RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno : Normální režim
Uživatel : doma [Práva správce]
Started from : C:\Users\doma\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 04/27/2015 20:19:38
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] explorer.exe(3828) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll[7] -> Uvolněno
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=6826 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Classes@TReader@ : Unknown @ 0xffffffffb45933bc (call 0x64500a34)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Wincodec@GUID_ContainerFormatTiff : Unknown @ 0xffffffffe667d20b (jmp 0xffffffff964f0be7)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Jcl150.bpl - @Jclansistrings@TJclAnsiStringList@ : Unknown @ 0x6c4ac960 (call 0x24480048)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionAcquired : Unknown @ 0xffffffffdd6a1039 (call 0xffffffff8d505010)
¤¤¤ Webové prohlížeče : 5 ¤¤¤
[FIREFX:Addon] nahd6ha2.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : Yandex.Bar [yasearch@yandex.ru] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : HP Smart Web Printing [smartwebprinting@hp.com] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : SmartPrintButton [quickprint@hp.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "seznam.cz"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD600BB-00CAA1 ATA Device +++++
--- User ---
[MBR] b8a7c150649ef30d761f7e859f7a36fc
[BSP] d066f735132ef4645489bcd6579fa63d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 57231 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04262015_101041.log - RKreport_DEL_04262015_114757.log - RKreport_SCN_04272015_201755.log
kontrola logu
Re: kontrola logu
RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno : Normální režim
Uživatel : doma [Práva správce]
Started from : C:\Users\doma\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 04/27/2015 20:19:38
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] explorer.exe(3828) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll[7] -> Uvolněno
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=6826 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Classes@TReader@ : Unknown @ 0xffffffffb45933bc (call 0x64500a34)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Wincodec@GUID_ContainerFormatTiff : Unknown @ 0xffffffffe667d20b (jmp 0xffffffff964f0be7)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Jcl150.bpl - @Jclansistrings@TJclAnsiStringList@ : Unknown @ 0x6c4ac960 (call 0x24480048)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionAcquired : Unknown @ 0xffffffffdd6a1039 (call 0xffffffff8d505010)
¤¤¤ Webové prohlížeče : 5 ¤¤¤
[FIREFX:Addon] nahd6ha2.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : Yandex.Bar [yasearch@yandex.ru] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : HP Smart Web Printing [smartwebprinting@hp.com] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : SmartPrintButton [quickprint@hp.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "seznam.cz"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD600BB-00CAA1 ATA Device +++++
--- User ---
[MBR] b8a7c150649ef30d761f7e859f7a36fc
[BSP] d066f735132ef4645489bcd6579fa63d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 57231 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04262015_101041.log - RKreport_DEL_04262015_114757.log - RKreport_SCN_04272015_201755.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno : Normální režim
Uživatel : doma [Práva správce]
Started from : C:\Users\doma\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 04/27/2015 20:19:38
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] explorer.exe(3828) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll[7] -> Uvolněno
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=6826 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3142823152-2636696196-3780361810-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Classes@TReader@ : Unknown @ 0xffffffffb45933bc (call 0x64500a34)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Wincodec@GUID_ContainerFormatTiff : Unknown @ 0xffffffffe667d20b (jmp 0xffffffff964f0be7)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Jcl150.bpl - @Jclansistrings@TJclAnsiStringList@ : Unknown @ 0x6c4ac960 (call 0x24480048)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionAcquired : Unknown @ 0xffffffffdd6a1039 (call 0xffffffff8d505010)
¤¤¤ Webové prohlížeče : 5 ¤¤¤
[FIREFX:Addon] nahd6ha2.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : Yandex.Bar [yasearch@yandex.ru] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : HP Smart Web Printing [smartwebprinting@hp.com] -> Smazáno
[FIREFX:Addon] nahd6ha2.default : SmartPrintButton [quickprint@hp.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] nahd6ha2.default : user_pref("browser.startup.homepage", "seznam.cz"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD600BB-00CAA1 ATA Device +++++
--- User ---
[MBR] b8a7c150649ef30d761f7e859f7a36fc
[BSP] d066f735132ef4645489bcd6579fa63d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 57231 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04262015_101041.log - RKreport_DEL_04262015_114757.log - RKreport_SCN_04272015_201755.log
Re: kontrola logu
Ahoj! 
Co aswMBR?
Stáhni si MBAR: http://www.bleepingcomputer.com/downloa ... i-rootkit/
Spusť a extrahuj na Plochu, odklikej, klikni na tlačítko Update, poté dej Next.
Zkontroluj zatržítko u všech 3 možností a klikni na Scan, nech pracovat, chvíli potrvá.
Všechny případné nálezy zatrhni, zkontroluj zatržítko u Create Restore Point, poté klikni na Cleanup a nech PC restartovat.
Potom dej log, najdeš ho na Ploše ve složce mbar.
Co aswMBR?
Stáhni si MBAR: http://www.bleepingcomputer.com/downloa ... i-rootkit/
Spusť a extrahuj na Plochu, odklikej, klikni na tlačítko Update, poté dej Next.
Zkontroluj zatržítko u všech 3 možností a klikni na Scan, nech pracovat, chvíli potrvá.
Všechny případné nálezy zatrhni, zkontroluj zatržítko u Create Restore Point, poté klikni na Cleanup a nech PC restartovat.
Potom dej log, najdeš ho na Ploše ve složce mbar.
