Hlašení o protiprávní aktivitě

[marty210]

Zdravim mám problém, při spuštění, avi souboru mi vyskočilo hlášení o protiprávní aktivitě s tím, že mám zaplatit pokutu, na policii mi řekli, že je to vir, přes celou obrazovku nb a nejde mi ani zminimalizovat a ani žádné klávesnice nefungují. Antivir bohužel nemám, skončila mu licence. Ani log nemůžu. Zkoušel jsem vymazat v nouzovém režimu, ale tam toto hlášení vyskočilo taky a ani obnova systému nepomohla. Už si s tím nevim rady. Děkuji za jakoukoliv radu.

[vyosek]

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

• Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

• Zadejte prikaz notepad a odenterujte
• Otebre se poznamkovy blok (notepad)
• Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
• Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
• Zavrete notepad krizkem

Ted si ziskame log

• Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
• Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
• Spusti se FRST
• Spuste prohledavani kliknutim na Scan
• Po chvili se vytvori na flash disku log FRST.exe
• Ten mi sem vlozte pres zdravy PC

[marty210]

Zdarvim Tady to je :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2013 01
Ran by Administrator at 06-03-2013 16:57:10
Running from E:\
Service Pack 3 (X86) OS Language: Czech
Attention: Could not load system hive.

Error: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-03-06 16:57 - 2013-03-06 16:57 - 00000000 ____D C:\FRST
2013-03-05 14:05 - 2013-03-05 14:05 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-03-05 14:04 - 2013-03-06 16:52 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-03-05 14:04 - 2013-03-05 14:06 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-03-05 14:04 - 2013-03-05 14:04 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-03-05 14:04 - 2013-03-05 14:04 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-03-05 14:04 - 2012-07-28 08:36 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-03-05 14:04 - 2010-09-30 19:57 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-03-05 14:04 - 2010-09-30 17:38 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2013-03-05 14:04 - 2010-05-27 17:58 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2013-03-05 14:04 - 2010-05-27 17:58 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2013-03-05 14:04 - 2010-05-27 17:58 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2013-03-05 14:04 - 2010-05-27 17:58 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-03-05 14:04 - 2010-05-27 17:58 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty
2013-03-05 10:04 - 2013-03-05 10:04 - 00139776 ____A C:\Documents and Settings\martin\8925104.dll
2013-03-05 10:04 - 2013-03-05 10:04 - 00000000 ____D C:\Windows\Sun
2013-02-27 14:05 - 2013-02-27 14:05 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-02-27 14:00 - 2013-02-27 17:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-15 07:16 - 2013-02-15 07:16 - 00011551 ____A C:\Windows\KB2797052-IE8.log
2013-02-15 07:16 - 2013-02-15 07:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-15 07:16 - 2013-02-15 07:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-15 07:15 - 2013-02-15 07:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-15 07:15 - 2013-02-15 07:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-15 07:11 - 2013-02-15 07:16 - 00039840 ____A C:\Windows\iis6.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00037097 ____A C:\Windows\FaxSetup.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00017736 ____A C:\Windows\ocgen.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00016926 ____A C:\Windows\tsoc.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00012354 ____A C:\Windows\comsetup.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00011530 ____A C:\Windows\msmqinst.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00007482 ____A C:\Windows\ntdtcsetup.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00006498 ____A C:\Windows\netfxocm.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00002550 ____A C:\Windows\MedCtrOC.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00002316 ____A C:\Windows\ocmsn.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00001866 ____A C:\Windows\tabletoc.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00001854 ____A C:\Windows\msgsocm.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00001374 ____A C:\Windows\imsins.log
2013-02-15 07:11 - 2013-02-15 07:16 - 00001374 ____A C:\Windows\imsins.BAK
2013-02-15 07:11 - 2013-02-15 07:11 - 00002928 ____A C:\Windows\updspapi.log
2013-02-15 07:11 - 2013-02-15 07:11 - 00000000 ____A C:\Windows\setuperr.log
2013-02-15 07:11 - 2013-02-15 07:11 - 00000000 ____A C:\Windows\setupact.log
2013-02-15 07:09 - 2013-02-15 07:11 - 00016149 ____A C:\Windows\KB2792100-IE8.log
2013-02-14 08:29 - 2013-02-15 07:16 - 00017252 ____A C:\Windows\KB2799494.log
2013-02-14 08:29 - 2013-02-15 07:16 - 00016495 ____A C:\Windows\KB2778344.log
2013-02-14 08:29 - 2013-02-15 07:15 - 00015365 ____A C:\Windows\KB2802968.log
2013-02-14 08:29 - 2013-02-15 07:15 - 00015115 ____A C:\Windows\KB2780091.log
2013-02-07 18:14 - 2013-02-07 18:14 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-02-07 17:14 - 2013-02-07 17:14 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-02-07 17:14 - 2013-02-07 17:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-02-07 17:11 - 2013-02-07 17:11 - 00000000 ____D C:\Windows\SHELLNEW
2013-02-07 17:11 - 2013-02-07 17:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-02-07 17:10 - 2013-02-07 17:29 - 00000000 ____D C:\Program Files\Microsoft Office
2013-02-07 17:10 - 2013-02-07 17:10 - 00000000 __RHD C:\MSOCache

==================== One Month Modified Files and Folders ========

2013-03-06 16:53 - 2008-04-14 13:00 - 00002422 ____A C:\Windows\System32\wpa.dbl
2013-03-06 16:52 - 2013-03-05 14:04 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-03-06 16:52 - 2010-09-30 17:46 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-03-05 16:04 - 2010-09-30 17:48 - 00000178 __ASH C:\Documents and Settings\martin\ntuser.ini
2013-03-05 16:04 - 2010-09-30 17:41 - 01492069 ____A C:\Windows\WindowsUpdate.log
2013-03-05 16:03 - 2010-09-30 17:48 - 00000062 __ASH C:\Documents and Settings\martin\Local Settings\desktop.ini
2013-03-05 16:03 - 2010-09-30 17:46 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-03-05 16:03 - 2010-09-30 17:46 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-05 16:03 - 2010-05-27 18:01 - 00000159 ____A C:\Windows\wiadebug.log
2013-03-05 16:03 - 2010-05-27 18:01 - 00000048 ____A C:\Windows\wiaservc.log
2013-03-05 16:03 - 2009-02-03 23:13 - 00121808 ____A C:\Windows\System32\ativvaxx.cap
2013-03-05 15:18 - 2010-09-30 17:46 - 00032472 ____A C:\Windows\SchedLgU.Txt
2013-03-05 15:05 - 2012-07-17 17:39 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-05 14:06 - 2013-03-05 14:04 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-03-05 14:05 - 2013-03-05 14:05 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-03-05 14:04 - 2013-03-05 14:04 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-03-05 14:04 - 2013-03-05 14:04 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-03-05 12:12 - 2010-05-27 17:58 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-03-05 10:04 - 2013-03-05 10:04 - 00139776 ____A C:\Documents and Settings\martin\8925104.dll
2013-03-05 10:04 - 2013-03-05 10:04 - 00000000 ____D C:\Windows\Sun
2013-03-05 10:02 - 2010-10-14 11:02 - 00000116 ____A C:\Windows\NeroDigital.ini
2013-02-27 17:40 - 2013-02-27 14:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-27 17:40 - 2012-07-17 17:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-02-27 14:05 - 2013-02-27 14:05 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-02-27 14:05 - 2012-07-17 17:39 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-27 14:05 - 2012-07-17 17:39 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-15 11:49 - 2010-09-30 19:34 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-15 07:53 - 2012-01-27 06:31 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-15 07:35 - 2010-05-27 17:57 - 00305216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-15 07:16 - 2013-02-15 07:16 - 00011551 ____A C:\Windows\KB2797052-IE8.log
2013-02-15 07:16 - 2013-02-15 07:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-15 07:16 - 2013-02-15 07:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-15 07:16 - 2013-02-15 07:11 - 00039840 ____A C:\Windows\iis6.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00037097 ____A C:\Windows\FaxSetup.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00017736 ____A C:\Windows\ocgen.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00016926 ____A C:\Windows\tsoc.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00012354 ____A C:\Windows\comsetup.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00011530 ____A C:\Windows\msmqinst.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00007482 ____A C:\Windows\ntdtcsetup.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00006498 ____A C:\Windows\netfxocm.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00002550 ____A C:\Windows\MedCtrOC.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00002316 ____A C:\Windows\ocmsn.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00001866 ____A C:\Windows\tabletoc.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00001854 ____A C:\Windows\msgsocm.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00001374 ____A C:\Windows\imsins.log
2013-02-15 07:16 - 2013-02-15 07:11 - 00001374 ____A C:\Windows\imsins.BAK
2013-02-15 07:16 - 2013-02-14 08:29 - 00017252 ____A C:\Windows\KB2799494.log
2013-02-15 07:16 - 2013-02-14 08:29 - 00016495 ____A C:\Windows\KB2778344.log
2013-02-15 07:16 - 2010-02-19 03:00 - 00000000 ___HD C:\Windows\$hf_mig$
2013-02-15 07:15 - 2013-02-15 07:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-15 07:15 - 2013-02-15 07:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-15 07:15 - 2013-02-14 08:29 - 00015365 ____A C:\Windows\KB2802968.log
2013-02-15 07:15 - 2013-02-14 08:29 - 00015115 ____A C:\Windows\KB2780091.log
2013-02-15 07:11 - 2013-02-15 07:11 - 00002928 ____A C:\Windows\updspapi.log
2013-02-15 07:11 - 2013-02-15 07:11 - 00000000 ____A C:\Windows\setuperr.log
2013-02-15 07:11 - 2013-02-15 07:11 - 00000000 ____A C:\Windows\setupact.log
2013-02-15 07:11 - 2013-02-15 07:09 - 00016149 ____A C:\Windows\KB2792100-IE8.log
2013-02-15 07:09 - 2010-05-27 17:58 - 00004872 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-08 09:26 - 2010-09-30 17:48 - 00000000 ____D C:\Documents and Settings\martin\Plocha
2013-02-07 18:16 - 2010-09-30 17:48 - 00000000 __RHD C:\Documents and Settings\martin\Data aplikací
2013-02-07 18:15 - 2010-05-27 17:58 - 00000000 ___HD C:\Documents and Settings\All Users\Šablony
2013-02-07 18:15 - 2010-05-27 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-02-07 18:14 - 2013-02-07 18:14 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-02-07 17:29 - 2013-02-07 17:10 - 00000000 ____D C:\Program Files\Microsoft Office
2013-02-07 17:29 - 2008-04-14 13:00 - 00000541 ____A C:\Windows\win.ini
2013-02-07 17:15 - 2010-05-27 17:58 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-02-07 17:14 - 2013-02-07 17:14 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-02-07 17:14 - 2013-02-07 17:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-02-07 17:11 - 2013-02-07 17:11 - 00000000 ____D C:\Windows\SHELLNEW
2013-02-07 17:11 - 2013-02-07 17:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-02-07 17:10 - 2013-02-07 17:10 - 00000000 __RHD C:\MSOCache
2013-02-07 16:03 - 2012-07-24 17:32 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
2013-02-07 15:57 - 2010-09-30 17:40 - 00000000 ____D C:\Program Files\Common Files\System


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2008-04-14 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2008-04-14 13:00] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 13:00] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 3036.19 MB
Available physical RAM: 2794.16 MB
Total Pagefile: 4926.63 MB
Available Pagefile: 4871.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.44 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:387.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (USB) (Removable) (Total:7.58 GB) (Free:0.65 GB) FAT32

V poźˇtaźi: DOMOV-48716F102
Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Probˇh  ukonźenˇ programu DiskPart...

