Detection data 5.39
2017-06-04 21:58:20.593 Version info: Build date 2.5.2017
2017-06-04 21:58:20.593 Version info: Data files added 296
2017-06-04 21:58:20.593 Version info: Last successful update 4.6.2017 23:57:43

2017-06-05 01:19:50.250 Warning: rootkit scan failed to open device "\\?\Volume{551a1f7f-acc6-11e6-aa1f-806d6172696f}" (87)
2017-06-05 02:16:10.687 >>> Virus 'Mal/VMProtBad-A' found in file C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll
2017-06-05 02:16:10.750 >>> Virus 'Mal/VMProtBad-A' found in file HKCR\exefile\default
2017-06-05 02:44:20.125 Could not open LOGICAL:0003:00000000
2017-06-05 02:44:20.125 Could not open D:\
2017-06-05 02:47:33.421 Could not open LOGICAL:0005:00000000
2017-06-05 02:47:33.437 Could not open F:\
2017-06-05 02:47:33.703 The following items will be cleaned up:
2017-06-05 02:47:33.703 Mal/VMProtBad-A
2017-06-05 09:17:09.125 Threat 'Mal/VMProtBad-A' has been cleaned up.
2017-06-05 09:17:09.125 Registry value "HKCR\exefile\default" belongs to malware 'Mal/VMProtBad-A'.
2017-06-05 09:17:09.125 Registry value "HKCR\exefile\default" has been cleaned up.
2017-06-05 09:17:09.125 File "C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll" belongs to malware 'Mal/VMProtBad-A'.
2017-06-05 09:17:09.125 File "C:\System Volume Information\_restore{CD251913-093A-471D-BD79-C51A04E4C3ED}\RP179\A0197279.dll" has been cleaned up.
2017-06-05 09:17:09.125 Removal successful
2017-06-05 09:17:10.015 Error level 0

2017-06-05 09:18:31.796 Scan completed.
2017-06-05 09:18:31.796

------------------------------------------------------------

2017-06-16 23:44:08.796 Sophos Virus Removal Tool version 2.6.0
2017-06-16 23:44:08.796 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-16 23:44:08.796 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-16 23:44:08.796 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2017-06-16 23:44:08.796 Checking for updates...
2017-06-16 23:44:09.968 Update progress: proxy server not available
2017-06-16 23:45:18.484 Option all = no
2017-06-16 23:45:18.484 Option recurse = yes
2017-06-16 23:45:18.484 Option archive = no
2017-06-16 23:45:18.484 Option service = yes
2017-06-16 23:45:18.484 Option confirm = yes
2017-06-16 23:45:18.484 Option sxl = yes
2017-06-16 23:45:18.484 Option max-data-age = 35
2017-06-16 23:45:18.484 Option vdl-logging = yes
2017-06-16 23:45:18.531 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-06-16 23:45:18.531 Machine ID: 5f788f5f83d4461292853faca75187c0
2017-06-16 23:45:18.578 Component SVRTcli.exe version 2.6.0
2017-06-16 23:45:18.578 Component control.dll version 2.6.0
2017-06-16 23:45:18.578 Component SVRTservice.exe version 2.6.0
2017-06-16 23:45:18.578 Component engine\osdp.dll version 1.44.1.2285
2017-06-16 23:45:18.578 Component engine\veex.dll version 3.68.5.2285
2017-06-16 23:45:18.578 Component engine\savi.dll version 9.0.7.2285
2017-06-16 23:45:18.625 Component rkdisk.dll version 1.5.31.1
2017-06-16 23:45:18.625 Version info: Product version 2.6.0
2017-06-16 23:45:18.625 Version info: Detection engine 3.68.5
2017-06-16 23:45:18.625 Version info: Detection data 5.39
2017-06-16 23:45:18.625 Version info: Build date 2.5.2017
2017-06-16 23:45:18.625 Version info: Data files added 296
2017-06-16 23:45:18.625 Version info: Last successful update 4.6.2017 23:57:43
2017-06-16 23:45:44.281 Downloading updates...
2017-06-16 23:45:44.281 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-16 23:45:44.281 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-06-16 23:45:44.281 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-06-16 23:45:44.281 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-16 23:45:44.343 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-06-16 23:45:44.468 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-06-16 23:45:44.578 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-06-16 23:45:44.625 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-06-16 23:45:44.625 Update progress: [I19463] Product download size 826549 bytes
2017-06-16 23:45:48.046 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-06-16 23:45:48.218 Installing updates...
2017-06-16 23:45:49.640 Error level 1
2017-06-16 23:45:50.421 Update successful
2017-06-16 23:46:02.046 Option all = no
2017-06-16 23:46:02.046 Option recurse = yes
2017-06-16 23:46:02.046 Option archive = no
2017-06-16 23:46:02.046 Option service = yes
2017-06-16 23:46:02.046 Option confirm = yes
2017-06-16 23:46:02.046 Option sxl = yes
2017-06-16 23:46:02.046 Option max-data-age = 35
2017-06-16 23:46:02.046 Option vdl-logging = yes
2017-06-16 23:46:02.046 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-06-16 23:46:02.046 Machine ID: 5f788f5f83d4461292853faca75187c0
2017-06-16 23:46:02.046 Component SVRTcli.exe version 2.6.0
2017-06-16 23:46:02.046 Component control.dll version 2.6.0
2017-06-16 23:46:02.046 Component SVRTservice.exe version 2.6.0
2017-06-16 23:46:02.046 Component engine\osdp.dll version 1.44.1.2285
2017-06-16 23:46:02.062 Component engine\veex.dll version 3.68.5.2285
2017-06-16 23:46:02.062 Component engine\savi.dll version 9.0.7.2285
2017-06-16 23:46:02.062 Component rkdisk.dll version 1.5.31.1
2017-06-16 23:46:02.062 Version info: Product version 2.6.0
2017-06-16 23:46:02.062 Version info: Detection engine 3.68.5
2017-06-16 23:46:02.062 Version info: Detection data 5.39
2017-06-16 23:46:02.062 Version info: Build date 2.5.2017
2017-06-16 23:46:02.062 Version info: Data files added 348
2017-06-16 23:46:02.062 Version info: Last successful update 17.6.2017 1:45:50

