Prosím o kontrolu logu - PC napadeno virem policie ČR + Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu - PC napadeno virem policie ČR +

Příspěvekod Lojza1 » 19 úno 2013 01:22

Dobry den.
Dnes po rozkliknuti emailu z gmailu mi antivir zahlasil vir, ktery jsem dal automaticky smazat(stejne tak i email). Nic se nedelo a po cca asi 10ti minutach naskocil bily screen, ze je pocitac zablokovan Policii CR. Kdyz jsem zjistil, ze se jedna o vir, zapnul jsem pocitac v nouzovem rezimu jako aministrator a snazil jsem se pocitac otestovat anitivrem AVG. Bohuzel mi vsak anitvir postupne na vsechny soubory vypsal, ze je nemuze otestovat, protoze jsou zamcene. Stahnul jsem tedy jiny antivir(Kasperski) a po rade od meho kamarada i Hijackthis. Ani jedno mi vsak v nouzovem rezimu neslo nainstalovat. Nechal jsem tedy pocitac zkontrolovat ComboFixem, ale ten se pokazde zaseknul na stejnem radku C:/Documents and Settings/all users/data aplikaci/TEMP. Kamarad mi tedy poradil at zpustim Hijackthis pres jeho portable verzi a postnu ho na toto forum.
V dalsim prispevku tedy prikladam vypis z Hijackthis a predem dekuji za vase rady.
Nahoru
Reklama
Top
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 01:23

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:15:44, on 19.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atcomp.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKLM\..\Policies\Explorer\Run: [5611] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.atcomp.cz
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2023176812
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6927 bytes
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod memphisto » 19 úno 2013 07:57

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 15:19

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.19.05

Windows XP Service Pack 3 x86 FAT32 (Nouzový režim s podporou sítě)
Internet Explorer 8.0.6001.18702
Administrator :: DC090407 [administrátor]

Ochrana: Zakázána

19.2.2013 15:12:21
MBAM-log-2013-02-19 (15-16-00).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 231685
Uplynulý čas: 2 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|5611 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\jirka\Data aplikací\skype.dat (Malware.Packer) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\jirka\Data aplikací\Ulev\emuq.exe (Spyware.Zeus) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\jirka\Local Settings\Temp\054fceb7.exe (Malware.Packer) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\jirka\Local Settings\Temp\0004d53e.exe (Spyware.Zeus) -> Nebyla provedena žádná instrukce.

(konec)
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 15:23

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 15:20:54
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DC090407
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin.xml
File Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-1.xml
File Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-2.xml
File Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\searchplugins\icqplugin-3.xml
Folder Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\Conduit
Folder Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\CT2405280
Folder Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
Folder Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Folder Found : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\extensions\DTToolbar@toolbarnet.com
Folder Found : C:\Documents and Settings\jirka\Local Settings\Data aplikací\AVG Security Toolbar
Folder Found : C:\Documents and Settings\jirka\Local Settings\Data aplikací\Conduit
Folder Found : C:\Documents and Settings\jirka\Local Settings\Data aplikací\Softonic-Eng7
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\ICQ6Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8765F433-11AF-4BA0-A39B-91F9635488FF}
Key Found : HKLM\Software\Softonic-Eng7
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (cs)

File : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\prefs.js

Found : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2405280.CTID", "CT2405280");
Found : user_pref("CT2405280.CurrentServerDate", "20-4-2012");
Found : user_pref("CT2405280.DialogsAlignMode", "LTR");
Found : user_pref("CT2405280.DownloadReferralCookieData", "");
Found : user_pref("CT2405280.EMailNotifierPollDate", "Fri Apr 20 2012 20:24:08 GMT+0200");
Found : user_pref("CT2405280.FeedLastCount1783261708582779529", 250);
Found : user_pref("CT2405280.FeedPollDate129255180392415092", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392415098", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392415104", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392415110", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392415116", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392415122", "Fri Jan 07 2011 20:17:42 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571378", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571384", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571390", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571396", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571402", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571408", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571414", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571420", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571426", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571432", "Fri Jan 07 2011 20:17:43 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571438", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392571444", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727700", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727706", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727712", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727718", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727724", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727730", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727736", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727742", "Fri Jan 07 2011 20:17:44 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727748", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727754", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727760", "Fri Jan 07 2011 14:58:48 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727766", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727772", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727778", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727784", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727790", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727796", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727802", "Fri Jan 07 2011 20:17:45 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727808", "Fri Jan 07 2011 14:58:49 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727814", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727820", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727826", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727832", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727838", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727844", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727850", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727856", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727862", "Fri Jan 07 2011 20:17:46 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727868", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727874", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727880", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727886", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727892", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedPollDate129255180392727898", "Fri Jan 07 2011 20:17:47 GMT+0100");
Found : user_pref("CT2405280.FeedTTL129255180392415104", 15);
Found : user_pref("CT2405280.FeedTTL129255180392415116", 60);
Found : user_pref("CT2405280.FeedTTL129255180392571420", 60);
Found : user_pref("CT2405280.FeedTTL129255180392571426", 15);
Found : user_pref("CT2405280.FeedTTL129255180392571432", 2);
Found : user_pref("CT2405280.FeedTTL129255180392571438", 15);
Found : user_pref("CT2405280.FeedTTL129255180392727700", 2);
Found : user_pref("CT2405280.FeedTTL129255180392727706", 5);
Found : user_pref("CT2405280.FeedTTL129255180392727712", 5);
Found : user_pref("CT2405280.FeedTTL129255180392727724", 5);
Found : user_pref("CT2405280.FeedTTL129255180392727736", 30);
Found : user_pref("CT2405280.FeedTTL129255180392727742", 30);
Found : user_pref("CT2405280.FeedTTL129255180392727748", 2);
Found : user_pref("CT2405280.FeedTTL129255180392727766", 15);
Found : user_pref("CT2405280.FeedTTL129255180392727778", 15);
Found : user_pref("CT2405280.FeedTTL129255180392727784", 15);
Found : user_pref("CT2405280.FeedTTL129255180392727790", 15);
Found : user_pref("CT2405280.FeedTTL129255180392727808", 1440);
Found : user_pref("CT2405280.FeedTTL129255180392727838", 10);
Found : user_pref("CT2405280.FeedTTL129255180392727856", 5);
Found : user_pref("CT2405280.FirstServerDate", "18-8-2010");
Found : user_pref("CT2405280.FirstTime", true);
Found : user_pref("CT2405280.FirstTimeFF3", true);
Found : user_pref("CT2405280.FirstTimeSettingsDone", true);
Found : user_pref("CT2405280.FixPageNotFoundErrors", true);
Found : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2405280.Initialize", true);
Found : user_pref("CT2405280.InitializeCommonPrefs", true);
Found : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2405280.InstallationType", "UnknownIntegration");
Found : user_pref("CT2405280.InstalledDate", "Wed Aug 18 2010 01:52:33 GMT+0200");
Found : user_pref("CT2405280.InvalidateCache", false);
Found : user_pref("CT2405280.IsGrouping", false);
Found : user_pref("CT2405280.IsMulticommunity", false);
Found : user_pref("CT2405280.IsOpenThankYouPage", false);
Found : user_pref("CT2405280.IsOpenUninstallPage", true);
Found : user_pref("CT2405280.LanguagePackLastCheckTime", "Fri Apr 20 2012 19:44:08 GMT+0200");
Found : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2405280.LastLogin_2.7.1.3", "Mon Oct 25 2010 21:09:38 GMT+0200");
Found : user_pref("CT2405280.LastLogin_2.7.2.0", "Fri Apr 20 2012 19:44:07 GMT+0200");
Found : user_pref("CT2405280.LatestVersion", "3.12.0.7");
Found : user_pref("CT2405280.Locale", "en-us");
Found : user_pref("CT2405280.LoginCache", 4);
Found : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Found : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Found : user_pref("CT2405280.RadioIsPodcast", false);
Found : user_pref("CT2405280.RadioLastCheckTime", "Fri Apr 20 2012 19:44:07 GMT+0200");
Found : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Found : user_pref("CT2405280.RadioMediaID", "20503713");
Found : user_pref("CT2405280.RadioMediaType", "Media Player");
Found : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Found : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Found : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Found : user_pref("CT2405280.SavedHomepage", "hxxp://www.seznam.cz/");
Found : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Found : user_pref("CT2405280.SearchInNewTabEnabled", true);
Found : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Fri Apr 20 2012 19:44:06 GMT+0200");
Found : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2405280.SettingsLastCheckTime", "Fri Apr 20 2012 19:44:06 GMT+0200");
Found : user_pref("CT2405280.SettingsLastUpdate", "1334648957");
Found : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Mon Apr 16 2012 15:02:06 GMT+0200");
Found : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2405280.UserID", "UN56474970693684129");
Found : user_pref("CT2405280.ValidationData_Toolbar", 2);
Found : user_pref("CT2405280.WeatherNetwork", "");
Found : user_pref("CT2405280.WeatherPollDate", "Fri Apr 20 2012 20:14:08 GMT+0200");
Found : user_pref("CT2405280.WeatherUnit", "C");
Found : user_pref("CT2405280.alertChannelId", "799768");
Found : user_pref("CT2405280.backendstorage._fb_dailyactivity", "31333032343736343531333739");
Found : user_pref("CT2405280.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage._gpl_firstrun10100", "31333138343333383035");
Found : user_pref("CT2405280.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT2405280.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT2405280.backendstorage.cbcountry_000", "435A");
Found : user_pref("CT2405280.backendstorage.cbfirsttime", "5765642041707220313120323031322031373A31353A33342[...]
Found : user_pref("CT2405280.backendstorage.ct2405280isadsdisabled", "66616C7365");
Found : user_pref("CT2405280.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT2405280.backendstorage.fb_dailyactivity", "31333033373237363236373339");
Found : user_pref("CT2405280.backendstorage.fb_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage.for_aoi", "31333035353735323430");
Found : user_pref("CT2405280.backendstorage.for_ccid", "507261677565");
Found : user_pref("CT2405280.backendstorage.for_cdtr", "31333035353735323430");
Found : user_pref("CT2405280.backendstorage.for_cdtr2", "31333035353735323435");
Found : user_pref("CT2405280.backendstorage.for_cdtr5", "31333035383232373135");
Found : user_pref("CT2405280.backendstorage.for_cdtr6", "31333135373432363032");
Found : user_pref("CT2405280.backendstorage.for_cid", "435A");
Found : user_pref("CT2405280.backendstorage.for_ip", "38332E3230382E3136312E3539");
Found : user_pref("CT2405280.backendstorage.for_lcut", "31333334393433383533");
Found : user_pref("CT2405280.backendstorage.for_pid", "31303130");
Found : user_pref("CT2405280.backendstorage.for_rid", "3532");
Found : user_pref("CT2405280.backendstorage.for_zoneid", "39353034");
Found : user_pref("CT2405280.backendstorage.fv_dailyactivity", "31323937383932393932393235");
Found : user_pref("CT2405280.backendstorage.fv_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage.gs_dailyactivity", "31333033373237363236303033");
Found : user_pref("CT2405280.backendstorage.gs_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api16_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api25_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api26_thetrafficstat_net.pid2", "366466613938663465386438[...]
Found : user_pref("CT2405280.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "3664666139386634653864383[...]
Found : user_pref("CT2405280.backendstorage.hxxp://dl_gameplaylabs_com/items/condui ... strun10100", "3[...]
Found : user_pref("CT2405280.backendstorage.latestnotice", "3230");
Found : user_pref("CT2405280.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT2405280.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323220323031322030333A[...]
Found : user_pref("CT2405280.backendstorage.shoppingapp.gk.geolocation", "637A6563682072657075626C6963");
Found : user_pref("CT2405280.backendstorage.url_history0001", "687474703A2F2F7477696E686561642E7477696E73746[...]
Found : user_pref("CT2405280.backendstorage.ytapp_dailyactivity", "31333035373531373738363530");
Found : user_pref("CT2405280.backendstorage.ytapp_lifetimesent", "54525545");
Found : user_pref("CT2405280.clientLogIsEnabled", false);
Found : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2405280.myStuffEnabled", true);
Found : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.webhledani.cz/results.aspx?i=[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2405280");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 13 2011 01:33:30 GMT+0100");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2405280");
Found : user_pref("browser.search.defaultthis.engineName", "Softonic-Eng7 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&Sea[...]
Found : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");