Re: kontrola logu
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-04-27 20:25:46
-----------------------------
20:25:46.205 OS Version: Windows 6.1.7600
20:25:46.205 Number of processors: 2 586 0x170A
20:25:46.205 ComputerName: DOMA-PC UserName: doma
20:25:51.384 Initialize success
20:25:51.540 VM: initialized successfully
20:25:51.540 VM: Intel CPU supported
20:26:04.091 VM: disk I/O atapi.sys
20:26:18.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:26:18.317 Disk 0 Vendor: WDC_WD600BB-00CAA1 17.07W17 Size: 57240MB BusType: 3
20:26:18.411 Disk 0 MBR read successfully
20:26:18.426 Disk 0 MBR scan
20:26:18.426 Disk 0 Windows 7 default MBR code
20:26:18.426 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
20:26:18.426 Disk 0 Boot: NTFS code=2
20:26:18.442 Disk 0 scanning sectors +117210240
20:26:18.489 Disk 0 scanning C:\Windows\system32\drivers
20:26:23.933 Service scanning
20:26:47.520 Modules scanning
20:26:48.020 Disk 0 trace - called modules:
20:26:48.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:26:48.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86341a58]
20:26:48.035 3 CLASSPNP.SYS[8bfa659e] -> nt!IofCallDriver -> [0x85e70918]
20:26:48.051 5 ACPI.sys[8ba393b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e6e908]
20:26:48.051 Disk 0 statistics 76805/0/0 @ 7,33 MB/s
20:26:48.051 Scan finished successfully
20:27:05.772 Disk 0 MBR has been saved successfully to "C:\Users\doma\Desktop\MBR.dat"
20:27:05.772 The log file has been saved successfully to "C:\Users\doma\Desktop\aswMBR.txt"
Run date: 2015-04-27 20:25:46
-----------------------------
20:25:46.205 OS Version: Windows 6.1.7600
20:25:46.205 Number of processors: 2 586 0x170A
20:25:46.205 ComputerName: DOMA-PC UserName: doma
20:25:51.384 Initialize success
20:25:51.540 VM: initialized successfully
20:25:51.540 VM: Intel CPU supported
20:26:04.091 VM: disk I/O atapi.sys
20:26:18.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:26:18.317 Disk 0 Vendor: WDC_WD600BB-00CAA1 17.07W17 Size: 57240MB BusType: 3
20:26:18.411 Disk 0 MBR read successfully
20:26:18.426 Disk 0 MBR scan
20:26:18.426 Disk 0 Windows 7 default MBR code
20:26:18.426 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
20:26:18.426 Disk 0 Boot: NTFS code=2
20:26:18.442 Disk 0 scanning sectors +117210240
20:26:18.489 Disk 0 scanning C:\Windows\system32\drivers
20:26:23.933 Service scanning
20:26:47.520 Modules scanning
20:26:48.020 Disk 0 trace - called modules:
20:26:48.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:26:48.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86341a58]
20:26:48.035 3 CLASSPNP.SYS[8bfa659e] -> nt!IofCallDriver -> [0x85e70918]
20:26:48.051 5 ACPI.sys[8ba393b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e6e908]
20:26:48.051 Disk 0 statistics 76805/0/0 @ 7,33 MB/s
20:26:48.051 Scan finished successfully
20:27:05.772 Disk 0 MBR has been saved successfully to "C:\Users\doma\Desktop\MBR.dat"
20:27:05.772 The log file has been saved successfully to "C:\Users\doma\Desktop\aswMBR.txt"
Re: kontrola logu
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 8.0.7600.16385
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 3488079872, free: 1447788544
Downloaded database version: v2015.04.27.03
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
Initializing...
======================
------------ Kernel report ------------
04/27/2015 20:34:13
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Users\doma\AppData\Local\Temp\aswMBR.sys
\??\C:\Users\doma\AppData\Local\Temp\aswVmm.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.04.27.03
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86341a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86341698, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86341a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e70918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85e6e908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 372C372B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 117210177
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60021399040 bytes
Sector size: 512 bytes
Done!
Infected file C:\Windows\System32\rpcss.dll could not be remediated because backup file is not available
Infected: HKU\S-1-5-21-3142823152-2636696196-3780361810-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal successful. No system shutdown is required.
=======================================
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 8.0.7600.16385
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 3488079872, free: 1447788544
Downloaded database version: v2015.04.27.03
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
Initializing...
======================
------------ Kernel report ------------
04/27/2015 20:34:13
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Users\doma\AppData\Local\Temp\aswMBR.sys
\??\C:\Users\doma\AppData\Local\Temp\aswVmm.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.04.27.03
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86341a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86341698, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86341a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e70918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85e6e908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 372C372B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 117210177
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60021399040 bytes
Sector size: 512 bytes
Done!
Infected file C:\Windows\System32\rpcss.dll could not be remediated because backup file is not available
Infected: HKU\S-1-5-21-3142823152-2636696196-3780361810-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal successful. No system shutdown is required.
=======================================
Re: kontrola logu
Stáhni si RKill: http://www.bleepingcomputer.com/download/rkill/dl/11/
Ulož na Plochu, spusť jako správce, nech pracovat.
--------------------------------------------------
Nyní prosím nerestartuj PC!
--------------------------------------------------
Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!
Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.
Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt
Jeho obsah sem prosím vlož.
Ulož na Plochu, spusť jako správce, nech pracovat.
--------------------------------------------------
Nyní prosím nerestartuj PC!
--------------------------------------------------
Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!
Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.
Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt
Jeho obsah sem prosím vlož.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů