Utrack

Zpráva

maba345 · #16 Příspěvek od **maba345** » 24 říj 2015 17:27

OK hodím tam Avast. aj restore pointy zapnem tu je fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Test (2015-10-24 15:51:26) Run:3
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
File: C:\Windows\SysWOW64\msvcr120L.dll
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: G - G:\AUTORUN.EXE
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {0af2407d-6685-11e5-a839-fcaa14500743} - I:\autorun.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {810091f9-4659-11e5-93db-fcaa14500743} - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {c0ff8200-7262-11e5-9eb7-fcaa14500743} - J:\RunGame.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {d38d63e1-f0f1-11e4-9642-fcaa14500743} - G:\AUTORUN.EXE
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL =
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
2015-09-06 21:42 - 2015-09-06 21:42 - 0005028 _____ () C:\ProgramData\mtbjfghn.xbe
Task: {E8601C81-A93B-4A26-A2B0-944EB558F659} - System32\Tasks\Vcosxztk => Rundll32.exe "C:\Windows\SysWOW64\msvcr120L.dll",PYIJIKKAC
Task: C:\Windows\Tasks\Vcosxztk.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\msvcr120L.dll
AlternateDataStreams: C:\Users\Test\Desktop\JRT.exe:BDU
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========================= File: C:\Windows\SysWOW64\msvcr120L.dll ========================

File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E
Creation and modification date: 2015-10-15 12:10 - 2015-10-15 12:10
Size: 0398336
Attributes: -RASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af2407d-6685-11e5-a839-fcaa14500743}" => key removed successfully
HKCR\CLSID\{0af2407d-6685-11e5-a839-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{810091f9-4659-11e5-93db-fcaa14500743}" => key removed successfully
HKCR\CLSID\{810091f9-4659-11e5-93db-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0ff8200-7262-11e5-9eb7-fcaa14500743}" => key removed successfully
HKCR\CLSID\{c0ff8200-7262-11e5-9eb7-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38d63e1-f0f1-11e4-9642-fcaa14500743}" => key removed successfully
HKCR\CLSID\{d38d63e1-f0f1-11e4-9642-fcaa14500743} => key not found.
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\ProgramData\mtbjfghn.xbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
C:\Windows\System32\Tasks\Vcosxztk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vcosxztk" => key removed successfully
C:\Windows\Tasks\Vcosxztk.job => moved successfully
C:\Users\Test\Desktop\JRT.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 403.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:51:27 ====

#17 Příspěvek od **altrok** » 25 říj 2015 12:36

Vyborne, jak se chova pocitac?

maba345 · #18 Příspěvek od **maba345** » 25 říj 2015 14:43

Zatiaľ vyzerá v pohode Rundll32 nezaberá moc RAM ani žiadne divné procesy či služby nevidím vďaka za pomoc

#19 Příspěvek od **altrok** » 25 říj 2015 18:21

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

Nemate zac, rad jsem pomohl

maba345 · #20 Příspěvek od **maba345** » 29 říj 2015 12:19

Tu je ešte log Delfixu

# DelFix v1.011 - Logfile created 29/10/2015 at 12:17:58
# Updated 18/08/2015 by Xplode
# Username : Test - MABA
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller.3.1.0.5_18.10.2015_16.44.49_log.txt
Deleted : C:\Users\Test\Downloads\dds.com
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

#21 Příspěvek od **altrok** » 30 říj 2015 13:02

Tento posledni soubor ( C:\DelFix.txt ) muzete rucne smazat a je i zameteno.

Mejte se krasne a treba zase nekdy

VIRY.CZ

Utrack

Re: Utrack

Re: Utrack

Re: Utrack

Re: Utrack

Re: Utrack

Re: Utrack