File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\njxdhzos.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21054 octets] - [19/02/2013 15:20:54]

########## EOF - C:\AdwCleaner[R1].txt - [21115 octets] ##########
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod memphisto » 19 úno 2013 17:19

Takže jak v Mbam tak i AdwCleaner nech vše smazat a dodej logy

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 17:50

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.19.05

Windows XP Service Pack 3 x86 FAT32 (Nouzový režim s podporou sítě)
Internet Explorer 8.0.6001.18702
Administrator :: DC090407 [administrátor]

Ochrana: Zakázána

19.2.2013 17:46:45
MBAM-log-2013-02-19 (17-49-24).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 231440
Uplynulý čas: 2 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|5611 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msoqoy.com -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 17:51

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 17:50:32
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DC090407
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (cs)

File : C:\Documents and Settings\jirka\Data aplikací\Mozilla\Firefox\Profiles\1t6twe54.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\njxdhzos.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21185 octets] - [19/02/2013 15:20:54]
AdwCleaner[R2].txt - [21246 octets] - [19/02/2013 17:39:10]
AdwCleaner[S1].txt - [21775 octets] - [19/02/2013 17:39:31]
AdwCleaner[R3].txt - [1052 octets] - [19/02/2013 17:50:32]

########## EOF - C:\AdwCleaner[R3].txt - [1112 octets] ##########
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 17:58

