RogueKiller V8.7.5 [Oct 22 2013] od Tigzy
mail : tigzyRK<at>gmail<dot>com
Dodaj opinię : http://www.adlice.com/forum/
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Rej [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 10/28/2013 12:22:51
| ARK || FAK || MBR |

¤¤¤ Szkodliwe procesy : 0 ¤¤¤

¤¤¤ Wpisy w Rejestrze : 11 ¤¤¤
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{855c3967-086f-3046-d588-ae24035dd676}\   \...\???ﯹ๛\{855c3967-086f-3046-d588-ae24035dd676}\GoogleUpdate.exe" < [x]) -> ZNALEZIONO
[SERVICE][ZeroAccess] HKLM\[...]\CS003\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{855c3967-086f-3046-d588-ae24035dd676}\   \...\???ﯹ๛\{855c3967-086f-3046-d588-ae24035dd676}\GoogleUpdate.exe" < [x]) -> ZNALEZIONO
[DNS][PUM] HKLM\[...]\CS001\[...]\{897FD7BF-62A4-4795-BA3B-7CAA6FF9CC28} : NameServer (194.204.159.1,192.204.152.34 [POLAND (PL) - UNITED STATES (US)]) -> ZNALEZIONO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ZNALEZIONO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> ZNALEZIONO
[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> ZNALEZIONO
[HJ SECU][PUM] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> ZNALEZIONO
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> ZNALEZIONO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ZNALEZIONO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 0 ¤¤¤

¤¤¤ Wpisy startowe : 5 ¤¤¤
[All Users][SUSP UNIC] System (C) ??� skrót.lnk : C:\Users\All Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System (C) ??� skrót.lnk [x] -> ZNALEZIONO
[Default][SUSP UNIC] System (C) ??� skrót.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System (C) ??� skrót.lnk [x] -> ZNALEZIONO
[Default User][SUSP UNIC] System (C) ??� skrót.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System (C) ??� skrót.lnk [x] -> ZNALEZIONO
[desktop.ini][SUSP UNIC] System (C) ??� skrót.lnk : C:\Users\desktop.ini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System (C) ??� skrót.lnk [x] -> ZNALEZIONO
[Public][SUSP UNIC] System (C) ??� skrót.lnk : C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System (C) ??� skrót.lnk [x] -> ZNALEZIONO

¤¤¤ przeglądarki internetowe : 0 ¤¤¤

¤¤¤ Pliki / Foldery: ¤¤¤
[ZeroAccess][skoroszyt] Install : C:\Users\Rej\AppData\Local\Google\Desktop\Install [-] --> ZNALEZIONO
[ZeroAccess][skoroszyt] Install : C:\Program Files\Google\Desktop\Install [-] --> ZNALEZIONO

¤¤¤ Sterownik : [ZAŁADOWANY] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6DBF1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D70DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7460D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7462D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x756246E9)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6DBF1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D70DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7460D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7462D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x756246E9)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6DBF1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D70DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7460D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D7462D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x756246E9)

¤¤¤ Gałąź rejestru (offline): ¤¤¤

¤¤¤ Infekcja : ZeroAccess ¤¤¤

¤¤¤ Plik HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ Sprawdzenie MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721032SLA360 ATA Device +++++
--- User ---
[MBR] adccfdb211acb53e16fe8064e1837a96
[BSP] 75429eeeef0b93dba95f6811eb47879b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205006848 | Size: 205142 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Zakończono : << RKreport[0]_S_10282013_122251.txt >>