na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam

Zpráva

vojtikvojtik · #1 Příspěvek od **vojtikvojtik** » 14 led 2010 23:06

Dobrý večer, moc prosím o kontrolu logu z comboFIXu. Děje se i vícekrát za den, že se z ničeho nic, ptřeba po hodině zapnutého pc, samovolně odpojí wifi, a následně cca za 6 vteřin opět připojí. Pak přestane jít zvuk. (pokud mám ale behem toho winamp zapnutej, funguje dokud ho nevypnu, pak uz nic neprehraje) Zaroven mi přišel email od volnyho, že z mé sítě někdo šíří spam - mám pocit že možná moje pc.

Netstat se zda byt čístý:
Aktivnˇ pýipojenˇ

Proto Mˇstnˇ adresa Cizˇ adresa Stav
TCP vojtanotebook:epmap vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:microsoft-ds vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2869 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:1026 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2003 localhost:2004 NAVµZµNO
TCP vojtanotebook:2004 localhost:2003 NAVµZµNO
TCP vojtanotebook:2007 localhost:2008 NAVµZµNO
TCP vojtanotebook:2008 localhost:2007 NAVµZµNO
TCP vojtanotebook:12025 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12080 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12110 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12119 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12143 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:netbios-ssn vojtanotebook:0 NASLOUCHµNÖ
UDP vojtanotebook:microsoft-ds *:*
UDP vojtanotebook:isakmp *:*
UDP vojtanotebook:1029 *:*
UDP vojtanotebook:1124 *:*
UDP vojtanotebook:1125 *:*
UDP vojtanotebook:1735 *:*
UDP vojtanotebook:4500 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:1027 *:*
UDP vojtanotebook:1028 *:*
UDP vojtanotebook:1900 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:netbios-ns *:*
UDP vojtanotebook:netbios-dgm *:*
UDP vojtanotebook:1900 *:*

zde log z ComboFIx:

ComboFix 10-01-14.02 - Vojtech 14.01.2010 22:34:28.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.564 [GMT 1:00]
Spuštěný z: c:\documents and settings\Vojtech\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 21:12 . 2010-01-14 21:12 77312 ----a-w- C:\mbr.exe
2010-01-14 20:37 . 2010-01-14 20:37 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-01-12 11:52 . 2010-01-12 11:52 -------- d-----w- C:\Snap
2010-01-12 11:06 . 2010-01-12 11:06 -------- d-----w- c:\program files\IPCam
2010-01-12 11:05 . 2010-01-12 11:05 -------- d-----w- c:\program files\maygion
2009-12-29 18:42 . 2009-12-29 18:42 -------- d-----w- c:\program files\Codec Pack - All In 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:02 . 2001-10-25 14:00 61434 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 21:02 . 2001-10-25 14:00 337664 ----a-w- c:\windows\system32\perfh005.dat
2010-01-14 16:52 . 2007-10-18 15:43 -------- d-----w- c:\program files\Krtecek_2_0
2010-01-13 17:58 . 2008-05-27 15:17 -------- d-----w- c:\program files\TotalValidatorTool
2010-01-13 17:58 . 2007-11-22 10:55 -------- d-----w- c:\program files\Bradbury
2010-01-13 17:58 . 2008-12-12 13:18 -------- d-----w- c:\program files\Super Clone DVD 5.0
2010-01-13 17:57 . 2008-12-20 12:58 -------- d-----w- c:\program files\Popisovač CD-DVD
2010-01-13 17:42 . 2007-09-05 22:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-13 17:42 . 2007-09-05 23:15 -------- d-----w- c:\program files\Macromedia
2010-01-13 17:41 . 2007-09-05 23:15 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 17:39 . 2007-10-11 09:24 -------- d-----w- c:\program files\Look@LAN
2010-01-13 17:38 . 2007-09-09 14:40 -------- d-----w- c:\program files\Google
2010-01-13 17:37 . 2007-12-06 23:13 -------- d-----w- c:\program files\FreeRIP3
2010-01-13 17:36 . 2008-10-06 20:41 -------- d-----w- c:\program files\Free Audio Pack
2010-01-13 17:36 . 2009-06-08 18:46 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-01-13 17:36 . 2009-11-25 14:06 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-01-13 17:34 . 2007-09-08 10:11 -------- d-----w- c:\program files\Corel
2010-01-13 17:26 . 2010-01-13 17:26 0 ----a-w- c:\documents and settings\Vojtech\ntuser.tmp
2010-01-13 17:22 . 2007-09-05 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 15:46 . 2008-03-10 16:41 -------- d-----w- c:\program files\ESET
2010-01-13 14:35 . 2008-09-19 13:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-13 08:36 . 2009-08-10 21:55 -------- d-----w- c:\program files\WinClamAVShield
2010-01-12 11:06 . 2007-09-05 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:14 . 2008-12-08 18:22 -------- d-----w- c:\program files\Winamp
2009-12-29 18:41 . 2007-09-05 20:57 737280 -c--a-w- c:\windows\iun6002.exe
2009-12-28 09:56 . 2009-08-09 23:46 -------- d-----w- c:\program files\Spyware Terminator
2009-12-13 19:37 . 2009-10-11 00:31 -------- d-----w- c:\program files\TortoiseSVN
2009-12-13 19:35 . 2009-10-11 15:16 -------- d-----w- c:\program files\Subversion
2009-12-13 19:33 . 2009-04-09 18:47 -------- d-----w- c:\program files\CSVed
2009-12-10 18:48 . 2008-05-15 10:52 -------- d-----w- c:\program files\rajce2
2009-12-06 08:28 . 2009-12-06 08:28 -------- d-----w- c:\program files\TeamViewer
2009-11-24 23:54 . 2009-10-26 23:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-26 23:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-26 23:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-26 23:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-26 23:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-26 23:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-26 19:54 . 2009-10-26 19:54 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2007-11-28 20:19 . 2007-11-28 20:19 518 ----a-w- c:\program files\Zástupce - putty.lnk
2007-11-26 15:51 . 2007-11-26 15:51 380928 -c--a-w- c:\program files\putty.exe
2006-03-20 13:34 . 2007-09-20 20:41 4796416 ----a-w- c:\program files\mplayerc.exe
2009-04-13 22:15 . 2008-01-28 14:00 12208 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2007-09-05 . 32870B6F41858B75B2358F143DA9C794 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-03_22.36.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 20:47 . 2010-01-14 20:47 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\usbui.dll
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\usbui.dll
+ 2010-01-13 17:40 . 2007-06-06 10:51 17408 c:\windows\system32\ReinstallBackups\0017\DriverFiles\DKbFltr.SYS
+ 2001-10-25 14:00 . 2010-01-14 21:02 52438 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 52438 c:\windows\system32\perfc009.dat
+ 2010-01-13 19:16 . 2010-01-13 19:16 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\drivers\usbuhci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\drivers\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\drivers\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\drivers\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\drivers\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\drivers\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\drivers\pci.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\drivers\atapi.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\drivers\atapi.sys
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\dllcache\usbui.dll
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\dllcache\usbui.dll
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\dllcache\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\dllcache\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\dllcache\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\dllcache\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-01-13 17:40 . 2004-12-09 04:04 5120 c:\windows\system32\ReinstallBackups\0017\DriverFiles\FILTRCOI.DLL
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\drivers\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\drivers\pciide.sys
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2010-01-14 21:02 340154 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 340154 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-09 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-09 2171904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\jre\\bin\\java.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\miranda-pack-105\\miranda32.exe"=
"c:\\Program Files\\miranda-pack-105\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\EasyPHP 3.0\\EasyPHP.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\EasyPHP 3.0\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IPCam\\IPCamMaster\\IPCamMaster.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.9.2009 15:49 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2009 0:46 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.9.2009 15:49 20560]
S4 SVNService;SVNService;c:\program files\Subversion\bin\SvnService.exe [11.10.2009 16:16 61440]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Vojtech\Data aplikací\Mozilla\Firefox\Profiles\k8jl3leu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:42
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\
.
Celkový čas: 2010-01-14 22:45:13
ComboFix-quarantined-files.txt 2010-01-14 21:45
ComboFix2.txt 2010-01-09 20:52
ComboFix3.txt 2010-01-03 22:39
ComboFix4.txt 2008-12-22 10:35