17:52:34.0093 1724 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:52:34.0453 1724 ============================================================
17:52:34.0453 1724 Current date / time: 2013/02/19 17:52:34.0453
17:52:34.0453 1724 SystemInfo:
17:52:34.0453 1724
17:52:34.0453 1724 OS Version: 5.1.2600 ServicePack: 3.0
17:52:34.0453 1724 Product type: Workstation
17:52:34.0453 1724 ComputerName: DC090407
17:52:34.0453 1724 UserName: Administrator
17:52:34.0453 1724 Windows directory: C:\WINDOWS
17:52:34.0453 1724 System windows directory: C:\WINDOWS
17:52:34.0453 1724 Processor architecture: Intel x86
17:52:34.0453 1724 Number of processors: 2
17:52:34.0453 1724 Page size: 0x1000
17:52:34.0453 1724 Boot type: Safe boot with network
17:52:34.0453 1724 ============================================================
17:52:35.0281 1724 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:35.0281 1724 ============================================================
17:52:35.0281 1724 \Device\Harddisk0\DR0:
17:52:35.0281 1724 MBR partitions:
17:52:35.0281 1724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:52:35.0281 1724 ============================================================
17:52:35.0281 1724 C: <-> \Device\Harddisk0\DR0\Partition1
17:52:35.0281 1724 ============================================================
17:52:35.0296 1724 Initialize success
17:52:35.0296 1724 ============================================================
17:52:42.0406 2004 ============================================================
17:52:42.0406 2004 Scan started
17:52:42.0406 2004 Mode: Manual;
17:52:42.0406 2004 ============================================================
17:52:43.0078 2004 ================ Scan system memory ========================
17:52:43.0093 2004 System memory - ok
17:52:43.0093 2004 ================ Scan services =============================
17:52:43.0218 2004 Abiosdsk - ok
17:52:43.0218 2004 abp480n5 - ok
17:52:43.0265 2004 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:52:43.0265 2004 ACPI - ok
17:52:43.0296 2004 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:52:43.0296 2004 ACPIEC - ok
17:52:43.0296 2004 adpu160m - ok
17:52:43.0343 2004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:52:43.0343 2004 aec - ok
17:52:43.0390 2004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:52:43.0390 2004 AFD - ok
17:52:43.0406 2004 Aha154x - ok
17:52:43.0406 2004 ahidhv - ok
17:52:43.0421 2004 aic78u2 - ok
17:52:43.0437 2004 aic78xx - ok
17:52:43.0468 2004 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:52:43.0468 2004 Alerter - ok
17:52:43.0500 2004 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
17:52:43.0500 2004 ALG - ok
17:52:43.0515 2004 AliIde - ok
17:52:43.0515 2004 amsint - ok
17:52:43.0578 2004 AppMgmt - ok
17:52:43.0578 2004 asc - ok
17:52:43.0593 2004 asc3350p - ok
17:52:43.0609 2004 asc3550 - ok
17:52:43.0671 2004 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:52:43.0671 2004 aspnet_state - ok
17:52:43.0703 2004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:52:43.0703 2004 AsyncMac - ok
17:52:43.0734 2004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:52:43.0734 2004 atapi - ok
17:52:43.0750 2004 Atdisk - ok
17:52:43.0812 2004 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:52:43.0812 2004 Ati HotKey Poller - ok
17:52:43.0890 2004 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:52:43.0890 2004 ATI Smart - ok
17:52:44.0015 2004 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:52:44.0031 2004 ati2mtag - ok
17:52:44.0109 2004 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:52:44.0109 2004 AtiHdmiService - ok
17:52:44.0156 2004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:52:44.0156 2004 Atmarpc - ok
17:52:44.0171 2004 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:52:44.0171 2004 AudioSrv - ok
17:52:44.0203 2004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:52:44.0203 2004 audstub - ok
17:52:44.0281 2004 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
17:52:44.0281 2004 avg9wd - ok
17:52:44.0343 2004 [ A9F4D19DE72C738759330D10D35C4398 ] AvgLdx86 C:\WINDOWS\system32\Drivers\avgldx86.sys
17:52:44.0343 2004 AvgLdx86 - ok
17:52:44.0375 2004 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:52:44.0375 2004 AvgMfx86 - ok
17:52:44.0421 2004 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\system32\Drivers\avgtdix.sys
17:52:44.0421 2004 AvgTdiX - ok
17:52:44.0453 2004 [ 821C5340A7281D26D4783D1F417CCE64 ] BackupStack C:\Program Files\MyPC Backup\BackupStack.exe
17:52:44.0453 2004 BackupStack - ok
17:52:44.0468 2004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:52:44.0468 2004 Beep - ok
17:52:44.0531 2004 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
17:52:44.0531 2004 BITS - ok
17:52:44.0593 2004 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
17:52:44.0593 2004 Browser - ok
17:52:44.0656 2004 catchme - ok
17:52:44.0703 2004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:52:44.0703 2004 cbidf2k - ok
17:52:44.0703 2004 cd20xrnt - ok
17:52:44.0734 2004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:52:44.0734 2004 Cdaudio - ok
17:52:44.0750 2004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:52:44.0750 2004 Cdfs - ok
17:52:44.0765 2004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:52:44.0765 2004 Cdrom - ok
17:52:44.0781 2004 Changer - ok
17:52:44.0812 2004 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:52:44.0812 2004 CiSvc - ok
17:52:44.0828 2004 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:52:44.0828 2004 ClipSrv - ok
17:52:44.0906 2004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:44.0906 2004 clr_optimization_v2.0.50727_32 - ok
17:52:44.0906 2004 CmdIde - ok
17:52:44.0953 2004 COMSysApp - ok
17:52:44.0968 2004 Cpqarray - ok
17:52:45.0000 2004 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:52:45.0000 2004 CryptSvc - ok
17:52:45.0015 2004 dac2w2k - ok
17:52:45.0015 2004 dac960nt - ok
