Neznamí vir!!! teda spon pro mě :)

Zpráva

milek · #1 Příspěvek od **milek** » 15 kvě 2012 09:37

Zdravim mam nasledující problém, když spustím VlC player tak se automaticky sekne a to i s PC minimalně na 30 vteřin počítačové smrti, nedá se říct že by se sekalo přehrávání filmů, nejdou vůbec...v media playeru to funguje. Další věc je 02 mobile internet mam velké problémy se připojit, z ničeho nic do pátku vše fungovalo jak má, po připojení v neděli to začalo blbbout, chyby co se píší: chyba portu nelze otevřít (chyba:619) pod tím, "zařízení neni k dispozici" přišel jsem na fígl jak to aspon na chvilku rozhýbat...když dám zařízení do jiného USB tak to chvilku funguje po 2-10 minutách přestane přijmat data, musim se odpojit a vyzkoušet jiný USB slot po případě restartovat. jo málem bych zapomel přestal mi fungovat zvuk, celkově se PC nějak rozpadá.

kontrola: avast, nějaké viry odstraněny (asi 3) niní čisto.
TDDsskiller odstraněny 3 vlákna, čisto.
superantispyware, neodstanil nic a tvaří se ok.
Děkuji moc za jakoukoliv pomoc...přidávám log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by milek at 2012-05-16 10:10:14
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 2943 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:26, on 16.5.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\milek\Plocha\RSIT.exe
C:\Program Files\trend micro\milek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66799A1A-06CE-4633-A024-7E535BB99F17}: NameServer = 160.218.167.5 160.218.161.60
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 5016 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\milek\Data aplikací\Mozilla\Firefox\Profiles\b5cb025j.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"fbphotozoom@installdaddy.com"=C:\Program Files\fbphotozoom\fbphotozoom13.xpi
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\milek\Data aplikací\Mozilla\Firefox\Profiles\b5cb025j.default\extensions\
foxyproxy@eric.h.jung
{687578b9-7132-4a7a-80e4-30ee31099e03}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-10-08 203072]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-09-12 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-05-08 3905920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
G:\torrent\uTorrent.exe [2012-03-08 741240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TP-LINK Wireless Utility.lnk]
C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe [2007-07-26 790528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^milek^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10970859.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79906563.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\10970859.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\79906563.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe"="C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Documents and Settings\milek\Dokumenty\Stažené soubory\utorrent-setup\utorrent.exe"="C:\Documents and Settings\milek\Dokumenty\Stažené soubory\utorrent-setup\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\milek\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\milek\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe"="C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Documents and Settings\milek\Local Settings\temp\Rar$EX37.408\utorrent.exe"="C:\Documents and Settings\milek\Local Settings\temp\Rar$EX37.408\utorrent.exe:*:Enabled:µTorrent"
"G:\torrent\uTorrent.exe"="G:\torrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-05-16 10:10:15 ----D---- C:\Program Files\trend micro
2012-05-16 10:10:14 ----D---- C:\rsit
2012-05-15 23:27:10 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt
2012-05-15 22:45:03 ----D---- C:\Avenger
2012-05-15 22:45:02 ----A---- C:\avenger.txt
2012-05-15 22:12:37 ----A---- C:\TDSSKiller.2.6.14.0_15.05.2012_22.12.37_log.txt
2012-05-15 22:05:19 ----A---- C:\TDSSKiller.2.6.14.0_15.05.2012_22.05.19_log.txt
2012-05-15 21:49:04 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-05-15 21:49:04 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-05-15 21:49:02 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-05-15 21:49:02 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-05-15 21:49:01 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-05-15 21:49:01 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-05-15 21:49:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-05-15 21:49:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-05-15 21:48:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-05-15 21:48:40 ----A---- C:\WINDOWS\avastSS.scr
2012-05-15 21:35:44 ----A---- C:\TDSSKiller.2.6.14.0_15.05.2012_21.35.44_log.txt
2012-05-15 20:27:00 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2012-05-15 20:27:00 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2012-05-15 20:27:00 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2012-05-15 20:27:00 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2012-05-15 20:26:47 ----D---- C:\Program Files\O2
2012-05-15 20:10:34 ----D---- C:\WINDOWS\Prefetch
2012-05-15 18:32:32 ----ASH---- C:\pagefile.sys
2012-05-15 16:53:22 ----D---- C:\WINDOWS\system32\Cache
2012-05-15 16:52:56 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-05-15 16:48:55 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-05-15 16:46:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2012-05-15 16:41:11 ----A---- C:\WINDOWS\system32\irclass.dll
2012-05-15 16:41:10 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-05-15 16:40:40 ----RA---- C:\WINDOWS\SETE2.tmp
2012-05-15 16:40:38 ----RA---- C:\WINDOWS\SETD6.tmp
2012-05-15 16:40:36 ----RA---- C:\WINDOWS\SETD5.tmp
2012-05-15 14:33:47 ----A---- C:\TDSSKiller.2.6.14.0_15.05.2012_14.33.47_log.txt
2012-05-13 10:54:11 ----A---- C:\TDSSKiller.2.6.14.0_13.05.2012_10.54.11_log.txt
2012-05-12 13:28:23 ----A---- C:\TDSSKiller.2.6.14.0_12.05.2012_13.28.23_log.txt
2012-05-12 12:06:12 ----D---- C:\Program Files\SuperBot
2012-05-12 12:06:08 ----A---- C:\WINDOWS\GPInstall.exe
2012-05-08 10:58:54 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-05-08 10:58:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-05-06 19:54:42 ----D---- C:\Program Files\uTorrentControl2
2012-04-30 21:12:45 ----D---- C:\Documents and Settings\milek\Data aplikací\Publish Providers
2012-04-30 21:09:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-04-30 20:49:17 ----D---- C:\Program Files\Sony
2012-04-30 20:37:17 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2012-04-30 20:36:45 ----D---- C:\WINDOWS\system32\drivers\UMDF
2012-04-30 20:32:37 ----D---- C:\Documents and Settings\milek\Data aplikací\Sony
2012-04-24 14:54:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2012-04-24 14:54:14 ----D---- C:\Program Files\ffdshow
2012-04-24 14:23:55 ----D---- C:\Documents and Settings\milek\Data aplikací\DivX
2012-04-24 14:10:50 ----D---- C:\Program Files\Google
2012-04-24 14:10:36 ----D---- C:\Program Files\DivX
2012-04-24 14:06:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2012-04-24 13:36:31 ----D---- C:\Documents and Settings\milek\Data aplikací\avidemux
2012-04-24 13:11:32 ----D---- C:\WINDOWS\RegisteredPackages
2012-04-24 12:47:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\QuickMediaConverter
2012-04-24 12:46:49 ----D---- C:\Documents and Settings\milek\Data aplikací\CocoonSoftware
2012-04-24 12:46:37 ----D---- C:\Program Files\QuickMediaConverter

======List of files/folders modified in the last 1 month======

2012-05-16 10:10:15 ----RD---- C:\Program Files
2012-05-16 10:10:15 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2012-05-16 10:03:52 ----D---- C:\WINDOWS\temp
2012-05-16 09:59:38 ----D---- C:\WINDOWS\system32
2012-05-16 09:59:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-16 09:57:31 ----D---- C:\WINDOWS\system32\inetsrv
2012-05-16 09:54:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-16 01:20:25 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-16 01:05:25 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-05-16 00:00:18 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2012-05-15 23:27:10 ----D---- C:\WINDOWS
2012-05-15 22:45:03 ----D---- C:\WINDOWS\system32\drivers
2012-05-15 22:11:24 ----HD---- C:\Config.Msi
2012-05-15 21:48:56 ----SHD---- C:\WINDOWS\Installer
2012-05-15 21:48:55 ----D---- C:\WINDOWS\WinSxS
2012-05-15 21:48:21 ----D---- C:\Program Files\AVAST Software
2012-05-15 21:48:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-05-15 21:46:09 ----D---- C:\Documents and Settings\milek\Data aplikací\uTorrent
2012-05-15 21:46:09 ----D---- C:\Documents and Settings\milek\Data aplikací\Skype
2012-05-15 21:46:06 ----D---- C:\WINDOWS\Debug
2012-05-15 21:43:02 ----RD---- C:\Program Files\Skype
2012-05-15 21:30:55 ----D---- C:\Documents and Settings\milek\Data aplikací\vlc
2012-05-15 21:08:18 ----D---- C:\WINDOWS\pss
2012-05-15 21:04:48 ----A---- C:\WINDOWS\RTacDbg.txt
2012-05-15 20:45:00 ----D---- C:\Qoobox
2012-05-15 20:27:00 ----HD---- C:\WINDOWS\inf
2012-05-15 20:21:19 ----SH---- C:\boot.ini
2012-05-15 20:21:19 ----A---- C:\WINDOWS\win.ini
2012-05-15 20:21:19 ----A---- C:\WINDOWS\system.ini
2012-05-15 20:10:54 ----SHD---- C:\System Volume Information
2012-05-15 20:10:54 ----D---- C:\WINDOWS\system32\Restore
2012-05-15 19:41:15 ----D---- C:\Program Files\OpenAL
2012-05-15 18:37:57 ----D---- C:\WINDOWS\system32\Setup
2012-05-15 18:37:45 ----D---- C:\WINDOWS\system32\usmt
2012-05-15 18:37:34 ----D---- C:\WINDOWS\AppPatch
2012-05-15 18:37:32 ----D---- C:\WINDOWS\ime
2012-05-15 18:37:32 ----D---- C:\WINDOWS\ehome
2012-05-15 18:37:31 ----RSD---- C:\WINDOWS\Fonts
2012-05-15 18:37:30 ----D---- C:\WINDOWS\Media
2012-05-15 18:37:18 ----D---- C:\WINDOWS\PeerNet
2012-05-15 18:37:06 ----D---- C:\WINDOWS\system32\npp
2012-05-15 18:36:58 ----D---- C:\WINDOWS\msagent
2012-05-15 18:34:47 ----D---- C:\WINDOWS\system32\1029
2012-05-15 18:34:40 ----D---- C:\WINDOWS\twain_32
2012-05-15 18:34:19 ----D---- C:\WINDOWS\system32\icsxml
2012-05-15 18:33:50 ----D---- C:\WINDOWS\system32\ias
2012-05-15 18:33:37 ----D---- C:\WINDOWS\system32\1033
2012-05-15 18:32:32 ----D---- C:\WINDOWS\Driver Cache
2012-05-15 18:29:24 ----D---- C:\WINDOWS\security
2012-05-15 17:04:56 ----D---- C:\WINDOWS\Registration
2012-05-15 17:02:14 ----D---- C:\WINDOWS\system32\config
2012-05-15 17:00:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-15 16:56:36 ----A---- C:\WINDOWS\ODBCINST.INI
2012-05-15 16:56:21 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-05-15 16:55:52 ----RD---- C:\WINDOWS\Web
2012-05-15 16:55:49 ----D---- C:\Program Files\Internet Explorer
2012-05-15 16:55:43 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-05-15 16:55:24 ----D---- C:\WINDOWS\system32\oobe
2012-05-15 16:55:22 ----D---- C:\WINDOWS\srchasst
2012-05-15 16:55:19 ----D---- C:\Program Files\Windows Media Player
2012-05-15 16:55:14 ----D---- C:\Program Files\Movie Maker
2012-05-15 16:55:03 ----D---- C:\Program Files\NetMeeting
2012-05-15 16:54:59 ----D---- C:\Program Files\Outlook Express
2012-05-15 16:54:59 ----D---- C:\Program Files\Common Files\System
2012-05-15 16:53:45 ----D---- C:\WINDOWS\system32\Com
2012-05-15 16:53:08 ----D---- C:\WINDOWS\system32\wbem
2012-05-15 16:52:58 ----D---- C:\Program Files\Windows NT
2012-05-15 16:46:18 ----D---- C:\Program Files\NVIDIA Corporation
2012-05-15 16:46:01 ----D---- C:\WINDOWS\Help
2012-05-15 16:42:18 ----D---- C:\WINDOWS\system32\CatRoot
2012-05-15 16:41:10 ----D---- C:\WINDOWS\system
2012-05-15 16:40:59 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-05-15 13:28:34 ----D---- C:\Program Files\Opera
2012-05-08 10:59:06 ----D---- C:\Program Files\Mozilla Firefox
2012-05-08 02:08:18 ----D---- C:\Program Files\SUPERAntiSpyware
2012-05-04 21:54:04 ----D---- C:\Documents and Settings\milek\Data aplikací\gtk-2.0
2012-04-30 21:09:58 ----RSD---- C:\WINDOWS\assembly
2012-04-30 21:07:00 ----D---- C:\Documents and Settings\milek\Data aplikací\DAEMON Tools Lite
2012-04-30 21:06:17 ----D---- C:\WINDOWS\Minidump
2012-04-30 21:04:26 ----D---- C:\Program Files\nLite
2012-04-30 21:02:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
2012-04-30 20:36:45 ----D---- C:\WINDOWS\system32\Logfiles
2012-04-24 15:22:01 ----SD---- C:\WINDOWS\Tasks
2012-04-24 14:39:10 ----D---- C:\Program Files\Common Files
2012-04-24 14:32:43 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-24 14:25:19 ----SD---- C:\Documents and Settings\milek\Data aplikací\Microsoft
2012-04-24 14:25:19 ----D---- C:\WINDOWS\system32\appmgmt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb); C:\WINDOWS\system32\drivers\pe3agmlb.sys [2007-06-04 65408]
R0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb); C:\WINDOWS\system32\drivers\ps6agmlb.sys [2007-06-04 55688]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-11-02 232512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2012-02-13 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2012-02-13 25416]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-12-30 25280]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 15872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 15872]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-24 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-24 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 15 kvě 2012 10:15

