prosím o kontrolu logu Fista33

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Fista33
nováček
Příspěvky: 1
Registrován: březen 13
Pohlaví: Muž
Stav:
Offline

prosím o kontrolu logu Fista33

Příspěvekod Fista33 » 26 bře 2013 13:15

Zdravím všechny IT profíky. Nejsem si jistý svým počítačem, proto bych rád od Vás nechal zkontrolovat log. Děkuji


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:23, on 26.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Users\Dorotka\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.207.17.146:8080
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7745A7F-3998-40E0-AA39-4C9D555A99EE}: NameServer = 93.153.117.33 93.153.117.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5117 bytes

Reklama
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Žbeky » 26 bře 2013 17:55

Proxy 85.207.17.146:8080 znáš?

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fista333
nováček
Příspěvky: 23
Registrován: březen 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Fista333 » 28 bře 2013 14:09

musel jsem si zalozit novej nick protoze heslo jsem zapomel. Tak mam tady ten log a i kdyz jsem amater tak odhadnu i ja ze je to spatne

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.03.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dorotka :: Honzik [administrátor]

28.3.2013 13:51:34
MBAM-log-2013-03-28 (13-58-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 228271
Uplynulý čas: 4 minut, 41 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Users\Dorotka\Desktop\Aktivátor windows.eXe (Hacktool.ChewWGA) -> Nebyla provedena žádná instrukce.
C:\Users\Dorotka\Desktop\KeyloggerUpdate1.0.exe (PUP.Keylogger) -> Nebyla provedena žádná instrukce.

(konec)

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Žbeky » 28 bře 2013 17:42

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si RogueKiller
32bit:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a WIN7 spusť program jako správce, u XP poklepáním.
- Počkej až skončí Prescan.
- Zkontroluj, zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

- Potom klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“ - celý obsah logu sem zkopíruj.
Pokud je program blokován, zkus ho spustit několikrát. Pokud dále program nepůjde spustit, přejmenuj ho na winlogon.exe.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Fista333
nováček
Příspěvky: 23
Registrován: březen 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Fista333 » 17 dub 2013 13:45

omlouvám se za pozdní reakci. Jenom pro informaci proxy znám a je to moje nastavení, ale ty DNS záznamy co ukázal Rogue Killer, tak ty neznám.

Kopíruju:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dorotka :: Honzik [administrátor]

17.4.2013 13:21:43
mbam-log-2013-04-17 (13-21-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 230450
Uplynulý čas: 4 minut, 28 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)




TDSS Killer:

13:28:06.0037 2620 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:28:06.0115 2620 ============================================================
13:28:06.0115 2620 Current date / time: 2013/04/17 13:28:06.0115
13:28:06.0115 2620 SystemInfo:
13:28:06.0115 2620
13:28:06.0115 2620 OS Version: 6.1.7601 ServicePack: 1.0
13:28:06.0115 2620 Product type: Workstation
13:28:06.0115 2620 ComputerName: Honzik
13:28:06.0115 2620 UserName: Dorotka
13:28:06.0115 2620 Windows directory: C:\Windows
13:28:06.0115 2620 System windows directory: C:\Windows
13:28:06.0115 2620 Running under WOW64
13:28:06.0115 2620 Processor architecture: Intel x64
13:28:06.0115 2620 Number of processors: 2
13:28:06.0115 2620 Page size: 0x1000
13:28:06.0115 2620 Boot type: Normal boot
13:28:06.0115 2620 ============================================================
13:28:09.0110 2620 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:28:09.0157 2620 ============================================================
13:28:09.0157 2620 \Device\Harddisk0\DR0:
13:28:09.0157 2620 MBR partitions:
13:28:09.0157 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1D4A800
13:28:09.0157 2620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4B000, BlocksNum 0x12A18C39
13:28:09.0188 2620 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14763C78, BlocksNum 0x10CC9A49
13:28:09.0188 2620 ============================================================
13:28:09.0391 2620 D: <-> \Device\Harddisk0\DR0\Partition3
13:28:09.0391 2620 ============================================================
13:28:09.0391 2620 Initialize success
13:28:09.0391 2620 ============================================================
13:28:17.0113 3004 ============================================================
13:28:17.0113 3004 Scan started
13:28:17.0113 3004 Mode: Manual;
13:28:17.0113 3004 ============================================================
13:28:17.0363 3004 ================ Scan system memory ========================
13:28:17.0363 3004 System memory - ok
13:28:17.0363 3004 ================ Scan services =============================
13:28:17.0534 3004 1394ohci - ok
13:28:17.0612 3004 ACPI - ok
13:28:17.0644 3004 AcpiPmi - ok
13:28:17.0753 3004 AdobeARMservice - ok
13:28:17.0784 3004 AdobeFlashPlayerUpdateSvc - ok
13:28:17.0800 3004 adp94xx - ok
13:28:17.0815 3004 adpahci - ok
13:28:17.0815 3004 adpu320 - ok
13:28:17.0846 3004 AeLookupSvc - ok
13:28:17.0909 3004 AFD - ok
13:28:17.0924 3004 agp440 - ok
13:28:17.0924 3004 ALG - ok
13:28:17.0924 3004 aliide - ok
13:28:17.0940 3004 amdide - ok
13:28:17.0940 3004 AmdK8 - ok
13:28:17.0956 3004 AmdPPM - ok
13:28:17.0956 3004 amdsata - ok
13:28:17.0971 3004 amdsbs - ok
13:28:17.0971 3004 amdxata - ok
13:28:17.0987 3004 AppID - ok
13:28:17.0987 3004 AppIDSvc - ok
13:28:17.0987 3004 Appinfo - ok
13:28:18.0002 3004 AppMgmt - ok
13:28:18.0002 3004 arc - ok
13:28:18.0018 3004 arcsas - ok
13:28:18.0174 3004 ASPI - ok
13:28:18.0190 3004 aspnet_state - ok
13:28:18.0221 3004 aswFsBlk - ok
13:28:18.0283 3004 aswMonFlt - ok
13:28:18.0299 3004 aswRdr - ok
13:28:18.0377 3004 aswRvrt - ok
13:28:18.0408 3004 aswSnx - ok
13:28:18.0408 3004 aswSP - ok
13:28:18.0455 3004 aswTdi - ok
13:28:18.0486 3004 aswVmm - ok
13:28:18.0533 3004 AsyncMac - ok
13:28:18.0533 3004 atapi - ok
13:28:18.0564 3004 athr - ok
13:28:18.0564 3004 AudioEndpointBuilder - ok
13:28:18.0580 3004 AudioSrv - ok
13:28:18.0580 3004 avast! Antivirus - ok
13:28:18.0595 3004 AxInstSV - ok
13:28:18.0595 3004 b06bdrv - ok
13:28:18.0611 3004 b57nd60a - ok
13:28:18.0626 3004 BDESVC - ok
13:28:18.0704 3004 Beep - ok
13:28:18.0704 3004 BFE - ok
13:28:18.0751 3004 BITS - ok
13:28:18.0814 3004 blbdrive - ok
13:28:18.0892 3004 bowser - ok
13:28:18.0938 3004 bpenum - ok
13:28:18.0954 3004 BrFiltLo - ok
13:28:18.0954 3004 BrFiltUp - ok
13:28:18.0970 3004 Browser - ok
13:28:18.0970 3004 Brserid - ok
13:28:18.0970 3004 BrSerWdm - ok
13:28:18.0985 3004 BrUsbMdm - ok
13:28:18.0985 3004 BrUsbSer - ok
13:28:19.0001 3004 BTHMODEM - ok
13:28:19.0016 3004 bthserv - ok
13:28:19.0110 3004 cdfs - ok
13:28:19.0126 3004 cdrom - ok
13:28:19.0126 3004 CertPropSvc - ok
13:28:19.0141 3004 circlass - ok
13:28:19.0235 3004 CLFS - ok
13:28:19.0266 3004 clr_optimization_v2.0.50727_32 - ok
13:28:19.0313 3004 clr_optimization_v2.0.50727_64 - ok
13:28:19.0453 3004 clr_optimization_v4.0.30319_32 - ok
13:28:19.0484 3004 clr_optimization_v4.0.30319_64 - ok
13:28:19.0562 3004 CmBatt - ok
13:28:19.0609 3004 cmdide - ok
13:28:19.0609 3004 CNG - ok
13:28:19.0656 3004 Compbatt - ok
13:28:19.0672 3004 CompositeBus - ok
13:28:19.0687 3004 COMSysApp - ok
13:28:19.0765 3004 cpuz135 - ok
13:28:19.0781 3004 crcdisk - ok
13:28:19.0781 3004 CryptSvc - ok
13:28:19.0859 3004 CSC - ok
13:28:19.0906 3004 CscService - ok
13:28:19.0921 3004 DcomLaunch - ok
13:28:19.0921 3004 defragsvc - ok
13:28:20.0046 3004 DfsC - ok
13:28:20.0062 3004 Dhcp - ok
13:28:20.0093 3004 discache - ok
13:28:20.0108 3004 Disk - ok
13:28:20.0108 3004 Dnscache - ok
13:28:20.0124 3004 dot3svc - ok
13:28:20.0124 3004 DPS - ok
13:28:20.0218 3004 drmkaud - ok
13:28:20.0264 3004 dtsoftbus01 - ok
13:28:20.0280 3004 DXGKrnl - ok
13:28:20.0280 3004 EapHost - ok
13:28:20.0296 3004 ebdrv - ok
13:28:20.0296 3004 EFS - ok
13:28:20.0311 3004 ehRecvr - ok
13:28:20.0342 3004 ehSched - ok
13:28:20.0358 3004 elxstor - ok
13:28:20.0358 3004 ErrDev - ok
13:28:20.0389 3004 EventSystem - ok
13:28:20.0514 3004 ew_hwusbdev - ok
13:28:20.0592 3004 ew_usbenumfilter - ok
13:28:20.0592 3004 exfat - ok
13:28:20.0608 3004 fastfat - ok
13:28:20.0623 3004 Fax - ok
13:28:20.0623 3004 fdc - ok
13:28:20.0639 3004 fdPHost - ok
13:28:20.0639 3004 FDResPub - ok
13:28:20.0670 3004 FileInfo - ok
13:28:20.0686 3004 Filetrace - ok
13:28:20.0686 3004 flpydisk - ok
13:28:20.0701 3004 FltMgr - ok
13:28:20.0701 3004 FontCache - ok
13:28:20.0717 3004 FontCache3.0.0.0 - ok
13:28:20.0810 3004 FreshIO - ok
13:28:20.0826 3004 FsDepends - ok
13:28:20.0857 3004 Fs_Rec - ok
13:28:20.0888 3004 fvevol - ok
13:28:20.0904 3004 gagp30kx - ok
13:28:20.0920 3004 gpsvc - ok
13:28:20.0982 3004 gupdate - ok
13:28:20.0998 3004 gupdatem - ok
13:28:20.0998 3004 hcw85cir - ok
13:28:21.0029 3004 HdAudAddService - ok
13:28:21.0029 3004 HDAudBus - ok
13:28:21.0044 3004 HidBatt - ok
13:28:21.0044 3004 HidBth - ok
13:28:21.0060 3004 HidIr - ok
13:28:21.0060 3004 hidserv - ok
13:28:21.0060 3004 HidUsb - ok
13:28:21.0076 3004 hkmsvc - ok
13:28:21.0076 3004 HomeGroupListener - ok
13:28:21.0091 3004 HomeGroupProvider - ok
13:28:21.0091 3004 HpSAMD - ok
13:28:21.0091 3004 HTTP - ok
13:28:21.0185 3004 huawei_cdcacm - ok
13:28:21.0200 3004 huawei_enumerator - ok
13:28:21.0263 3004 huawei_ext_ctrl - ok
13:28:21.0325 3004 huawei_wwanecm - ok
13:28:21.0388 3004 hwpolicy - ok
13:28:21.0434 3004 i8042prt - ok
13:28:21.0481 3004 iaStorV - ok
13:28:21.0481 3004 idsvc - ok
13:28:21.0528 3004 igfx - ok
13:28:21.0528 3004 iirsp - ok
13:28:21.0544 3004 IKEEXT - ok
13:28:21.0544 3004 intelide - ok
13:28:21.0606 3004 intelppm - ok
13:28:21.0606 3004 IPBusEnum - ok
13:28:21.0622 3004 IpFilterDriver - ok
13:28:21.0622 3004 iphlpsvc - ok
13:28:21.0637 3004 IPMIDRV - ok
13:28:21.0637 3004 IPNAT - ok
13:28:21.0637 3004 IRENUM - ok
13:28:21.0653 3004 isapnp - ok
13:28:21.0653 3004 iScsiPrt - ok
13:28:21.0684 3004 kbdclass - ok
13:28:21.0684 3004 kbdhid - ok
13:28:21.0700 3004 KeyIso - ok
13:28:21.0746 3004 KSecDD - ok
13:28:21.0762 3004 KSecPkg - ok
13:28:21.0778 3004 ksthunk - ok
13:28:21.0778 3004 KtmRm - ok
13:28:21.0902 3004 kvpndev - ok
13:28:21.0918 3004 L1E - ok
13:28:21.0949 3004 LanmanServer - ok
13:28:21.0949 3004 LanmanWorkstation - ok
13:28:21.0996 3004 lltdio - ok
13:28:22.0012 3004 lltdsvc - ok
13:28:22.0012 3004 lmhosts - ok
13:28:22.0027 3004 LSI_FC - ok
13:28:22.0027 3004 LSI_SAS - ok
13:28:22.0043 3004 LSI_SAS2 - ok
13:28:22.0043 3004 LSI_SCSI - ok
13:28:22.0058 3004 luafv - ok
13:28:22.0183 3004 MbnExt - ok
13:28:22.0199 3004 Mcx2Svc - ok
13:28:22.0199 3004 megasas - ok
13:28:22.0199 3004 MegaSR - ok
13:28:22.0214 3004 MMCSS - ok
13:28:22.0214 3004 Modem - ok
13:28:22.0230 3004 monitor - ok
13:28:22.0261 3004 mouclass - ok
13:28:22.0277 3004 mouhid - ok
13:28:22.0292 3004 mountmgr - ok
13:28:22.0308 3004 mpio - ok
13:28:22.0324 3004 mpsdrv - ok
13:28:22.0339 3004 MpsSvc - ok
13:28:22.0339 3004 MRxDAV - ok
13:28:22.0386 3004 mrxsmb - ok
13:28:22.0417 3004 mrxsmb10 - ok
13:28:22.0480 3004 mrxsmb20 - ok
13:28:22.0480 3004 msahci - ok
13:28:22.0495 3004 msdsm - ok
13:28:22.0511 3004 MSDTC - ok
13:28:22.0526 3004 Msfs - ok
13:28:22.0542 3004 mshidkmdf - ok
13:28:22.0542 3004 msisadrv - ok
13:28:22.0542 3004 MSiSCSI - ok
13:28:22.0558 3004 msiserver - ok
13:28:22.0558 3004 MSKSSRV - ok
13:28:22.0573 3004 MSPCLOCK - ok
13:28:22.0573 3004 MSPQM - ok