17:52:45.0078 2004 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:52:45.0078 2004 DcomLaunch - ok
17:52:45.0109 2004 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:52:45.0109 2004 Dhcp - ok
17:52:45.0125 2004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:52:45.0125 2004 Disk - ok
17:52:45.0156 2004 dmadmin - ok
17:52:45.0203 2004 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:52:45.0203 2004 dmboot - ok
17:52:45.0234 2004 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:52:45.0234 2004 dmio - ok
17:52:45.0265 2004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:52:45.0265 2004 dmload - ok
17:52:45.0296 2004 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:52:45.0296 2004 dmserver - ok
17:52:45.0328 2004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:52:45.0328 2004 DMusic - ok
17:52:45.0375 2004 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:52:45.0375 2004 Dnscache - ok
17:52:45.0406 2004 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:52:45.0406 2004 Dot3svc - ok
17:52:45.0406 2004 dpti2o - ok
17:52:45.0437 2004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:52:45.0437 2004 drmkaud - ok
17:52:45.0453 2004 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:52:45.0453 2004 EapHost - ok
17:52:45.0484 2004 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:52:45.0500 2004 ERSvc - ok
17:52:45.0546 2004 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
17:52:45.0546 2004 Eventlog - ok
17:52:45.0593 2004 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
17:52:45.0609 2004 EventSystem - ok
17:52:45.0640 2004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:52:45.0640 2004 Fastfat - ok
17:52:45.0671 2004 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:52:45.0671 2004 FastUserSwitchingCompatibility - ok
17:52:45.0687 2004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:52:45.0687 2004 Fdc - ok
17:52:45.0718 2004 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:52:45.0718 2004 Fips - ok
17:52:45.0718 2004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:52:45.0718 2004 Flpydisk - ok
17:52:45.0765 2004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:52:45.0765 2004 FltMgr - ok
17:52:45.0812 2004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:52:45.0828 2004 FontCache3.0.0.0 - ok
17:52:45.0828 2004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:52:45.0828 2004 Fs_Rec - ok
17:52:45.0859 2004 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:52:45.0859 2004 Ftdisk - ok
17:52:46.0000 2004 GarenaPEngine - ok
17:52:46.0031 2004 GGSAFERDriver - ok
17:52:46.0062 2004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:52:46.0062 2004 Gpc - ok
17:52:46.0078 2004 [ 53B84EF7011832BC094B46C057A42AA8 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:52:46.0078 2004 hamachi - ok
17:52:46.0078 2004 Hamachi2Svc - ok
17:52:46.0109 2004 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:52:46.0109 2004 HDAudBus - ok
17:52:46.0156 2004 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:52:46.0156 2004 helpsvc - ok
17:52:46.0203 2004 HidServ - ok
17:52:46.0218 2004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:52:46.0218 2004 HidUsb - ok
17:52:46.0250 2004 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:52:46.0250 2004 hkmsvc - ok
17:52:46.0265 2004 hpn - ok
17:52:46.0281 2004 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:52:46.0281 2004 HPZid412 - ok
17:52:46.0296 2004 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:52:46.0296 2004 HPZipr12 - ok
17:52:46.0328 2004 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:52:46.0328 2004 HPZius12 - ok
17:52:46.0359 2004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:52:46.0359 2004 HTTP - ok
17:52:46.0390 2004 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:52:46.0390 2004 HTTPFilter - ok
17:52:46.0406 2004 i2omgmt - ok
17:52:46.0421 2004 i2omp - ok
17:52:46.0453 2004 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:52:46.0453 2004 i8042prt - ok
17:52:46.0515 2004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:52:46.0515 2004 idsvc - ok
17:52:46.0531 2004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:52:46.0531 2004 Imapi - ok
17:52:46.0578 2004 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:52:46.0578 2004 ImapiService - ok
17:52:46.0593 2004 ini910u - ok
17:52:46.0750 2004 [ 1508153784633E16DC3DFCE3CD7A9B18 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:52:46.0765 2004 IntcAzAudAddService - ok
17:52:46.0828 2004 IntelIde - ok
17:52:46.0843 2004 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:52:46.0843 2004 intelppm - ok
17:52:46.0859 2004 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:52:46.0859 2004 Ip6Fw - ok
17:52:46.0890 2004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:52:46.0890 2004 IpFilterDriver - ok
17:52:46.0921 2004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:52:46.0921 2004 IpInIp - ok
17:52:46.0937 2004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:52:46.0937 2004 IpNat - ok
17:52:46.0968 2004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:52:46.0968 2004 IPSec - ok
17:52:46.0984 2004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:52:46.0984 2004 IRENUM - ok
17:52:47.0015 2004 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:52:47.0015 2004 isapnp - ok
17:52:47.0109 2004 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:52:47.0109 2004 JavaQuickStarterService - ok
17:52:47.0125 2004 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:52:47.0125 2004 Kbdclass - ok
17:52:47.0140 2004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:52:47.0140 2004 kmixer - ok
17:52:47.0171 2004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:52:47.0171 2004 KSecDD - ok
17:52:47.0218 2004 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:52:47.0218 2004 LanmanServer - ok
17:52:47.0265 2004 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:52:47.0265 2004 lanmanworkstation - ok
17:52:47.0265 2004 lbrtfdc - ok
17:52:47.0312 2004 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:52:47.0312 2004 LmHosts - ok
17:52:47.0328 2004 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:52:47.0328 2004 MBAMProtector - ok
17:52:47.0390 2004 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:52:47.0390 2004 MBAMScheduler - ok
17:52:47.0421 2004 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Malwarebytes' Anti-Malware\mbamservice.exe
17:52:47.0437 2004 MBAMService - ok
17:52:47.0515 2004 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
17:52:47.0531 2004 McciCMService - ok
17:52:47.0546 2004 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:52:47.0546 2004 Messenger - ok
17:52:47.0562 2004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:52:47.0562 2004 mnmdd - ok
17:52:47.0609 2004 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:52:47.0609 2004 mnmsrvc - ok
17:52:47.0625 2004 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:52:47.0625 2004 Modem - ok
17:52:47.0656 2004 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:52:47.0656 2004 Mouclass - ok
17:52:47.0671 2004 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:52:47.0671 2004 mouhid - ok
17:52:47.0703 2004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:52:47.0703 2004 MountMgr - ok
17:52:47.0734 2004 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:52:47.0734 2004 MozillaMaintenance - ok
17:52:47.0750 2004 mraid35x - ok
17:52:47.0765 2004 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:52:47.0765 2004 MREMP50 - ok
17:52:47.0781 2004 MREMP50a64 - ok
17:52:47.0781 2004 MREMPR5 - ok
17:52:47.0796 2004 MRENDIS5 - ok
17:52:47.0812 2004 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:52:47.0812 2004 MRESP50 - ok
17:52:47.0812 2004 MRESP50a64 - ok
17:52:47.0875 2004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:52:47.0875 2004 MRxDAV - ok
17:52:47.0921 2004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:52:47.0921 2004 MRxSmb - ok
17:52:47.0953 2004 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:52:47.0953 2004 MSDTC - ok
17:52:47.0968 2004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:52:47.0968 2004 Msfs - ok
17:52:48.0000 2004 MSIServer - ok
17:52:48.0031 2004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:52:48.0031 2004 MSKSSRV - ok
17:52:48.0046 2004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:52:48.0046 2004 MSPCLOCK - ok
17:52:48.0046 2004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:52:48.0046 2004 MSPQM - ok
17:52:48.0078 2004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:52:48.0078 2004 mssmbios - ok
17:52:48.0093 2004 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:52:48.0093 2004 MTsensor - ok
17:52:48.0125 2004 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:52:48.0125 2004 Mup - ok
17:52:48.0156 2004 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:52:48.0156 2004 napagent - ok
17:52:48.0187 2004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:52:48.0187 2004 NDIS - ok
17:52:48.0234 2004 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:52:48.0234 2004 NdisTapi - ok
17:52:48.0250 2004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:52:48.0250 2004 Ndisuio - ok
17:52:48.0281 2004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:52:48.0281 2004 NdisWan - ok
17:52:48.0312 2004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:52:48.0312 2004 NDProxy - ok
17:52:48.0390 2004 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:52:48.0406 2004 Nero BackItUp Scheduler 3 - ok
17:52:48.0437 2004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:52:48.0437 2004 NetBIOS - ok
17:52:48.0468 2004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:52:48.0468 2004 NetBT - ok
17:52:48.0515 2004 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:52:48.0515 2004 NetDDE - ok
17:52:48.0531 2004 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:52:48.0531 2004 NetDDEdsdm - ok
17:52:48.0546 2004 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:52:48.0546 2004 Netlogon - ok
17:52:48.0593 2004 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
17:52:48.0593 2004 Netman - ok
17:52:48.0625 2004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:52:48.0640 2004 NetTcpPortSharing - ok
17:52:48.0687 2004 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
17:52:48.0687 2004 Nla - ok
17:52:48.0765 2004 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:52:48.0781 2004 NMIndexingService - ok
17:52:48.0796 2004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:52:48.0796 2004 Npfs - ok
17:52:48.0828 2004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:52:48.0828 2004 Ntfs - ok
17:52:48.0843 2004 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:52:48.0859 2004 NtLmSsp - ok
17:52:48.0890 2004 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:52:48.0906 2004 NtmsSvc - ok
17:52:48.0906 2004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:52:48.0906 2004 Null - ok
17:52:48.0937 2004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:52:48.0937 2004 NwlnkFlt - ok
17:52:48.0968 2004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:52:48.0968 2004 NwlnkFwd - ok
17:52:49.0000 2004 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:52:49.0000 2004 Parport - ok
17:52:49.0015 2004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:52:49.0015 2004 PartMgr - ok
17:52:49.0046 2004 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:52:49.0046 2004 ParVdm - ok
17:52:49.0093 2004 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:52:49.0093 2004 PCI - ok
17:52:49.0093 2004 PCIDump - ok
17:52:49.0109 2004 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:52:49.0109 2004 PCIIde - ok
17:52:49.0140 2004 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:52:49.0140 2004 Pcmcia - ok
17:52:49.0140 2004 PDCOMP - ok
17:52:49.0156 2004 PDFRAME - ok
17:52:49.0171 2004 PDRELI - ok
17:52:49.0171 2004 PDRFRAME - ok
17:52:49.0187 2004 perc2 - ok
17:52:49.0203 2004 perc2hib - ok
17:52:49.0296 2004 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
17:52:49.0296 2004 PEVSystemStart - ok
17:52:49.0390 2004 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
17:52:49.0390 2004 PLFlash DeviceIoControl Service - ok
17:52:49.0437 2004 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:52:49.0437 2004 PlugPlay - ok
17:52:49.0468 2004 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:52:49.0468 2004 Pml Driver HPZ12 - ok
17:52:49.0484 2004 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:52:49.0484 2004 PolicyAgent - ok
17:52:49.0515 2004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:52:49.0515 2004 PptpMiniport - ok
17:52:49.0531 2004 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:52:49.0531 2004 ProtectedStorage - ok
17:52:49.0546 2004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:52:49.0546 2004 PSched - ok
17:52:49.0562 2004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:52:49.0562 2004 Ptilink - ok
17:52:49.0578 2004 ql1080 - ok
17:52:49.0578 2004 Ql10wnt - ok
17:52:49.0593 2004 ql12160 - ok
17:52:49.0609 2004 ql1240 - ok
17:52:49.0625 2004 ql1280 - ok
17:52:49.0640 2004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:52:49.0640 2004 RasAcd - ok
17:52:49.0671 2004 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:52:49.0671 2004 RasAuto - ok
17:52:49.0703 2004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:52:49.0703 2004 Rasl2tp - ok
17:52:49.0750 2004 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:52:49.0750 2004 RasMan - ok
17:52:49.0781 2004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:52:49.0781 2004 RasPppoe - ok
17:52:49.0796 2004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:52:49.0796 2004 Raspti - ok
17:52:49.0828 2004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:52:49.0828 2004 Rdbss - ok
17:52:49.0859 2004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:52:49.0859 2004 RDPCDD - ok
17:52:49.0921 2004 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:52:49.0937 2004 RDPWD - ok
17:52:49.0984 2004 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:52:49.0984 2004 RDSessMgr - ok
17:52:50.0015 2004 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:52:50.0015 2004 redbook - ok
17:52:50.0062 2004 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:52:50.0062 2004 RemoteAccess - ok
17:52:50.0093 2004 RichVideo - ok
17:52:50.0125 2004 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:52:50.0125 2004 RpcLocator - ok
17:52:50.0171 2004 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:52:50.0171 2004 RpcSs - ok
17:52:50.0203 2004 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:52:50.0203 2004 RSVP - ok
17:52:50.0234 2004 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:52:50.0234 2004 RTLE8023xp - ok
17:52:50.0281 2004 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
17:52:50.0281 2004 SamSs - ok
17:52:50.0312 2004 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:52:50.0312 2004 SCardSvr - ok
17:52:50.0359 2004 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:52:50.0359 2004 Schedule - ok
17:52:50.0390 2004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:52:50.0390 2004 Secdrv - ok
17:52:50.0421 2004 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:52:50.0421 2004 seclogon - ok
17:52:50.0453 2004 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
17:52:50.0453 2004 SENS - ok
17:52:50.0468 2004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:52:50.0468 2004 serenum - ok
17:52:50.0500 2004 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:52:50.0500 2004 Serial - ok
17:52:50.0531 2004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:52:50.0531 2004 Sfloppy - ok
17:52:50.0578 2004 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:52:50.0578 2004 SharedAccess - ok
17:52:50.0609 2004 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:52:50.0625 2004 ShellHWDetection - ok
17:52:50.0625 2004 Simbad - ok
17:52:50.0640 2004 Sparrow - ok
17:52:50.0656 2004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:52:50.0656 2004 splitter - ok
17:52:50.0703 2004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:52:50.0703 2004 Spooler - ok
17:52:50.0781 2004 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
17:52:50.0781 2004 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:52:50.0796 2004 sptd ( LockedFile.Multi.Generic ) - warning
17:52:50.0796 2004 sptd - detected LockedFile.Multi.Generic (1)
17:52:50.0828 2004 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:52:50.0828 2004 sr - ok
17:52:50.0890 2004 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
17:52:50.0890 2004 srservice - ok
17:52:50.0937 2004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:52:50.0937 2004 Srv - ok
17:52:50.0984 2004 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:52:50.0984 2004 SSDPSRV - ok
17:52:51.0031 2004 Steam Client Service - ok
17:52:51.0093 2004 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:52:51.0093 2004 stisvc - ok
17:52:51.0109 2004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:52:51.0109 2004 swenum - ok
17:52:51.0140 2004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:52:51.0140 2004 swmidi - ok
17:52:51.0187 2004 SwPrv - ok
17:52:51.0187 2004 symc810 - ok
17:52:51.0203 2004 symc8xx - ok
17:52:51.0203 2004 sym_hi - ok
17:52:51.0218 2004 sym_u3 - ok
17:52:51.0250 2004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:52:51.0250 2004 sysaudio - ok
17:52:51.0265 2004 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:52:51.0281 2004 SysmonLog - ok
17:52:51.0312 2004 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:52:51.0312 2004 TapiSrv - ok
17:52:51.0359 2004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:52:51.0359 2004 Tcpip - ok
17:52:51.0390 2004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:52:51.0390 2004 TDPIPE - ok