Zdravim

S Avengerem jste tam mazal co?

ComboFix jste tez spoustel ze

A praci s TDSSKillerem ovladate - vite co znamenaji jeho hlaseni, nalezy atd?

Stahnete TDSSQlook http://www.malwareinfo.nl/tools/TDSSQlook.exe

Ulozte na plochu a spustte
Zvolte moznost A a potvrdte Enterem
Po chvili se zobrazi log, ten sem vlozte

milek · #3 Příspěvek od **milek** » 15 kvě 2012 10:56

No je pravda že už sem se v tom trochu štoural sám

....ale nezdá se že bych něco zhoršil, no právě že moc neovládám hlášení atd... a slibuju že už se v tom nebudu hrabat

milek · #4 Příspěvek od **milek** » 15 kvě 2012 10:58

TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN st 16.05.2012 11:55:52,03 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.6.14.0_01.12.2011_23.43.23_log.txt
TDSSKiller.2.6.14.0_02.03.2012_17.45.38_log.txt
TDSSKiller.2.6.14.0_02.04.2012_02.17.18_log.txt
TDSSKiller.2.6.14.0_03.11.2011_12.25.11_log.txt
TDSSKiller.2.6.14.0_03.11.2011_12.30.17_log.txt
TDSSKiller.2.6.14.0_03.11.2011_12.31.09_log.txt
TDSSKiller.2.6.14.0_03.11.2011_12.55.03_log.txt
TDSSKiller.2.6.14.0_03.11.2011_14.25.29_log.txt
TDSSKiller.2.6.14.0_03.11.2011_17.52.06_log.txt
TDSSKiller.2.6.14.0_03.11.2011_17.58.37_log.txt
TDSSKiller.2.6.14.0_03.11.2011_18.06.47_log.txt
TDSSKiller.2.6.14.0_03.11.2011_18.30.18_log.txt
TDSSKiller.2.6.14.0_03.11.2011_21.03.40_log.txt
TDSSKiller.2.6.14.0_05.04.2012_09.41.41_log.txt
TDSSKiller.2.6.14.0_07.11.2011_11.02.38_log.txt
TDSSKiller.2.6.14.0_09.02.2012_21.41.27_log.txt
TDSSKiller.2.6.14.0_09.02.2012_21.41.43_log.txt
TDSSKiller.2.6.14.0_12.05.2012_13.28.23_log.txt
TDSSKiller.2.6.14.0_13.01.2012_13.37.28_log.txt
TDSSKiller.2.6.14.0_13.05.2012_10.54.11_log.txt
TDSSKiller.2.6.14.0_14.03.2012_19.03.33_log.txt
TDSSKiller.2.6.14.0_15.02.2012_14.01.07_log.txt
TDSSKiller.2.6.14.0_15.02.2012_15.31.19_log.txt
TDSSKiller.2.6.14.0_15.02.2012_15.36.17_log.txt
TDSSKiller.2.6.14.0_15.05.2012_14.33.47_log.txt
TDSSKiller.2.6.14.0_15.05.2012_21.35.44_log.txt
TDSSKiller.2.6.14.0_15.05.2012_22.05.19_log.txt
TDSSKiller.2.6.14.0_15.05.2012_22.12.37_log.txt
TDSSKiller.2.6.14.0_20.02.2012_22.50.06_log.txt
TDSSKiller.2.6.14.0_20.12.2011_15.32.14_log.txt
TDSSKiller.2.6.14.0_20.12.2011_15.32.24_log.txt
TDSSKiller.2.6.14.0_22.03.2012_02.18.50_log.txt
TDSSKiller.2.6.14.0_22.12.2011_20.10.47_log.txt
TDSSKiller.2.6.14.0_22.12.2011_20.11.01_log.txt
TDSSKiller.2.6.14.0_28.02.2012_21.33.39_log.txt
TDSSKiller.2.7.12.0_15.02.2012_14.01.23_log.txt
TDSSKiller.2.7.13.0_20.02.2012_22.50.37_log.txt