13:28:22.0589 3004 MsRPC - ok
13:28:22.0636 3004 mssmbios - ok
13:28:22.0667 3004 MSTEE - ok
13:28:22.0667 3004 MTConfig - ok
13:28:22.0714 3004 MTsensor - ok
13:28:22.0729 3004 Mup - ok
13:28:22.0729 3004 napagent - ok
13:28:22.0745 3004 NativeWifiP - ok
13:28:22.0745 3004 NDIS - ok
13:28:22.0760 3004 NdisCap - ok
13:28:22.0760 3004 NdisTapi - ok
13:28:22.0776 3004 Ndisuio - ok
13:28:22.0792 3004 NdisWan - ok
13:28:22.0838 3004 NDProxy - ok
13:28:22.0838 3004 NetBIOS - ok
13:28:22.0885 3004 NetBT - ok
13:28:22.0885 3004 Netlogon - ok
13:28:22.0901 3004 Netman - ok
13:28:22.0979 3004 NetMsmqActivator - ok
13:28:23.0010 3004 NetPipeActivator - ok
13:28:23.0041 3004 netprofm - ok
13:28:23.0072 3004 NetTcpActivator - ok
13:28:23.0104 3004 NetTcpPortSharing - ok
13:28:23.0104 3004 nfrd960 - ok
13:28:23.0119 3004 NlaSvc - ok
13:28:23.0166 3004 NPF - ok
13:28:23.0197 3004 Npfs - ok
13:28:23.0197 3004 nsi - ok
13:28:23.0228 3004 nsiproxy - ok
13:28:23.0244 3004 Ntfs - ok
13:28:23.0291 3004 Null - ok
13:28:23.0291 3004 nvraid - ok
13:28:23.0291 3004 nvstor - ok
13:28:23.0306 3004 nv_agp - ok
13:28:23.0338 3004 odserv - ok
13:28:23.0353 3004 ohci1394 - ok
13:28:23.0400 3004 ose - ok
13:28:23.0400 3004 p2pimsvc - ok
13:28:23.0416 3004 p2psvc - ok
13:28:23.0416 3004 Parport - ok
13:28:23.0431 3004 partmgr - ok
13:28:23.0431 3004 PcaSvc - ok
13:28:23.0462 3004 pci - ok
13:28:23.0462 3004 pciide - ok
13:28:23.0478 3004 pcmcia - ok
13:28:23.0478 3004 pcw - ok
13:28:23.0494 3004 PEAUTH - ok
13:28:23.0509 3004 PeerDistSvc - ok
13:28:23.0509 3004 PerfHost - ok
13:28:23.0525 3004 pla - ok
13:28:23.0540 3004 PlugPlay - ok
13:28:23.0540 3004 PNRPAutoReg - ok
13:28:23.0540 3004 PNRPsvc - ok
13:28:23.0556 3004 PolicyAgent - ok
13:28:23.0572 3004 Power - ok
13:28:23.0572 3004 PptpMiniport - ok
13:28:23.0587 3004 Processor - ok
13:28:23.0587 3004 ProfSvc - ok
13:28:23.0587 3004 ProtectedStorage - ok
13:28:23.0603 3004 Psched - ok
13:28:23.0603 3004 PSSDK42 - ok
13:28:23.0618 3004 ql2300 - ok
13:28:23.0618 3004 ql40xx - ok
13:28:23.0634 3004 QWAVE - ok
13:28:23.0634 3004 QWAVEdrv - ok
13:28:23.0696 3004 RapiMgr - ok
13:28:23.0712 3004 RasAcd - ok
13:28:23.0712 3004 RasAgileVpn - ok
13:28:23.0728 3004 RasAuto - ok
13:28:23.0728 3004 Rasl2tp - ok
13:28:23.0743 3004 RasMan - ok
13:28:23.0743 3004 RasPppoe - ok
13:28:23.0743 3004 RasSstp - ok
13:28:23.0774 3004 rdbss - ok
13:28:23.0774 3004 rdpbus - ok
13:28:23.0790 3004 RDPCDD - ok
13:28:23.0790 3004 RDPDR - ok
13:28:23.0806 3004 RDPENCDD - ok
13:28:23.0806 3004 RDPREFMP - ok
13:28:23.0821 3004 RDPWD - ok
13:28:23.0837 3004 rdyboost - ok
13:28:23.0852 3004 RemoteAccess - ok
13:28:23.0852 3004 RemoteRegistry - ok
13:28:23.0884 3004 rpcapd - ok
13:28:23.0884 3004 RpcEptMapper - ok
13:28:23.0884 3004 RpcLocator - ok
13:28:23.0899 3004 RpcSs - ok
13:28:23.0930 3004 rspndr - ok
13:28:23.0962 3004 s3cap - ok
13:28:23.0962 3004 SamSs - ok
13:28:24.0008 3004 SbFw - ok
13:28:24.0008 3004 SBFWIMCL - ok
13:28:24.0071 3004 SBFWIMCLMP - ok
13:28:24.0102 3004 sbhips - ok
13:28:24.0118 3004 sbp2port - ok
13:28:24.0180 3004 SBRE - ok
13:28:24.0211 3004 SbTis - ok
13:28:24.0211 3004 SCardSvr - ok
13:28:24.0211 3004 scfilter - ok
13:28:24.0227 3004 Schedule - ok
13:28:24.0227 3004 SCPolicySvc - ok
13:28:24.0242 3004 SDRSVC - ok
13:28:24.0258 3004 secdrv - ok
13:28:24.0258 3004 seclogon - ok
13:28:24.0274 3004 SENS - ok
13:28:24.0289 3004 SensrSvc - ok
13:28:24.0289 3004 Serenum - ok
13:28:24.0289 3004 Serial - ok
13:28:24.0305 3004 sermouse - ok
13:28:24.0320 3004 SessionEnv - ok
13:28:24.0320 3004 sffdisk - ok
13:28:24.0336 3004 sffp_mmc - ok
13:28:24.0336 3004 sffp_sd - ok
13:28:24.0352 3004 sfloppy - ok
13:28:24.0383 3004 SharedAccess - ok
13:28:24.0398 3004 ShellHWDetection - ok
13:28:24.0414 3004 SiSRaid2 - ok
13:28:24.0430 3004 SiSRaid4 - ok
13:28:24.0430 3004 Smb - ok
13:28:24.0461 3004 SNMPTRAP - ok
13:28:24.0476 3004 spldr - ok
13:28:24.0492 3004 Spooler - ok
13:28:24.0492 3004 sppsvc - ok
13:28:24.0508 3004 sppuinotify - ok
13:28:24.0539 3004 sp_rsdrv2 - ok
13:28:24.0632 3004 SQLWriter - ok
13:28:24.0664 3004 srv - ok
13:28:24.0679 3004 srv2 - ok
13:28:24.0679 3004 srvnet - ok
13:28:24.0726 3004 SSDPSRV - ok
13:28:24.0742 3004 SstpSvc - ok
13:28:24.0804 3004 ST2012_Svc - ok
13:28:24.0820 3004 stexstor - ok
13:28:24.0835 3004 stisvc - ok
13:28:24.0835 3004 storflt - ok
13:28:24.0882 3004 StorSvc - ok
13:28:24.0898 3004 storvsc - ok
13:28:24.0898 3004 swenum - ok
13:28:24.0913 3004 swprv - ok
13:28:24.0913 3004 SysMain - ok
13:28:24.0944 3004 SystemExplorerHelpService - ok
13:28:24.0944 3004 TabletInputService - ok
13:28:24.0960 3004 TapiSrv - ok
13:28:24.0960 3004 TBS - ok
13:28:25.0022 3004 Tcpip - ok
13:28:25.0038 3004 TCPIP6 - ok
13:28:25.0054 3004 tcpipreg - ok
13:28:25.0069 3004 TDPIPE - ok
13:28:25.0085 3004 TDTCP - ok
13:28:25.0100 3004 tdx - ok
13:28:25.0116 3004 TermDD - ok
13:28:25.0132 3004 TermService - ok
13:28:25.0147 3004 Themes - ok
13:28:25.0147 3004 THREADORDER - ok
13:28:25.0147 3004 TrkWks - ok
13:28:25.0163 3004 truecrypt - ok
13:28:25.0178 3004 TrustedInstaller - ok
13:28:25.0178 3004 tssecsrv - ok
13:28:25.0241 3004 TsUsbFlt - ok
13:28:25.0303 3004 TS_AR5416 - ok
13:28:25.0319 3004 tunnel - ok
13:28:25.0319 3004 uagp35 - ok
13:28:25.0319 3004 udfs - ok
13:28:25.0334 3004 UI0Detect - ok
13:28:25.0350 3004 uliagpkx - ok
13:28:25.0350 3004 umbus - ok
13:28:25.0366 3004 UmPass - ok
13:28:25.0381 3004 UmRdpService - ok
13:28:25.0381 3004 upnphost - ok
13:28:25.0412 3004 usbccgp - ok
13:28:25.0412 3004 usbcir - ok
13:28:25.0428 3004 usbehci - ok
13:28:25.0459 3004 usbhub - ok
13:28:25.0475 3004 usbohci - ok
13:28:25.0490 3004 usbprint - ok
13:28:25.0537 3004 usbscan - ok
13:28:25.0537 3004 USBSTOR - ok
13:28:25.0568 3004 usbuhci - ok
13:28:25.0615 3004 usbvideo - ok
13:28:25.0646 3004 usb_rndisx - ok
13:28:25.0662 3004 UxSms - ok
13:28:25.0662 3004 VaultSvc - ok
13:28:25.0678 3004 vdrvroot - ok
13:28:25.0678 3004 vds - ok
13:28:25.0678 3004 vga - ok
13:28:25.0693 3004 VgaSave - ok
13:28:25.0693 3004 vhdmp - ok
13:28:25.0709 3004 viaide - ok
13:28:25.0756 3004 vmbus - ok
13:28:25.0756 3004 VMBusHID - ok
13:28:25.0787 3004 volmgr - ok
13:28:25.0802 3004 volmgrx - ok
13:28:25.0818 3004 volsnap - ok
13:28:25.0818 3004 vsmraid - ok
13:28:25.0834 3004 VSS - ok
13:28:25.0834 3004 vwifibus - ok
13:28:25.0865 3004 vwififlt - ok
13:28:25.0880 3004 W32Time - ok
13:28:25.0880 3004 WacomPen - ok
13:28:25.0896 3004 WANARP - ok
13:28:25.0896 3004 Wanarpv6 - ok
13:28:25.0943 3004 WatAdminSvc - ok
13:28:25.0943 3004 wbengine - ok
13:28:25.0958 3004 WbioSrvc - ok
13:28:26.0005 3004 WcesComm - ok
13:28:26.0005 3004 wcncsvc - ok
13:28:26.0021 3004 WcsPlugInService - ok
13:28:26.0036 3004 Wd - ok
13:28:26.0036 3004 Wdf01000 - ok
13:28:26.0036 3004 WdiServiceHost - ok
13:28:26.0052 3004 WdiSystemHost - ok
13:28:26.0052 3004 WebClient - ok
13:28:26.0068 3004 Wecsvc - ok
13:28:26.0068 3004 wercplsupport - ok
13:28:26.0083 3004 WerSvc - ok
13:28:26.0161 3004 WfpLwf - ok
13:28:26.0161 3004 WIMMount - ok
13:28:26.0161 3004 WinDefend - ok
13:28:26.0192 3004 WinHttpAutoProxySvc - ok
13:28:26.0208 3004 Winmgmt - ok
13:28:26.0224 3004 WinRM - ok
13:28:26.0255 3004 Wlansvc - ok
13:28:26.0255 3004 WmiAcpi - ok
13:28:26.0270 3004 wmiApSrv - ok
13:28:26.0302 3004 WMPNetworkSvc - ok
13:28:26.0302 3004 WPCSvc - ok
13:28:26.0317 3004 WPDBusEnum - ok
13:28:26.0317 3004 ws2ifsl - ok
13:28:26.0333 3004 wscsvc - ok
13:28:26.0333 3004 WSearch - ok
13:28:26.0348 3004 wuauserv - ok
13:28:26.0348 3004 WudfPf - ok
13:28:26.0380 3004 WUDFRd - ok
13:28:26.0380 3004 wudfsvc - ok
13:28:26.0395 3004 WwanSvc - ok
13:28:26.0442 3004 ================ Scan global ===============================
13:28:26.0473 3004 [Global] - ok
13:28:26.0473 3004 ================ Scan MBR ==================================
13:28:26.0489 3004 [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
13:28:27.0035 3004 \Device\Harddisk0\DR0 - ok
13:28:27.0035 3004 ================ Scan VBR ==================================
13:28:27.0050 3004 [ 33464F66565186C220393C74F0D15C84 ] \Device\Harddisk0\DR0\Partition1
13:28:27.0066 3004 \Device\Harddisk0\DR0\Partition1 - ok
13:28:27.0066 3004 [ 7E770AEF626E9D6BD23E1A8CA15D7955 ] \Device\Harddisk0\DR0\Partition2
13:28:27.0082 3004 \Device\Harddisk0\DR0\Partition2 - ok
13:28:27.0082 3004 [ E794E42A5D21DF6AC2132E95EBBC824C ] \Device\Harddisk0\DR0\Partition3
13:28:27.0082 3004 \Device\Harddisk0\DR0\Partition3 - ok
13:28:27.0082 3004 ============================================================
13:28:27.0082 3004 Scan finished
13:28:27.0082 3004 ============================================================
13:28:27.0097 2896 Detected object count: 0
13:28:27.0097 2896 Actual detected object count: 0
13:28:49.0202 1008 Deinitialize success