17:52:51.0406 2004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:52:51.0406 2004 TDTCP - ok
17:52:51.0437 2004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:52:51.0437 2004 TermDD - ok
17:52:51.0484 2004 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
17:52:51.0484 2004 TermService - ok
17:52:51.0515 2004 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:52:51.0515 2004 Themes - ok
17:52:51.0531 2004 TosIde - ok
17:52:51.0562 2004 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:52:51.0562 2004 TrkWks - ok
17:52:51.0609 2004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:52:51.0609 2004 Udfs - ok
17:52:51.0609 2004 ultra - ok
17:52:51.0656 2004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:52:51.0656 2004 Update - ok
17:52:51.0703 2004 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
17:52:51.0703 2004 upnphost - ok
17:52:51.0734 2004 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
17:52:51.0734 2004 UPS - ok
17:52:51.0765 2004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:52:51.0765 2004 usbccgp - ok
17:52:51.0765 2004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:52:51.0765 2004 usbehci - ok
17:52:51.0796 2004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:52:51.0796 2004 usbhub - ok
17:52:51.0812 2004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:52:51.0812 2004 usbprint - ok
17:52:51.0828 2004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:52:51.0828 2004 usbscan - ok
17:52:51.0843 2004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:52:51.0843 2004 USBSTOR - ok
17:52:51.0859 2004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:52:51.0859 2004 usbuhci - ok
17:52:51.0875 2004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:52:51.0875 2004 VgaSave - ok
17:52:51.0890 2004 ViaIde - ok
17:52:51.0921 2004 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:52:51.0921 2004 VolSnap - ok
17:52:51.0953 2004 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
17:52:51.0953 2004 VSS - ok
17:52:52.0000 2004 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
17:52:52.0000 2004 W32Time - ok
17:52:52.0046 2004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:52:52.0046 2004 Wanarp - ok
17:52:52.0046 2004 WDICA - ok
17:52:52.0078 2004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:52:52.0078 2004 wdmaud - ok
17:52:52.0109 2004 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:52:52.0109 2004 WebClient - ok
17:52:52.0156 2004 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:52:52.0156 2004 winmgmt - ok
17:52:52.0203 2004 [ 2944BED10FFD9369DA9A988D8AC899E4 ] wip0204 C:\WINDOWS\system32\DRIVERS\wip0204.sys
17:52:52.0203 2004 wip0204 - ok
17:52:52.0296 2004 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
17:52:52.0296 2004 WLSetupSvc - ok
17:52:52.0375 2004 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:52:52.0375 2004 WmdmPmSN - ok
17:52:52.0406 2004 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:52:52.0406 2004 WmiApSrv - ok
17:52:52.0484 2004 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:52:52.0484 2004 WMPNetworkSvc - ok
17:52:52.0515 2004 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:52:52.0515 2004 WS2IFSL - ok
17:52:52.0562 2004 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:52:52.0562 2004 wscsvc - ok
17:52:52.0593 2004 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:52:52.0593 2004 wuauserv - ok
17:52:52.0609 2004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:52:52.0625 2004 WudfPf - ok
17:52:52.0640 2004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:52:52.0640 2004 WudfRd - ok
17:52:52.0671 2004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:52:52.0671 2004 WudfSvc - ok
17:52:52.0718 2004 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:52:52.0734 2004 WZCSVC - ok
17:52:52.0765 2004 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:52:52.0781 2004 xmlprov - ok
17:52:52.0781 2004 ================ Scan global ===============================
17:52:52.0828 2004 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
17:52:52.0890 2004 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:52:52.0937 2004 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:52:52.0984 2004 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
17:52:52.0984 2004 [Global] - ok
17:52:52.0984 2004 ================ Scan MBR ==================================
17:52:53.0000 2004 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:52:53.0140 2004 \Device\Harddisk0\DR0 - ok
17:52:53.0140 2004 ================ Scan VBR ==================================
17:52:53.0156 2004 [ F452D6A0952F7851F3C9550AFD62AFCD ] \Device\Harddisk0\DR0\Partition1
17:52:53.0156 2004 \Device\Harddisk0\DR0\Partition1 - ok
17:52:53.0156 2004 ============================================================
17:52:53.0156 2004 Scan finished
17:52:53.0156 2004 ============================================================
17:52:53.0171 2000 Detected object count: 1
17:52:53.0171 2000 Actual detected object count: 1
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 18:26

S logem z ComboFixu je bohuzel problem, protoze se stale zasekava na stejnem radku C:/Documents and Settings/all users/data aplikaci/TEMP. Nevim jiste zda je to vlivem viru nebo tim, ze ComboFix pri spusteni pise, ze je AVG aktivni prestoze jsem ho i vypnul pres procesi(a odinstalovat mi ho v nouzovem rezimu nejde).
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Žbeky » 19 úno 2013 18:38

Tak zkus CF spustit v nouzovém režimu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
Lojza1
nováček
Příspěvky: 20
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - PC napadeno virem policie ČR

Příspěvekod Lojza1 » 19 úno 2013 18:49

Ted vam nejak nerozumim, vse co zatim delam, musim delat v nouzovem rezimu, kdyz zapnu pocitac v klasickem rezimu tak mi ani nenacte plocha a vzapeti mam pres celou obrazovku bilou plochu s tim fake "ohlasenim Policie".
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 126 hostů