Prosim o kontrolu logu z RogueKillerX64

Zpráva

pekox · #1 Příspěvek od **pekox** » 01 črc 2013 16:14

Ahoj, prosim o kontrolu logu z RogueKillerX64
[Avast mi opakovane hlasi trojskeho kona
Win32:BitCoinMiner-CA [Tr]]
...aj ked tvrdi, ze ho dal do truhly
Dakujem!

Správa (log):
**************************************
RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://www.adlice.com/forum/
Webové stránky : hxxp://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Admin [Práva správce]
Mód : Kontrola -- Datum : 07/01/2013 17:09:26
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> SMAZÁNO [TermProc]
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : WebCake Desktop ("C:\Users\Admin\AppData\Roaming\WebCake\WebCakeDesktop.exe" [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : tsiVideo (C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\\tsiVi232.dll,start [-][-]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-4017520810-1542635729-1563303463-1001\[...]\Run : SearchProtect (C:\Users\Admin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-4017520810-1542635729-1563303463-1001\[...]\Run : WebCake Desktop ("C:\Users\Admin\AppData\Roaming\WebCake\WebCakeDesktop.exe" [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-4017520810-1542635729-1563303463-1001\[...]\Run : tsiVideo (C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\\tsiVi232.dll,start [-][-]) -> NALEZENO
[SERVICE][BLACKLIST] HKLM\[...]\CCSet\[...]\Services : BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7]) -> NALEZENO
[SERVICE][BLACKLIST] HKLM\[...]\CS001\[...]\Services : BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7]) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSC2CW120A +++++
--- User ---
[MBR] 9f1f5c111b41c6ebe6fb968abea41ce6
[BSP] 09ab6902ad0cafa387a0d35de4b67cbe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: INTEL SSDSC2CW120A +++++
--- User ---
[MBR] 6fff3c84ff9eb9d86ab4227716c3b915
[BSP] f9c8798486b7dafee1343538058b90b6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSC2CW120A +++++
--- User ---
[MBR] 73f30ffb68047250063d6e7d09c74bb7
[BSP] b6595fc8d2bb4a28f9ae6c0c2357351d : Empty MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 1907728 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: INTEL SSDSC2CW120A +++++
--- User ---
[MBR] 9ca650f66aa5850cc85fc000098c5238
[BSP] a30564ba4ffe8be23c6f58e81fe955f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61183 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_S_07012013_170926.txt >>
RKreport[0]_S_07012013_164036.txt;RKreport[0]_S_07012013_164204.txt;RKreport[0]_S_07012013_164850.txt

#2 Příspěvek od **vyosek** » 01 črc 2013 17:06

Zdravim

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

VIRY.CZ

Prosim o kontrolu logu z RogueKillerX64

Prosim o kontrolu logu z RogueKillerX64

Re: Prosim o kontrolu logu z RogueKillerX64