2017-06-17 00:01:54.296 Warning: rootkit scan failed to open device "\\?\Volume{551a1f7f-acc6-11e6-aa1f-806d6172696f}" (87)
2017-06-17 00:18:51.171 >>> Virus 'Mal/Generic-S' found in file C:\Documents and Settings\Adam2\Local Settings\Temp\Setup (1).exe
2017-06-17 00:18:51.171 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-06-17 00:18:51.171 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-06-17 00:18:51.171 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2017-06-17 00:18:51.171 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2017-06-17 00:18:51.296 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-17 00:18:51.296 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2017-06-17 01:18:02.953 Could not open LOGICAL:0003:00000000
2017-06-17 01:18:02.968 Could not open D:\
2017-06-17 01:18:02.984 Could not open LOGICAL:0005:00000000
2017-06-17 01:18:03.000 Could not open F:\
2017-06-17 01:18:03.156 The following items will be cleaned up:
2017-06-17 01:18:03.156 Mal/Generic-S
2017-06-17 01:19:36.390 Threat 'Mal/Generic-S' has been cleaned up.
2017-06-17 01:19:36.390 File "C:\Documents and Settings\Adam2\Local Settings\Temp\Setup (1).exe" belongs to malware 'Mal/Generic-S'.
2017-06-17 01:19:36.390 File "C:\Documents and Settings\Adam2\Local Settings\Temp\Setup (1).exe" has been cleaned up.
2017-06-17 01:19:36.390 Removal successful
2017-06-17 01:19:37.234 Error level 0

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 17 čer 2017 03:29

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
File\Folder C:\Program Files\Adobe\Acrobat\Reader\AcroRd32.exe Low not found.
File\Folder C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin\java.exe Low not found.
File\Folder C:\Program Files\Java\jre1.7.0\bin\java.exe Low not found.
File\Folder C:\Program Files\Java\jre6\bin\java.exe Low not found.
File\Folder C:\Program Files\Java\jre7\bin\java.exe Low not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: 1234
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Adam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Adam2
->Temp folder emptied: 135724837 bytes
->Temporary Internet Files folder emptied: 131072 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 622 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BBDRA2-3D0A5E7C
->Temp folder emptied: 63611456 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOWS2

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: znk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 509173 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 191,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06172017_032306

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS2\temp\etilqs_M7WY6ZkPQz5Vhzm not found!
File\Folder C:\WINDOWS2\temp\etilqs_PF7dsoefJl5i9Vj not found!
C:\WINDOWS2\temp\Perflib_Perfdata_96c.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 17 čer 2017 10:52

Ono se to už smazalo.
Keygeny příště nestahovat!
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů