Re: Utrack
Napsal: 24 říj 2015 17:27
OK hodím tam Avast. aj restore pointy zapnem tu je fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Test (2015-10-24 15:51:26) Run:3
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Test)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
File: C:\Windows\SysWOW64\msvcr120L.dll
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: G - G:\AUTORUN.EXE
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {0af2407d-6685-11e5-a839-fcaa14500743} - I:\autorun.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {810091f9-4659-11e5-93db-fcaa14500743} - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {c0ff8200-7262-11e5-9eb7-fcaa14500743} - J:\RunGame.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {d38d63e1-f0f1-11e4-9642-fcaa14500743} - G:\AUTORUN.EXE
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL =
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
2015-09-06 21:42 - 2015-09-06 21:42 - 0005028 _____ () C:\ProgramData\mtbjfghn.xbe
Task: {E8601C81-A93B-4A26-A2B0-944EB558F659} - System32\Tasks\Vcosxztk => Rundll32.exe "C:\Windows\SysWOW64\msvcr120L.dll",PYIJIKKAC
Task: C:\Windows\Tasks\Vcosxztk.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\msvcr120L.dll
AlternateDataStreams: C:\Users\Test\Desktop\JRT.exe:BDU
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
========================= File: C:\Windows\SysWOW64\msvcr120L.dll ========================
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E
Creation and modification date: 2015-10-15 12:10 - 2015-10-15 12:10
Size: 0398336
Attributes: -RASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af2407d-6685-11e5-a839-fcaa14500743}" => key removed successfully
HKCR\CLSID\{0af2407d-6685-11e5-a839-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{810091f9-4659-11e5-93db-fcaa14500743}" => key removed successfully
HKCR\CLSID\{810091f9-4659-11e5-93db-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0ff8200-7262-11e5-9eb7-fcaa14500743}" => key removed successfully
HKCR\CLSID\{c0ff8200-7262-11e5-9eb7-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38d63e1-f0f1-11e4-9642-fcaa14500743}" => key removed successfully
HKCR\CLSID\{d38d63e1-f0f1-11e4-9642-fcaa14500743} => key not found.
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\ProgramData\mtbjfghn.xbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
C:\Windows\System32\Tasks\Vcosxztk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vcosxztk" => key removed successfully
C:\Windows\Tasks\Vcosxztk.job => moved successfully
C:\Users\Test\Desktop\JRT.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 403.8 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 15:51:27 ====
Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Test (2015-10-24 15:51:26) Run:3
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Test)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
File: C:\Windows\SysWOW64\msvcr120L.dll
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: G - G:\AUTORUN.EXE
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {0af2407d-6685-11e5-a839-fcaa14500743} - I:\autorun.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {810091f9-4659-11e5-93db-fcaa14500743} - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {c0ff8200-7262-11e5-9eb7-fcaa14500743} - J:\RunGame.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {d38d63e1-f0f1-11e4-9642-fcaa14500743} - G:\AUTORUN.EXE
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL =
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
2015-09-06 21:42 - 2015-09-06 21:42 - 0005028 _____ () C:\ProgramData\mtbjfghn.xbe
Task: {E8601C81-A93B-4A26-A2B0-944EB558F659} - System32\Tasks\Vcosxztk => Rundll32.exe "C:\Windows\SysWOW64\msvcr120L.dll",PYIJIKKAC
Task: C:\Windows\Tasks\Vcosxztk.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\msvcr120L.dll
AlternateDataStreams: C:\Users\Test\Desktop\JRT.exe:BDU
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
========================= File: C:\Windows\SysWOW64\msvcr120L.dll ========================
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E
Creation and modification date: 2015-10-15 12:10 - 2015-10-15 12:10
Size: 0398336
Attributes: -RASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af2407d-6685-11e5-a839-fcaa14500743}" => key removed successfully
HKCR\CLSID\{0af2407d-6685-11e5-a839-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{810091f9-4659-11e5-93db-fcaa14500743}" => key removed successfully
HKCR\CLSID\{810091f9-4659-11e5-93db-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0ff8200-7262-11e5-9eb7-fcaa14500743}" => key removed successfully
HKCR\CLSID\{c0ff8200-7262-11e5-9eb7-fcaa14500743} => key not found.
"HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38d63e1-f0f1-11e4-9642-fcaa14500743}" => key removed successfully
HKCR\CLSID\{d38d63e1-f0f1-11e4-9642-fcaa14500743} => key not found.
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\ProgramData\mtbjfghn.xbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8601C81-A93B-4A26-A2B0-944EB558F659}" => key removed successfully
C:\Windows\System32\Tasks\Vcosxztk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vcosxztk" => key removed successfully
C:\Windows\Tasks\Vcosxztk.job => moved successfully
C:\Users\Test\Desktop\JRT.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 403.8 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 15:51:27 ====
