# AdwCleaner v5.013 - Logfile created 17/10/2015 at 12:49:43
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Folder Found : C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
***** [ Files ] *****
File Found : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
File Found : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
Data Found : HKU\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
***** [ Web browsers ] *****
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : dts.search.ask.com
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : istartsurf.com_
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : buenosearch.com
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.ask.com
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : istartsurf
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : istartsurf.com
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : chphlpgkkbolifaimnlloiipkdnihall
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2515 bytes] ##########
prosim o kontrolu logu
Re: prosim o kontrolu logu
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 17.10.2015
Čas skenování: 13:17
Protokol: aaaa.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.10.17.03
Databáze rootkitů: v2015.10.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: oem
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 311059
Uplynulý čas: 4 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.YahooVNM, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}, , [808776e2abe0b97d5089821fcf3436ca],
Hodnoty registru: 1
PUP.Optional.YahooVNM, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}|URL, http://search.yahoo.com/search?fr=vmn&t ... a-ch-rp&q={searchTerms}, , [808776e2abe0b97d5089821fcf3436ca]
Data registru: 1
PUP.Optional.MyStart, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0, Dobré: (www.google.com), Špatné: (http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0),,[43c4d0880685b77f6f9fc77e917317e9]
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
CrackTool.Agent.Steam, C:\Program Files (x86)\Pro Evolution Soccer 2016\steam_api.dll, , [25e28dcbb3d871c5b73fbec9867b9c64],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 17.10.2015
Čas skenování: 13:17
Protokol: aaaa.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.10.17.03
Databáze rootkitů: v2015.10.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: oem
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 311059
Uplynulý čas: 4 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.YahooVNM, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}, , [808776e2abe0b97d5089821fcf3436ca],
Hodnoty registru: 1
PUP.Optional.YahooVNM, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}|URL, http://search.yahoo.com/search?fr=vmn&t ... a-ch-rp&q={searchTerms}, , [808776e2abe0b97d5089821fcf3436ca]
Data registru: 1
PUP.Optional.MyStart, HKU\S-1-5-21-603891442-4050234234-2594919365-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0, Dobré: (www.google.com), Špatné: (http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0),,[43c4d0880685b77f6f9fc77e917317e9]
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
CrackTool.Agent.Steam, C:\Program Files (x86)\Pro Evolution Soccer 2016\steam_api.dll, , [25e28dcbb3d871c5b73fbec9867b9c64],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: prosim o kontrolu logu
tak mam vše podle toho jak jste napali a co ted?děkuji
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Udělej nový log z HJT dle mého návodu v podpisu.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: prosim o kontrolu logu
# AdwCleaner v5.013 - Logfile created 17/10/2015 at 15:28:32
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
[-] Folder Deleted : C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
***** [ Files ] *****
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Web browsers ] *****
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com_
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : buenosearch.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2362 bytes] ##########
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
[-] Folder Deleted : C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
***** [ Files ] *****
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Web browsers ] *****
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com_
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : buenosearch.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2362 bytes] ##########
Re: prosim o kontrolu logu
# AdwCleaner v5.013 - Logfile created 17/10/2015 at 15:28:32
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
[-] Folder Deleted : C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
***** [ Files ] *****
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Web browsers ] *****
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com_
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : buenosearch.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2362 bytes] ##########
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
[-] Folder Deleted : C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
***** [ Files ] *****
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Web browsers ] *****
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com_
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : buenosearch.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com
[-] [C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2362 bytes] ##########
Re: prosim o kontrolu logu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by oem on so 17.10.2015 at 15:36:31,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\oem\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage
Successfully deleted: [File] C:\Users\oem\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Successfully deleted: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Failed to delete: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bgjpfhpjcgdppjbgnpnjllokbmcdllig
blmojkbhnkkphngknkmgccmlenfaelkd
olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bgjpfhpjcgdppjbgnpnjllokbmcdllig,
blmojkbhnkkphngknkmgccmlenfaelkd,
olfeabkoenfaoljndfecamgilllcpiak
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 17.10.2015 at 15:39:30,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by oem on so 17.10.2015 at 15:36:31,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\oem\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage
Successfully deleted: [File] C:\Users\oem\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Successfully deleted: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Failed to delete: [Folder] C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bgjpfhpjcgdppjbgnpnjllokbmcdllig
blmojkbhnkkphngknkmgccmlenfaelkd
olfeabkoenfaoljndfecamgilllcpiak
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\oem\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bgjpfhpjcgdppjbgnpnjllokbmcdllig,
blmojkbhnkkphngknkmgccmlenfaelkd,
olfeabkoenfaoljndfecamgilllcpiak
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 17.10.2015 at 15:39:30,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: prosim o kontrolu logu
RogueKiller V10.11.0.0 (x64) [Oct 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : oem [Práva správce]
