RogueKiller V8.7.7 _x64_ [Nov 11 2013] od Tigzy mail : tigzyRKgmailcom Dodaj opinię : http://www.adlice.com/forum/ Strona internetowa : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Uruchomiono z : Tryb awaryjny z obsługą sieci Użytkownik : Renia [Uprawnienia Administratora] Tryb : Skanuj -- Data : 11/11/2013 11:00:19 | ARK || FAK || MBR | ¤¤¤ Szkodliwe procesy : 1 ¤¤¤ [ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\ \...\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" < [x] -> ZATRZYMANO ¤¤¤ Wpisy w Rejestrze : 18 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : CyberLink (C:\Users\Renia\AppData\Roaming\F3D5DA\F3D5DA.exe [7]) -> ZNALEZIONO [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Renia\AppData\Local\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\???\???\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" >) -> ZNALEZIONO [RUN][SUSP PATH] HKCU\[...]\Run : Default (C:\Users\Renia\AppData\Roaming\hFtOF\ltc.exe [7]) -> ZNALEZIONO [RUN][SUSP PATH] HKUS\S-1-5-21-3794826885-1646516717-2618408823-1000\[...]\Run : CyberLink (C:\Users\Renia\AppData\Roaming\F3D5DA\F3D5DA.exe [7]) -> ZNALEZIONO [RUN][ZeroAccess] HKUS\S-1-5-21-3794826885-1646516717-2618408823-1000\[...]\Run : Google Update ("C:\Users\Renia\AppData\Local\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\???\???\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" >) -> ZNALEZIONO [RUN][SUSP PATH] HKUS\S-1-5-21-3794826885-1646516717-2618408823-1000\[...]\Run : Default (C:\Users\Renia\AppData\Roaming\hFtOF\ltc.exe [7]) -> ZNALEZIONO [SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\ \...\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" < [x]) -> ZNALEZIONO [SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\ \...\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" < [x]) -> ZNALEZIONO [SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\ \...\???ﯹ๛\{c7df3e25-98aa-4834-0545-02e0c7de9b48}\GoogleUpdate.exe" < [x]) -> ZNALEZIONO [DNS][PUM] HKLM\[...]\CCSet\[...]\{B7FDB295-43BF-4C04-88E5-F386368FCB60} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> ZNALEZIONO [DNS][PUM] HKLM\[...]\CS001\[...]\{B7FDB295-43BF-4C04-88E5-F386368FCB60} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> ZNALEZIONO [DNS][PUM] HKLM\[...]\CS002\[...]\{B7FDB295-43BF-4C04-88E5-F386368FCB60} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> ZNALEZIONO [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> ZNALEZIONO [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> ZNALEZIONO [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> ZNALEZIONO [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> ZNALEZIONO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO ¤¤¤ Zaplanowane zadania : 0 ¤¤¤ ¤¤¤ Wpisy startowe : 0 ¤¤¤ ¤¤¤ przeglądarki internetowe : 0 ¤¤¤ ¤¤¤ Pliki / Foldery: ¤¤¤ [ZeroAccess][plik] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> ZNALEZIONO [ZeroAccess][plik] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][łączenie] pl-PL : C:\Program Files\Windows Defender\pl-PL >> \systemroot\system32\config [-] --> ZNALEZIONO [ZeroAccess][skoroszyt] Install : C:\Users\Renia\AppData\Local\Google\Desktop\Install [-] --> ZNALEZIONO ¤¤¤ Sterownik : [NIEZAŁADOWANY 0x0] ¤¤¤ ¤¤¤ Gałąź rejestru (offline): ¤¤¤ ¤¤¤ Infekcja : ZeroAccess ¤¤¤ ¤¤¤ Plik HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ Sprawdzenie MBR: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++ --- User --- [MBR] 4216376b9589d108a6ec22f3efbbd00b [BSP] f79c5de04080ee0e1e1c0d82fce8c166 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Zakończono : << RKreport[0]_S_11112013_110019.txt >>