Rogue Killer:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dorotka [Práva správce]
Mód : Kontrola -- Datum : 04/17/2013 13:33:36
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.207.17.146:8080) -> NALEZENO
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C7745A7F-3998-40E0-AA39-4C9D555A99EE} : NameServer (93.153.117.33 93.153.117.1) -> NALEZENO
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C7745A7F-3998-40E0-AA39-4C9D555A99EE} : NameServer (93.153.117.33 93.153.117.1) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 50c567d3c08828903ba4180c63e3e736
[BSP] 38328897732d4ff72b7f1befd47486a6 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 14997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 152625 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 343292985 | Size: 137619 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_04172013_02d1333.txt >>
RKreport[1]_S_04172013_02d1333.txt

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod jaro3 » 17 dub 2013 15:36

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Pak klikni na Oprava Host a Zpráva - otevře se log, ten sem vlož.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Fista333
nováček
Příspěvky: 23
Registrován: březen 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Fista333 » 17 dub 2013 17:37

Udělal jsem vše jak bylo řečeno a výsledek je zde:


1:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dorotka [Práva správce]
Mód : Odebrat -- Datum : 04/17/2013 17:26:03
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.207.17.146:8080) -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C7745A7F-3998-40E0-AA39-4C9D555A99EE} : NameServer (93.153.117.33 93.153.117.1) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C7745A7F-3998-40E0-AA39-4C9D555A99EE} : NameServer (93.153.117.33 93.153.117.1) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 50c567d3c08828903ba4180c63e3e736
[BSP] 38328897732d4ff72b7f1befd47486a6 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 14997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 152625 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 343292985 | Size: 137619 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[4]_D_04172013_02d1726.txt >>
RKreport[1]_S_04172013_02d1333.txt ; RKreport[3]_S_04172013_02d1724.txt ; RKreport[4]_D_04172013_02d1726.txt



2:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dorotka [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/17/2013 17:28:26
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5]_H_04172013_02d1728.txt >>
RKreport[1]_S_04172013_02d1333.txt ; RKreport[3]_S_04172013_02d1724.txt ; RKreport[4]_D_04172013_02d1726.txt ; RKreport[5]_H_04172013_02d1728.txt



3:
# AdwCleaner v2.200 - Log vytvooen 17/04/2013 v 17:29:23
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživatel : Dorotka - Honzik
# Spuštin systém : Normální
# Spuštino z : C:\Users\Dorotka\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Users\Dorotka\AppData\Local\PackageAware

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Klíe Nalezeno : HKCU\Software\1ClickDownload
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Klíe Nalezeno : HKLM\Software\Iminent
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Nalezeno : HKLM\SOFTWARE\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - blank] = hxxp://www.startsearcher.com/tab.php?src=blank
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - NavigationFailure] = hxxp://www.startsearcher.com/tab.php?src=navfail
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.startsearcher.com/tab.php?src=tab
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com

*************************

AdwCleaner[R1].txt - [5024 octets] - [17/04/2013 17:29:23]

########## EOF - C:\AdwCleaner[R1].txt - [5084 octets] ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod jaro3 » 17 dub 2013 20:07

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
Klikni na „ Vymazat
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Pak klikni na Oprava Host a Zpráva - otevře se log, ten sem vlož.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Fista333
nováček
Příspěvky: 23
Registrován: březen 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Fista333 » 17 dub 2013 21:34

vysledky:

1:

# AdwCleaner v2.200 - Log vytvooen 17/04/2013 v 21:17:45
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživatel : Dorotka - Honzik
# Spuštin systém : Normální
# Spuštino z : C:\Users\Dorotka\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Users\Dorotka\AppData\Local\PackageAware

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Klíe Vymazáno : HKCU\Software\1ClickDownload
Klíe Vymazáno : HKCU\Software\DataMngr
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Klíe Vymazáno : HKLM\Software\Iminent
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Vymazáno : HKLM\SOFTWARE\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.7601.17514

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - blank] = hxxp://www.startsearcher.com/tab.php?src=blank --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - NavigationFailure] = hxxp://www.startsearcher.com/tab.php?src=navfail --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.startsearcher.com/tab.php?src=tab --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [5207 octets] - [17/04/2013 21:17:45]

########## EOF - C:\AdwCleaner[S1].txt - [5267 octets] ##########




2:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dorotka [Práva správce]
Mód : Kontrola -- Datum : 04/17/2013 21:19:23
| ARK || FAK || MBR

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.207.17.146:8080) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 50c567d3c08828903ba4180c63e3e736
[BSP] 38328897732d4ff72b7f1befd47486a6 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 14997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 152625 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 343292985 | Size: 137619 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_S_04172013_02d2132.txt >>
RKreport[1]_S_04172013_02d1333.txt ; RKreport[2]_S_04172013_02d1914.txt ; RKreport[3]_S_04172013_02d2132.txt



3:


21:23:12.0439 0600 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:23:12.0454 0600 ============================================================
21:23:12.0454 0600 Current date / time: 2013/04/17 21:23:12.0454
21:23:12.0454 0600 SystemInfo:
21:23:12.0454 0600
21:23:12.0454 0600 OS Version: 6.1.7601 ServicePack: 1.0
21:23:12.0454 0600 Product type: Workstation
21:23:12.0454 0600 ComputerName: Honzik
21:23:12.0454 0600 UserName: Dorotka
21:23:12.0454 0600 Windows directory: C:\Windows
21:23:12.0454 0600 System windows directory: C:\Windows
21:23:12.0454 0600 Running under WOW64
21:23:12.0454 0600 Processor architecture: Intel x64
21:23:12.0454 0600 Number of processors: 2
21:23:12.0454 0600 Page size: 0x1000
21:23:12.0454 0600 Boot type: Normal boot
21:23:12.0454 0600 ============================================================
21:23:14.0451 0600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:23:14.0467 0600 ============================================================
21:23:14.0467 0600 \Device\Harddisk0\DR0:
21:23:14.0467 0600 MBR partitions:
21:23:14.0467 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1D4A800
21:23:14.0467 0600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4B000, BlocksNum 0x12A18C39
21:23:14.0482 0600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14763C78, BlocksNum 0x10CC9A49
21:23:14.0482 0600 ============================================================
21:23:14.0545 0600 D: <-> \Device\Harddisk0\DR0\Partition3
21:23:14.0545 0600 ============================================================
21:23:14.0545 0600 Initialize success
21:23:14.0545 0600 ============================================================
21:23:16.0526 2204 ============================================================
21:23:16.0526 2204 Scan started
21:23:16.0526 2204 Mode: Manual;
21:23:16.0526 2204 ============================================================
21:23:17.0353 2204 ================ Scan system memory ========================
21:23:17.0353 2204 System memory - ok
21:23:17.0353 2204 ================ Scan services =============================
21:23:17.0400 2204 1394ohci - ok
21:23:17.0431 2204 ACPI - ok
21:23:17.0446 2204 AcpiPmi - ok
21:23:17.0478 2204 AdobeARMservice - ok
21:23:17.0478 2204 AdobeFlashPlayerUpdateSvc - ok
21:23:17.0493 2204 adp94xx - ok
21:23:17.0493 2204 adpahci - ok
21:23:17.0509 2204 adpu320 - ok
21:23:17.0509 2204 AeLookupSvc - ok
21:23:17.0524 2204 AFD - ok
21:23:17.0540 2204 agp440 - ok
21:23:17.0540 2204 ALG - ok
21:23:17.0556 2204 aliide - ok
21:23:17.0556 2204 amdide - ok
21:23:17.0556 2204 AmdK8 - ok
21:23:17.0571 2204 AmdPPM - ok
21:23:17.0571 2204 amdsata - ok
21:23:17.0587 2204 amdsbs - ok
21:23:17.0587 2204 amdxata - ok
21:23:17.0602 2204 AppID - ok
21:23:17.0602 2204 AppIDSvc - ok
21:23:17.0618 2204 Appinfo - ok
21:23:17.0618 2204 AppMgmt - ok
21:23:17.0634 2204 arc - ok
21:23:17.0634 2204 arcsas - ok
21:23:17.0680 2204 ASPI - ok
21:23:17.0680 2204 aspnet_state - ok
21:23:17.0696 2204 aswFsBlk - ok
21:23:17.0712 2204 aswMonFlt - ok
21:23:17.0727 2204 aswRdr - ok
21:23:17.0743 2204 aswRvrt - ok
21:23:17.0743 2204 aswSnx - ok
21:23:17.0758 2204 aswSP - ok
21:23:17.0758 2204 aswTdi - ok
21:23:17.0790 2204 aswVmm - ok
21:23:17.0805 2204 AsyncMac - ok
21:23:17.0805 2204 atapi - ok
21:23:17.0821 2204 athr - ok
21:23:17.0836 2204 AudioEndpointBuilder - ok
21:23:17.0836 2204 AudioSrv - ok
21:23:17.0852 2204 avast! Antivirus - ok
21:23:17.0852 2204 AxInstSV - ok
21:23:17.0852 2204 b06bdrv - ok
21:23:17.0868 2204 b57nd60a - ok
21:23:17.0883 2204 BDESVC - ok
21:23:17.0899 2204 Beep - ok
21:23:17.0899 2204 BFE - ok
21:23:17.0914 2204 BITS - ok
21:23:17.0930 2204 blbdrive - ok
21:23:17.0961 2204 bowser - ok
21:23:17.0992 2204 bpenum - ok
21:23:17.0992 2204 BrFiltLo - ok
21:23:18.0008 2204 BrFiltUp - ok
21:23:18.0008 2204 Browser - ok
21:23:18.0024 2204 Brserid - ok
21:23:18.0024 2204 BrSerWdm - ok
21:23:18.0024 2204 BrUsbMdm - ok
21:23:18.0039 2204 BrUsbSer - ok
21:23:18.0039 2204 BTHMODEM - ok
21:23:18.0055 2204 bthserv - ok
21:23:18.0070 2204 cdfs - ok
21:23:18.0086 2204 cdrom - ok
21:23:18.0102 2204 CertPropSvc - ok
21:23:18.0102 2204 circlass - ok
21:23:18.0133 2204 CLFS - ok
21:23:18.0148 2204 clr_optimization_v2.0.50727_32 - ok
21:23:18.0148 2204 clr_optimization_v2.0.50727_64 - ok
21:23:18.0164 2204 clr_optimization_v4.0.30319_32 - ok
21:23:18.0195 2204 clr_optimization_v4.0.30319_64 - ok
21:23:18.0211 2204 CmBatt - ok
21:23:18.0211 2204 cmdide - ok
21:23:18.0226 2204 CNG - ok
21:23:18.0226 2204 Compbatt - ok
21:23:18.0242 2204 CompositeBus - ok
21:23:18.0258 2204 COMSysApp - ok
21:23:18.0273 2204 cpuz135 - ok
21:23:18.0289 2204 crcdisk - ok
21:23:18.0289 2204 CryptSvc - ok
21:23:18.0304 2204 CSC - ok
21:23:18.0304 2204 CscService - ok
21:23:18.0320 2204 DcomLaunch - ok
21:23:18.0320 2204 defragsvc - ok
21:23:18.0382 2204 DfsC - ok
21:23:18.0382 2204 Dhcp - ok
21:23:18.0398 2204 discache - ok
21:23:18.0398 2204 Disk - ok
21:23:18.0398 2204 Dnscache - ok
21:23:18.0414 2204 dot3svc - ok
21:23:18.0414 2204 DPS - ok
21:23:18.0445 2204 drmkaud - ok
21:23:18.0445 2204 dtsoftbus01 - ok
21:23:18.0460 2204 DXGKrnl - ok
21:23:18.0460 2204 EapHost - ok
21:23:18.0460 2204 ebdrv - ok
21:23:18.0476 2204 EFS - ok
21:23:18.0476 2204 ehRecvr - ok
21:23:18.0507 2204 ehSched - ok
21:23:18.0507 2204 elxstor - ok
21:23:18.0523 2204 ErrDev - ok
21:23:18.0523 2204 EventSystem - ok
21:23:18.0538 2204 ew_hwusbdev - ok
21:23:18.0554 2204 ew_usbenumfilter - ok
21:23:18.0554 2204 exfat - ok
21:23:18.0570 2204 fastfat - ok
21:23:18.0570 2204 Fax - ok
21:23:18.0585 2204 fdc - ok
21:23:18.0585 2204 fdPHost - ok
21:23:18.0601 2204 FDResPub - ok
21:23:18.0601 2204 FileInfo - ok
21:23:18.0601 2204 Filetrace - ok
21:23:18.0616 2204 flpydisk - ok
21:23:18.0616 2204 FltMgr - ok
21:23:18.0632 2204 FontCache - ok
21:23:18.0632 2204 FontCache3.0.0.0 - ok
21:23:18.0679 2204 FreshIO - ok
21:23:18.0679 2204 FsDepends - ok
21:23:18.0710 2204 Fs_Rec - ok
21:23:18.0726 2204 fvevol - ok
21:23:18.0726 2204 gagp30kx - ok
21:23:18.0741 2204 gpsvc - ok
21:23:18.0741 2204 gupdate - ok
21:23:18.0757 2204 gupdatem - ok
21:23:18.0757 2204 hcw85cir - ok
21:23:18.0788 2204 HdAudAddService - ok
21:23:18.0788 2204 HDAudBus - ok
21:23:18.0804 2204 HidBatt - ok
21:23:18.0804 2204 HidBth - ok
21:23:18.0819 2204 HidIr - ok
21:23:18.0819 2204 hidserv - ok
21:23:18.0835 2204 HidUsb - ok
21:23:18.0835 2204 hkmsvc - ok
21:23:18.0835 2204 HomeGroupListener - ok
21:23:18.0850 2204 HomeGroupProvider - ok
21:23:18.0850 2204 HpSAMD - ok
21:23:18.0866 2204 HTTP - ok
21:23:18.0882 2204 huawei_cdcacm - ok
21:23:18.0897 2204 huawei_enumerator - ok
21:23:18.0897 2204 huawei_ext_ctrl - ok
21:23:18.0913 2204 huawei_wwanecm - ok
21:23:18.0928 2204 hwpolicy - ok
21:23:18.0944 2204 i8042prt - ok
21:23:18.0975 2204 iaStorV - ok
21:23:18.0975 2204 idsvc - ok
21:23:18.0991 2204 igfx - ok
21:23:18.0991 2204 iirsp - ok
21:23:19.0006 2204 IKEEXT - ok
21:23:19.0006 2204 intelide - ok
21:23:19.0038 2204 intelppm - ok
21:23:19.0038 2204 IPBusEnum - ok
21:23:19.0053 2204 IpFilterDriver - ok
21:23:19.0053 2204 iphlpsvc - ok
21:23:19.0069 2204 IPMIDRV - ok
21:23:19.0069 2204 IPNAT - ok
21:23:19.0069 2204 IRENUM - ok
21:23:19.0084 2204 isapnp - ok
21:23:19.0084 2204 iScsiPrt - ok
21:23:19.0100 2204 kbdclass - ok
21:23:19.0116 2204 kbdhid - ok
21:23:19.0116 2204 KeyIso - ok
21:23:19.0131 2204 KSecDD - ok
21:23:19.0162 2204 KSecPkg - ok
21:23:19.0162 2204 ksthunk - ok
21:23:19.0162 2204 KtmRm - ok
21:23:19.0194 2204 kvpndev - ok
21:23:19.0209 2204 L1E - ok
21:23:19.0225 2204 LanmanServer - ok
21:23:19.0225 2204 LanmanWorkstation - ok
21:23:19.0240 2204 lltdio - ok
21:23:19.0256 2204 lltdsvc - ok
21:23:19.0256 2204 lmhosts - ok
21:23:19.0272 2204 LSI_FC - ok
21:23:19.0272 2204 LSI_SAS - ok
21:23:19.0287 2204 LSI_SAS2 - ok
21:23:19.0287 2204 LSI_SCSI - ok
21:23:19.0303 2204 luafv - ok
21:23:19.0334 2204 MbnExt - ok
21:23:19.0350 2204 Mcx2Svc - ok
21:23:19.0350 2204 megasas - ok
21:23:19.0350 2204 MegaSR - ok
21:23:19.0365 2204 MMCSS - ok
21:23:19.0365 2204 Modem - ok
21:23:19.0381 2204 monitor - ok
21:23:19.0396 2204 mouclass - ok
21:23:19.0396 2204 mouhid - ok
21:23:19.0412 2204 mountmgr - ok
21:23:19.0412 2204 mpio - ok
21:23:19.0428 2204 mpsdrv - ok
21:23:19.0443 2204 MpsSvc - ok
21:23:19.0443 2204 MRxDAV - ok
21:23:19.0459 2204 mrxsmb - ok
21:23:19.0459 2204 mrxsmb10 - ok
21:23:19.0474 2204 mrxsmb20 - ok
21:23:19.0474 2204 msahci - ok
21:23:19.0490 2204 msdsm - ok
21:23:19.0506 2204 MSDTC - ok
21:23:19.0521 2204 Msfs - ok
21:23:19.0521 2204 mshidkmdf - ok
21:23:19.0537 2204 msisadrv - ok
21:23:19.0537 2204 MSiSCSI - ok
21:23:19.0552 2204 msiserver - ok
21:23:19.0552 2204 MSKSSRV - ok
21:23:19.0568 2204 MSPCLOCK - ok
21:23:19.0568 2204 MSPQM - ok
21:23:19.0584 2204 MsRPC - ok
21:23:19.0584 2204 mssmbios - ok
21:23:19.0599 2204 MSTEE - ok
21:23:19.0615 2204 MTConfig - ok
21:23:19.0615 2204 MTsensor - ok
21:23:19.0630 2204 Mup - ok
21:23:19.0630 2204 napagent - ok
21:23:19.0646 2204 NativeWifiP - ok
21:23:19.0646 2204 NDIS - ok
21:23:19.0662 2204 NdisCap - ok
21:23:19.0662 2204 NdisTapi - ok
21:23:19.0662 2204 Ndisuio - ok
21:23:19.0677 2204 NdisWan - ok
21:23:19.0677 2204 NDProxy - ok
21:23:19.0693 2204 NetBIOS - ok
21:23:19.0693 2204 NetBT - ok
21:23:19.0708 2204 Netlogon - ok
21:23:19.0708 2204 Netman - ok
21:23:19.0740 2204 NetMsmqActivator - ok
21:23:19.0740 2204 NetPipeActivator - ok
21:23:19.0740 2204 netprofm - ok
21:23:19.0755 2204 NetTcpActivator - ok
21:23:19.0755 2204 NetTcpPortSharing - ok
21:23:19.0771 2204 nfrd960 - ok
21:23:19.0771 2204 NlaSvc - ok
21:23:19.0802 2204 NPF - ok
21:23:19.0802 2204 Npfs - ok
21:23:19.0802 2204 nsi - ok
21:23:19.0818 2204 nsiproxy - ok
21:23:19.0833 2204 Ntfs - ok
21:23:19.0849 2204 Null - ok
21:23:19.0849 2204 nvraid - ok
21:23:19.0864 2204 nvstor - ok
21:23:19.0864 2204 nv_agp - ok
21:23:19.0880 2204 odserv - ok
21:23:19.0896 2204 ohci1394 - ok
21:23:19.0927 2204 ose - ok
21:23:19.0927 2204 p2pimsvc - ok
21:23:19.0942 2204 p2psvc - ok
21:23:19.0942 2204 Parport - ok
21:23:19.0958 2204 partmgr - ok
21:23:19.0958 2204 PcaSvc - ok
21:23:19.0974 2204 pci - ok
21:23:19.0989 2204 pciide - ok
21:23:19.0989 2204 pcmcia - ok
21:23:19.0989 2204 pcw - ok
21:23:20.0005 2204 PEAUTH - ok
21:23:20.0005 2204 PeerDistSvc - ok
21:23:20.0020 2204 PerfHost - ok
21:23:20.0036 2204 pla - ok
21:23:20.0036 2204 PlugPlay - ok
21:23:20.0052 2204 PNRPAutoReg - ok
21:23:20.0052 2204 PNRPsvc - ok
21:23:20.0067 2204 PolicyAgent - ok
21:23:20.0067 2204 Power - ok
21:23:20.0083 2204 PptpMiniport - ok
21:23:20.0083 2204 Processor - ok
21:23:20.0098 2204 ProfSvc - ok
21:23:20.0098 2204 ProtectedStorage - ok
21:23:20.0114 2204 Psched - ok
21:23:20.0114 2204 PSSDK42 - ok
21:23:20.0130 2204 ql2300 - ok
21:23:20.0130 2204 ql40xx - ok
21:23:20.0145 2204 QWAVE - ok
21:23:20.0145 2204 QWAVEdrv - ok
21:23:20.0161 2204 RapiMgr - ok
21:23:20.0176 2204 RasAcd - ok
21:23:20.0176 2204 RasAgileVpn - ok
21:23:20.0192 2204 RasAuto - ok
21:23:20.0192 2204 Rasl2tp - ok
21:23:20.0208 2204 RasMan - ok
21:23:20.0208 2204 RasPppoe - ok
21:23:20.0223 2204 RasSstp - ok
21:23:20.0254 2204 rdbss - ok
21:23:20.0270 2204 rdpbus - ok
21:23:20.0270 2204 RDPCDD - ok
21:23:20.0286 2204 RDPDR - ok
21:23:20.0286 2204 RDPENCDD - ok
21:23:20.0301 2204 RDPREFMP - ok
21:23:20.0317 2204 RDPWD - ok
21:23:20.0317 2204 rdyboost - ok
21:23:20.0348 2204 RemoteAccess - ok
21:23:20.0348 2204 RemoteRegistry - ok
21:23:20.0364 2204 rpcapd - ok
21:23:20.0364 2204 RpcEptMapper - ok
21:23:20.0379 2204 RpcLocator - ok
21:23:20.0379 2204 RpcSs - ok
21:23:20.0410 2204 rspndr - ok
21:23:20.0426 2204 s3cap - ok
21:23:20.0426 2204 SamSs - ok
21:23:20.0457 2204 SbFw - ok
21:23:20.0457 2204 SBFWIMCL - ok
21:23:20.0473 2204 SBFWIMCLMP - ok
21:23:20.0488 2204 sbhips - ok
21:23:20.0504 2204 sbp2port - ok
21:23:20.0535 2204 SBRE - ok
21:23:20.0551 2204 SbTis - ok
21:23:20.0551 2204 SCardSvr - ok
21:23:20.0551 2204 scfilter - ok
21:23:20.0566 2204 Schedule - ok
21:23:20.0566 2204 SCPolicySvc - ok
21:23:20.0582 2204 SDRSVC - ok
21:23:20.0598 2204 secdrv - ok
21:23:20.0613 2204 seclogon - ok
21:23:20.0613 2204 SENS - ok
21:23:20.0629 2204 SensrSvc - ok
21:23:20.0629 2204 Serenum - ok
21:23:20.0644 2204 Serial - ok
21:23:20.0644 2204 sermouse - ok
21:23:20.0660 2204 SessionEnv - ok
21:23:20.0676 2204 sffdisk - ok
21:23:20.0676 2204 sffp_mmc - ok
21:23:20.0676 2204 sffp_sd - ok
21:23:20.0691 2204 sfloppy - ok
21:23:20.0691 2204 SharedAccess - ok
21:23:20.0707 2204 ShellHWDetection - ok
21:23:20.0707 2204 SiSRaid2 - ok
21:23:20.0722 2204 SiSRaid4 - ok
21:23:20.0722 2204 Smb - ok
21:23:20.0738 2204 SNMPTRAP - ok
21:23:20.0754 2204 spldr - ok
21:23:20.0754 2204 Spooler - ok
21:23:20.0769 2204 sppsvc - ok
21:23:20.0769 2204 sppuinotify - ok
21:23:20.0785 2204 sp_rsdrv2 - ok
21:23:20.0816 2204 SQLWriter - ok
21:23:20.0832 2204 srv - ok
21:23:20.0847 2204 srv2 - ok
21:23:20.0847 2204 srvnet - ok
21:23:20.0863 2204 SSDPSRV - ok
21:23:20.0863 2204 SstpSvc - ok
21:23:20.0878 2204 ST2012_Svc - ok
21:23:20.0894 2204 stexstor - ok
21:23:20.0894 2204 stisvc - ok
21:23:20.0910 2204 storflt - ok
21:23:20.0910 2204 StorSvc - ok
21:23:20.0925 2204 storvsc - ok
21:23:20.0925 2204 swenum - ok
21:23:20.0925 2204 swprv - ok
21:23:20.0941 2204 SysMain - ok
21:23:20.0956 2204 SystemExplorerHelpService - ok
21:23:20.0972 2204 TabletInputService - ok
21:23:20.0972 2204 TapiSrv - ok
21:23:20.0988 2204 TBS - ok
21:23:20.0988 2204 Tcpip - ok
21:23:21.0003 2204 TCPIP6 - ok
21:23:21.0003 2204 tcpipreg - ok
21:23:21.0019 2204 TDPIPE - ok
21:23:21.0019 2204 TDTCP - ok
21:23:21.0034 2204 tdx - ok
21:23:21.0034 2204 TermDD - ok
21:23:21.0050 2204 TermService - ok
21:23:21.0050 2204 Themes - ok
21:23:21.0066 2204 THREADORDER - ok
21:23:21.0066 2204 TrkWks - ok
21:23:21.0081 2204 truecrypt - ok
21:23:21.0081 2204 TrustedInstaller - ok
21:23:21.0097 2204 tssecsrv - ok
21:23:21.0097 2204 TsUsbFlt - ok
21:23:21.0112 2204 TS_AR5416 - ok
21:23:21.0112 2204 tunnel - ok
21:23:21.0128 2204 uagp35 - ok
21:23:21.0128 2204 udfs - ok
21:23:21.0144 2204 UI0Detect - ok
21:23:21.0159 2204 uliagpkx - ok
21:23:21.0159 2204 umbus - ok
21:23:21.0175 2204 UmPass - ok
21:23:21.0175 2204 UmRdpService - ok
21:23:21.0175 2204 upnphost - ok
21:23:21.0190 2204 usbccgp - ok
21:23:21.0190 2204 usbcir - ok
21:23:21.0206 2204 usbehci - ok
21:23:21.0222 2204 usbhub - ok
21:23:21.0222 2204 usbohci - ok
21:23:21.0222 2204 usbprint - ok
21:23:21.0237 2204 usbscan - ok
21:23:21.0237 2204 USBSTOR - ok
21:23:21.0253 2204 usbuhci - ok
21:23:21.0268 2204 usbvideo - ok
21:23:21.0300 2204 usb_rndisx - ok
21:23:21.0300 2204 UxSms - ok
21:23:21.0315 2204 VaultSvc - ok
21:23:21.0315 2204 vdrvroot - ok
21:23:21.0331 2204 vds - ok
21:23:21.0331 2204 vga - ok
21:23:21.0346 2204 VgaSave - ok
21:23:21.0346 2204 vhdmp - ok
21:23:21.0346 2204 viaide - ok
21:23:21.0362 2204 vmbus - ok
21:23:21.0362 2204 VMBusHID - ok
21:23:21.0378 2204 volmgr - ok
21:23:21.0378 2204 volmgrx - ok
21:23:21.0393 2204 volsnap - ok
21:23:21.0393 2204 vsmraid - ok
21:23:21.0409 2204 VSS - ok
21:23:21.0409 2204 vwifibus - ok
21:23:21.0424 2204 vwififlt - ok
21:23:21.0424 2204 W32Time - ok
21:23:21.0440 2204 WacomPen - ok
21:23:21.0440 2204 WANARP - ok
21:23:21.0456 2204 Wanarpv6 - ok
21:23:21.0456 2204 WatAdminSvc - ok
21:23:21.0471 2204 wbengine - ok
21:23:21.0471 2204 WbioSrvc - ok
21:23:21.0502 2204 WcesComm - ok
21:23:21.0502 2204 wcncsvc - ok
21:23:21.0518 2204 WcsPlugInService - ok
21:23:21.0518 2204 Wd - ok
21:23:21.0534 2204 Wdf01000 - ok
21:23:21.0534 2204 WdiServiceHost - ok
21:23:21.0549 2204 WdiSystemHost - ok
21:23:21.0549 2204 WebClient - ok
21:23:21.0549 2204 Wecsvc - ok
21:23:21.0565 2204 wercplsupport - ok
21:23:21.0565 2204 WerSvc - ok
21:23:21.0596 2204 WfpLwf - ok
21:23:21.0596 2204 WIMMount - ok
21:23:21.0612 2204 WinDefend - ok
21:23:21.0643 2204 WinHttpAutoProxySvc - ok
21:23:21.0643 2204 Winmgmt - ok
21:23:21.0643 2204 WinRM - ok
21:23:21.0674 2204 Wlansvc - ok
21:23:21.0674 2204 WmiAcpi - ok
21:23:21.0690 2204 wmiApSrv - ok
21:23:21.0690 2204 WMPNetworkSvc - ok
21:23:21.0705 2204 WPCSvc - ok
21:23:21.0705 2204 WPDBusEnum - ok
21:23:21.0721 2204 ws2ifsl - ok
21:23:21.0721 2204 wscsvc - ok
21:23:21.0736 2204 WSearch - ok
21:23:21.0752 2204 wuauserv - ok
21:23:21.0752 2204 WudfPf - ok
21:23:21.0768 2204 WUDFRd - ok
21:23:21.0768 2204 wudfsvc - ok
21:23:21.0783 2204 WwanSvc - ok
21:23:21.0814 2204 ================ Scan global ===============================
21:23:21.0830 2204 [Global] - ok
21:23:21.0830 2204 ================ Scan MBR ==================================
21:23:21.0846 2204 [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
21:23:22.0282 2204 \Device\Harddisk0\DR0 - ok
21:23:22.0282 2204 ================ Scan VBR ==================================
21:23:22.0282 2204 [ 33464F66565186C220393C74F0D15C84 ] \Device\Harddisk0\DR0\Partition1
21:23:22.0282 2204 \Device\Harddisk0\DR0\Partition1 - ok
21:23:22.0376 2204 [ 7E770AEF626E9D6BD23E1A8CA15D7955 ] \Device\Harddisk0\DR0\Partition2
21:23:22.0376 2204 \Device\Harddisk0\DR0\Partition2 - ok
21:23:22.0392 2204 [ E794E42A5D21DF6AC2132E95EBBC824C ] \Device\Harddisk0\DR0\Partition3
21:23:22.0392 2204 \Device\Harddisk0\DR0\Partition3 - ok
21:23:22.0392 2204 ============================================================
21:23:22.0392 2204 Scan finished
21:23:22.0392 2204 ============================================================
21:23:22.0407 2836 Detected object count: 0
21:23:22.0407 2836 Actual detected object count: 0
21:23:45.0121 1256 Deinitialize success