---------- TDSSStarter logs ----------

---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\15.05.2012_22.05.19
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\object.ini
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\tsk0001.dta
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\tsk0001.ini
C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000\tsk0000.dta

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.ZAccess.e

=== C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: redbook
Type: Kernel driver (0x1)
Start: System (0x1)
ImagePath: system32\DRIVERS\redbook.sys
Suspicious states: Forged file;

=== C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\redbook.sys
md5: dda7b5cc8b98734addb14a1dfaf114c0

=== C:\TDSSKiller_Quarantine\03.11.2011_12.30.18\rtkt0000\svc0000\tsk0001.ini

[InfectedFile]
Type: Api image
Src: C:\WINDOWS\system32\DRIVERS\redbook.sys
md5: 611bfd220305be3a85ae876ea47d4aa5

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: AegisP
Type: Kernel driver (0x1)
Start: Auto (0x2)
ImagePath: system32\DRIVERS\AegisP.sys

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\AegisP.sys
md5: 023867b6606fbabcdd52e089c4a507da

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: EAPPkt
Type: Kernel driver (0x1)
Start: Auto (0x2)
ImagePath: system32\DRIVERS\EAPPkt.sys

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
md5: d82414ec520453efe2eba936f6a9115a

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: HDAudBus
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\HDAudBus.sys

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
md5: 573c7d0a32852b48f3058cfd8026f511

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: rtl8185
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\rtl8185.sys

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\rtl8185.sys
md5: 4a6e7cd1aafdd88a6df6348e277951c2

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000\object.ini

[InfectedObject]
Type: Service
Name: tidnet
Type: Kernel driver (0x1)
Start: System (0x1)
ImagePath: system32\DRIVERS\tidnet.sys

=== C:\TDSSKiller_Quarantine\15.05.2012_22.05.19\susp0004\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\DRIVERS\tidnet.sys
md5: 8044c4e4448d115f67a9fc1b67ce677f

milek · #5 Příspěvek od **milek** » 15 kvě 2012 11:13

Zvuk už chápu, smazal sem ovladač HD audio jedním z těch anti programů, zdá se..

#6 Příspěvek od **vyosek** » 15 kvě 2012 12:19

Smazal jste i nejake legitimni polozky TDSSKillerem

To je tak kdyz nekdo dela s necim s cim neumi

Zabalte mi celou slozku c:\qoobox a uploadnete treba na LP http://leteckaposta.cz/

Taktez mi uploadnete do dalsiho raru dejte slozku c:\avenger a log c:\avenger.txt

mate tam zrejme peknou mrchu v podobe ZeroAccessu, ktery neni snadne lecit a uspech neni zarucen

milek · #7 Příspěvek od **milek** » 15 kvě 2012 13:12

tak bohužel nedokážu uploudnout rar archiv...ani v ulozto, ani v letecké poště, myslíte že by pomohl format disku se systémem?

#8 Příspěvek od **vyosek** » 15 kvě 2012 13:15

A proc jej nedokazete uploadnout? Format by mohl pomoci, nezna se mi ze by tam byl MBR rootkit, ktereho se formatem nezbavite...

milek · #9 Příspěvek od **milek** » 15 kvě 2012 13:21

Uploudnout se nedá z důvodu že se nechtějí odeslat uploudle data...zkusim format.

děkuji moc za rady...

#10 Příspěvek od **vyosek** » 15 kvě 2012 13:25

Nemate tedy zac...

milek · #11 Příspěvek od **milek** » 15 kvě 2012 14:00

No tak sem tu znova jestli nevadí, mam tu určitý problém takže formát by byl opravdu časově složitý, nemohl by ste mi ještě nějak poradit? zkoušel jsem znova uploudovat archiv a nic, nemohl bych Vám to hodit na sklo?

#12 Příspěvek od **vyosek** » 15 kvě 2012 15:32

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

VIRY.CZ

Neznamí vir!!! teda spon pro mě :)

Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)

Re: Neznamí vir!!! teda spon pro mě :)