Partitions of Disk 0:
===============

V poźˇtaźi: DOMOV-48716F102
Nynˇ je vybr n disk 0.
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- ------- -------
Oddˇl 1 Prim rnˇ 466 GB 32 KB
Probˇh  ukonźenˇ programu DiskPart...

=========================================================
==================== End Of Log ============================

[vyosek]

Stahnete na flash disk jeste RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Opet najedte do nouzoveho rezimu s prikazovym radkem a zadejte E:\RogueKiller.exe - enter a spusti se RK

RogueKiller

• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[marty210]

tady

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 03/06/2013 18:18:31
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[STARTUP][Rans.Gendarm] runctf.lnk @Administrator : C:\WINDOWS\system32\rundll32.exe|c:\docume~1\martin\8925104.dll,M1N1 -> NALEZENO
[STARTUP][Rans.Gendarm] runctf.lnk @martin : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\martin\8925104.dll,M1N1 -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet001\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NALEZENO
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet002\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NALEZENO
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet003\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Rans.Gendarm ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 48d0346c0e4aa77a1679e626865c0941
[BSP] b485915033a9e2bc0d80c660be6580d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 2a016b526be89445d56ce505cc03aa4c
[BSP] a1ec89b28c99221d75107d4ef758c7a4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1656 | Size: 7781 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_03062013_02d1818.txt >>
RKreport[1]_S_03062013_02d1818.txt

[vyosek]

Spustte znovu RogueKiller

• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

[marty210]

smazání:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 03/06/2013 18:36:21
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[STARTUP][Rans.Gendarm] runctf.lnk @Administrator : C:\WINDOWS\system32\rundll32.exe|c:\docume~1\martin\8925104.dll,M1N1 -> VYMAZÁNO
[STARTUP][Rans.Gendarm] runctf.lnk @martin : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\martin\8925104.dll,M1N1 -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet001\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NAHRAZENO (%SystemRoot%\system32\wbem\WMIsvc.dll)
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet002\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NAHRAZENO (%SystemRoot%\system32\wbem\WMIsvc.dll)
[HJ DLL][ROGUE ST] HKLM\[...]\ControlSet003\Services\winmgmt\Parameters : ServiceDll (C:\Documents and Settings\martin\8925104.dll) [-] -> NAHRAZENO (%SystemRoot%\system32\wbem\WMIsvc.dll)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Rans.Gendarm ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 48d0346c0e4aa77a1679e626865c0941
[BSP] b485915033a9e2bc0d80c660be6580d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 2a016b526be89445d56ce505cc03aa4c
[BSP] a1ec89b28c99221d75107d4ef758c7a4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1656 | Size: 7781 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[3]_D_03062013_02d1836.txt >>
RKreport[1]_S_03062013_02d1818.txt ; RKreport[2]_S_03062013_02d1832.txt ; RKreport[3]_D_03062013_02d1836.txt

Host:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Oprava HOSTS -- Datum : 03/06/2013 18:36:59
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4]_H_03062013_02d1836.txt >>
RKreport[1]_S_03062013_02d1818.txt ; RKreport[2]_S_03062013_02d1832.txt ; RKreport[3]_D_03062013_02d1836.txt ; RKreport[4]_H_03062013_02d1836.txt

[vyosek]

Fajn, zkuste nyni najet do normalniho rezimu a dat log z RSIT

[marty210]

Nejde zas to tam naskočilo

[marty210]

dá se vymazat nějak ten soubor který to zpustil?

[marty210]

tak jsem to udělal znova akorát bez té opravy a už to je v pořádku. Děkuji

[vyosek]

Fajn, tak mi ted dejte log z RSIT, dle meho tam jeste nekde neco bude