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod jaro3 » 17 dub 2013 23:16

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Fista333
nováček
Příspěvky: 23
Registrován: březen 13
Pohlaví: Nespecifikováno
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Fista333 » 18 dub 2013 00:02

Avast bohuzel nesel vypnout uplne, vypl jsem u nej rezidentni stity a dalsi funkce, ale odstranit ze spravce uloh nesel.


1:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dorotka [Práva správce]
Mód : Odebrat -- Datum : 04/17/2013 23:37:44
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.207.17.146:8080) -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] 50c567d3c08828903ba4180c63e3e736
[BSP] 38328897732d4ff72b7f1befd47486a6 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 14997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 152625 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 343292985 | Size: 137619 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[5]_D_04172013_02d2337.txt >>
RKreport[1]_S_04172013_02d1333.txt ; RKreport[2]_S_04172013_02d1914.txt ; RKreport[3]_S_04172013_02d2132.txt ; RKreport[4]_S_04172013_02d2335.txt ; RKreport[5]_D_04172013_02d2337.txt




2:

ComboFix 13-04-17.01 - Dorotka 17.04.2013 23:43:16.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3037.1916 [GMT 2:00]
Spuštěný z: c:\users\Dorotka\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\d2d1debug1.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-17 do 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-17 21:49 . 2013-04-17 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 21:49 . 2013-04-17 21:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-17 21:40 . 2013-04-17 21:40 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC0D8A5-D912-4007-A309-09E4A6AA59EF}\offreg.dll
2013-04-16 17:19 . 2013-04-16 17:19 -------- d-----w- c:\users\Dorotka\AppData\Local\Adobe
2013-04-14 15:44 . 2013-04-14 15:49 -------- d-----w- c:\program files (x86)\HD Tune Pro
2013-04-14 15:37 . 2013-04-14 15:37 -------- d-----w- c:\program files (x86)\LSoft Technologies Inc
2013-04-12 17:17 . 2013-04-12 17:17 2048 ----a-w- c:\windows\SysWow64\winver.exe
2013-04-12 17:17 . 2013-04-12 17:17 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-04-12 17:17 . 2013-04-12 17:17 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2013-04-12 17:17 . 2013-04-12 17:17 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2013-04-12 11:59 . 2013-04-12 12:43 -------- d-----w- c:\programdata\FLEXnet
2013-04-10 08:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 08:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 08:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 08:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 08:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-28 14:38 . 2013-04-17 20:23 -------- d-----w- c:\program files\Hijackthis
2013-03-28 12:38 . 2013-03-28 12:38 -------- d-----w- c:\users\Dorotka\AppData\Roaming\Malwarebytes
2013-03-28 12:37 . 2013-03-28 12:37 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 12:37 . 2013-04-16 16:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-28 12:37 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 19:06 . 2013-03-26 19:06 -------- d-----w- c:\programdata\JH Software
2013-03-26 12:07 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-26 12:07 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-24 14:43 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-24 14:43 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 14:43 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 13:03 . 2012-02-03 13:04 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-06 22:46 . 2012-04-07 11:27 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-06 22:46 . 2012-02-03 19:55 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-12-30 16:52 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-30 16:52 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-12-30 16:52 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-30 16:52 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-30 16:52 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-30 16:52 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-30 16:51 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-02-03 14:36 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-19 03:57 . 2013-03-14 14:54 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC0D8A5-D912-4007-A309-09E4A6AA59EF}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-04-12 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-02-10 1516496]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2012-12-02 2846168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 aswVmm;aswVmm; [x]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 70144]
R3 cpuz135;cpuz135;c:\users\Dorotka\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 73216]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2012-05-19 53312]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-11-25 821720]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys [2012-04-03 21:35 2156968]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-03 1255736]
R4 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-03 283200]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-02-17 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-01-10 1148632]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 85.207.17.146:8080
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-04-17 23:52:26
ComboFix-quarantined-files.txt 2013-04-17 21:52
.
Před spuštěním: Volných bajtů: 14 576 603 136
Po spuštění: Volných bajtů: 14 428 385 280
.
- - End Of File - - 92C26C54BDEB04C4B1F3FA24330F3CF7

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu Fista33

Příspěvekod Žbeky » 18 dub 2013 09:32

Odinstaluj spyware terminator

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 17 hostů