Started from : C:\Users\oem\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 10/17/2015 15:52:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 79 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x701e0 (jmp 0xffffffff88f71140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x703a0 (jmp 0xffffffff88f72650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x70380 (jmp 0xffffffff88f72610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x702c0 (jmp 0xffffffff88f72490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x70480 (jmp 0xffffffff88f71bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x703d0 (jmp 0xffffffff88f72760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x702d0 (jmp 0xffffffff88f72520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x70390 (jmp 0xffffffff88f72160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x703f0 (jmp 0xffffffff88f71510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x70300 (jmp 0xffffffff88f724b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x70360 (jmp 0xffffffff88f72750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x70490 (jmp 0xffffffff88f71bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x70440 (jmp 0xffffffff88f72990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x70340 (jmp 0xffffffff88f72020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x70310 (jmp 0xffffffff88f725f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x702a0 (jmp 0xffffffff88f71e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff88f71920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x70280 (jmp 0xffffffff88f71f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x70290 (jmp 0xffffffff88f71950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x70320 (jmp 0xffffffff88f71ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x70330 (jmp 0xffffffff88f71960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x703c0 (jmp 0xffffffff88f71f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x703e0 (jmp 0xffffffff88f72500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x70370 (jmp 0xffffffff88f719b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x70420 (jmp 0xffffffff88f71290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x70470 (jmp 0xffffffff88f72270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x70430 (jmp 0xffffffff88f71770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x70270 (jmp 0xffffffff88f70ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x702f0 (jmp 0xffffffff88f71a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x701d0 (jmp 0xffffffff88f71a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x77260300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x772603e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x77260440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x77260360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x77260370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x772603a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x772603d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x772603c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x772603b0 (jmp 0x162520|jmp 0xfffffffffffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x77260420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x772603f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x77260260 (jmp 0x161390|jmp 0xfffffffffffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x77260330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x77260490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x77260410 (jmp 0x161290|jmp 0xfffffffffffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x77260320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x772601e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x77260340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x77260240 (jmp 0x1619e0|jmp 0xfffffffffffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x77260290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x77260200 (jmp 0x161150|jmp 0xfffffffffffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x77260460 (jmp 0x162800|jmp 0xfffffffffffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x772601f0 (jmp 0x1610d0|jmp 0xfffffffffffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x77260350 (jmp 0x161a70|jmp 0xfffffffffffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x77260220 (jmp 0x1621e0|jmp 0xfffffffffffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x77260450 (jmp 0x1629f0|jmp 0xfffffffffffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x77260230 (jmp 0x161d50|jmp 0xfffffffffffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x77260250 (jmp 0x161390|jmp 0xfffffffffffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x77260310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x77260400 (jmp 0x161f50|jmp 0xfffffffffffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x77260390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x772602d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x77260470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x77260480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x772602f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x772602c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x772602a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x77260210 (jmp 0x161070|jmp 0xfffffffffffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x77260280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x772601d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x772602e0 (jmp 0x161fd0|jmp 0xfffffffffffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x77260430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x77260380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x772602b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ Aavm4h.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ashTask.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 77f9ea2da2ea0315794a676ed3efd245
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : oem [Práva správce]
Started from : C:\Users\oem\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 10/17/2015 15:52:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 79 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x701e0 (jmp 0xffffffff88f71140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x703a0 (jmp 0xffffffff88f72650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x70380 (jmp 0xffffffff88f72610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x702c0 (jmp 0xffffffff88f72490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x70480 (jmp 0xffffffff88f71bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x703d0 (jmp 0xffffffff88f72760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x702d0 (jmp 0xffffffff88f72520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x70390 (jmp 0xffffffff88f72160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x703f0 (jmp 0xffffffff88f71510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x70300 (jmp 0xffffffff88f724b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x70360 (jmp 0xffffffff88f72750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x70490 (jmp 0xffffffff88f71bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x70440 (jmp 0xffffffff88f72990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x70340 (jmp 0xffffffff88f72020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x70310 (jmp 0xffffffff88f725f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x702a0 (jmp 0xffffffff88f71e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff88f71920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x70280 (jmp 0xffffffff88f71f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x70290 (jmp 0xffffffff88f71950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x70320 (jmp 0xffffffff88f71ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x70330 (jmp 0xffffffff88f71960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x703c0 (jmp 0xffffffff88f71f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x703e0 (jmp 0xffffffff88f72500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x70370 (jmp 0xffffffff88f719b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x70420 (jmp 0xffffffff88f71290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x70470 (jmp 0xffffffff88f72270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x70430 (jmp 0xffffffff88f71770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x70270 (jmp 0xffffffff88f70ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x702f0 (jmp 0xffffffff88f71a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x701d0 (jmp 0xffffffff88f71a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x77260300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x772603e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x77260440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x77260360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x77260370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x772603a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x772603d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x772603c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x772603b0 (jmp 0x162520|jmp 0xfffffffffffffc49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x77260420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x772603f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x77260260 (jmp 0x161390|jmp 0xfffffffffffffd99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x77260330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x77260490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x77260410 (jmp 0x161290|jmp 0xfffffffffffffbe9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x77260320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x772601e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x77260340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x77260240 (jmp 0x1619e0|jmp 0xfffffffffffffdb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x77260290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x77260200 (jmp 0x161150|jmp 0xfffffffffffffdf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x77260460 (jmp 0x162800|jmp 0xfffffffffffffb99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x772601f0 (jmp 0x1610d0|jmp 0xfffffffffffffe09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x77260350 (jmp 0x161a70|jmp 0xfffffffffffffca9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x77260220 (jmp 0x1621e0|jmp 0xfffffffffffffdd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x77260450 (jmp 0x1629f0|jmp 0xfffffffffffffba9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x77260230 (jmp 0x161d50|jmp 0xfffffffffffffdc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x77260250 (jmp 0x161390|jmp 0xfffffffffffffda9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x77260310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x77260400 (jmp 0x161f50|jmp 0xfffffffffffffbf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x77260390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x772602d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x77260470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x77260480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x772602f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x772602c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x772602a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x77260210 (jmp 0x161070|jmp 0xfffffffffffffde9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x77260280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x772601d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x772602e0 (jmp 0x161fd0|jmp 0xfffffffffffffd19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x77260430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x77260380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x772602b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ Aavm4h.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ashTask.dll) kernel32!CreateNamedPipeW : Unknown @ 0x520010
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 77f9ea2da2ea0315794a676ed3efd245
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Re: prosim o kontrolu logu
tak udělal jsem vše jak jsem měl,co ted?děkuji
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu
RogueKiller V10.11.0.0 (x64) [Oct 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : oem [Práva správce]
Started from : C:\Users\oem\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 10/18/2015 12:01:28
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f201e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f203a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f20380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f202c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f20480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f203d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f202d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f20390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f203f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f20300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f20360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f20490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f20440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f20340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f20310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f202a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f202b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f20280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f20290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f20320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f20330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f203c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f203e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f20370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f20420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f20470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f20430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f20270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f202f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f201d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 77f9ea2da2ea0315794a676ed3efd245
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : oem [Práva správce]
Started from : C:\Users\oem\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 10/18/2015 12:01:28
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D415A920-D129-456E-8A9F-696410C4B23C} | NameServer : 62.129.50.20,85.135.32.100 ([-][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-603891442-4050234234-2594919365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x76f201e0 (jmp 0x161140|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x76f203a0 (jmp 0x162650|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x76f20380 (jmp 0x162610|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x76f202c0 (jmp 0x162490|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x76f20480 (jmp 0x161bf0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x76f203d0 (jmp 0x162760|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x76f202d0 (jmp 0x162520|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x76f20390 (jmp 0x162160|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x76f203f0 (jmp 0x161510|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x76f20300 (jmp 0x1624b0|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x76f20360 (jmp 0x162750|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x76f20490 (jmp 0x161bf0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x76f20440 (jmp 0x162990|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x76f20340 (jmp 0x162020|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x76f20310 (jmp 0x1625f0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x76f202a0 (jmp 0x161e90|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x76f202b0 (jmp 0x161920|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x76f20280 (jmp 0x161f00|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x76f20290 (jmp 0x161950|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x76f20320 (jmp 0x161ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x76f20330 (jmp 0x161960|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x76f203c0 (jmp 0x161f90|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x76f203e0 (jmp 0x162500|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x76f20370 (jmp 0x1619b0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x76f20420 (jmp 0x161290|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x76f20470 (jmp 0x162270|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x76f20430 (jmp 0x161770|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x76f20270 (jmp 0x160ff0|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x76f202f0 (jmp 0x161a20|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x76f201d0 (jmp 0x161a30|jmp 0xfffffffffffffe29|jmp 0x19b)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 77f9ea2da2ea0315794a676ed3efd245
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Ještě Zoek a HJT.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 71 hostů