RogueKiller V9.2.10.0 [Jul 11 2014] od Adlice Software
mail : http://www.adlice.com/contact/
Dodaj opinię : http://forum.adlice.com
Strona internetowa : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Spid3r [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 09/23/2014  00:13:34

¤¤¤ Szkodliwe procesy : 4 ¤¤¤
[Proc.Svchost] svchost.exe -- [x] -> ZAKOŃCZONO [TermProc]
[Proc.Svchost] svchost.exe -- [x] -> ZAKOŃCZONO [TermProc]
[Proc.Svchost] svchost.exe -- [x] -> ZAKOŃCZONO [TermProc]
[Suspicious.Path] FRST x64.exe -- C:\Users\Spid3r\Desktop\Nowy folder\FRST x64.exe[-] -> ZAKOŃCZONO [TermProc]

¤¤¤ Wpisy w Rejestrze : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1427378F-01E4-4954-85B7-81DA3A1AA628} | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1427378F-01E4-4954-85B7-81DA3A1AA628} | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1427378F-01E4-4954-85B7-81DA3A1AA628} | DhcpNameServer : 212.76.224.172 89.2.0.1 89.2.0.2  -> ZNALEZIONO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> ZNALEZIONO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2622835651-1712134509-2677869765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 1 ¤¤¤
[Suspicious.Path] \\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} -- C:\ProgramData\cisEA.exe (--PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}) -> ZNALEZIONO

¤¤¤ Pliki : 0 ¤¤¤

¤¤¤ Plik HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1	localhost

¤¤¤ Antirootkit : 0 (Driver: NIEZAŁADOWANY [0xc000036b]) ¤¤¤

¤¤¤ przeglądarki internetowe : 0 ¤¤¤

¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: ST9320320AS +++++
--- User ---
[MBR] b0871647e0eb61c807201cab3bfb09cb
[BSP] 0149930ed17c8c76fbf9bbee72f31d93 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 323055616 | Size: 143872 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 617705472 | Size: 3630 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HTS543232L9A300 +++++
--- User ---
[MBR] 95a3535f77d6c7e004e22f3b61e610f6
[BSP] 1dcd8f4a3b63465b6ea91d5e5b78b4f8 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09112014_151243.log - RKreport_DEL_09182014_221744.log - 

RKreport_DEL_09192014_105123.log - RKreport_DEL_09192014_171334.log
RKreport_SCN_09112014_144203.log - RKreport_SCN_09152014_174607.log - 

RKreport_SCN_09162014_225748.log - RKreport_SCN_09182014_221519.log
RKreport_SCN_09192014_105026.log - RKreport_SCN_09192014_144536.log