Před spuštěním: Volných bajtů: 15 297 335 296
Po spuštění: Volných bajtů: 15 321 341 952

- - End Of File - - FC92E3138F6A24ED8B9A814BB2BDD7CA

Děkuji za jakoukoli pomoc!

#2 Příspěvek od **motji** » 15 led 2010 15:31

Hezké odpoledne

Po použití combofixu se nic nezměnilo?

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

vojtikvojtik · #3 Příspěvek od **vojtikvojtik** » 17 led 2010 13:17

posílam logy z GMERu.

po použití combofixu se nic nezměnilo.

ještě popis co se děje. PC je dost zpomalený - zlepšio se to defragmentací. na disku mám 15GB volného místa. Někdy se z ničeho nic stane, že sice wifi zustane pripojená, ale zmizí název sítě a zmizí jakékolik možnosti bezdrátovou sít nastavit. vyřeší se to restartem. je to nějaký problém s winsock.

zkousel sem tohle:
Open CMD, Reset WINSOCK entries to installation defaults by typing: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults by typing: netsh int ip reset reset.log

Restart your PC.

Bez efektu, stalo se to znova.

teď ty logy.

Gmer log 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-17 10:33:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\VOJTEC~1\LOCALS~1\Temp\kgroipog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 12:50:38
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\VOJTEC~1\LOCALS~1\Temp\kgroipog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA546B88E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA546B0EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA546ADCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA546C938]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA546AED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA546AFC2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA312E14C]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA546BBBC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA546B3F4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA312E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA312E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA312E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA312E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA312E72E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA546B526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA546ABFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA546BB04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA546B70C]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d147e6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d147e6@00162054ab75 0xAA 0xE2 0x1D 0x30 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d147e6@00219e835393 0x6B 0x3A 0xBF 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d147e6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d147e6@00219e835393 0x6B 0x3A 0xBF 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d147e6@00162054ab75 0xE3 0x9E 0xCE 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d147e6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d147e6@00219e835393 0x6B 0x3A 0xBF 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d147e6@00162054ab75 0xE3 0x9E 0xCE 0x71 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xBB 0x86 0x8C 0x64 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

p.s. také se téměř s každým startem ukáže chyba:
V zájmu ochrany počítače systému windows tento program ukončí.
Generic host process for win32 services.

oznaceni chyby
EventType : BEX P1 : svchost.exe P2 : 0.0.0.0 P3 : 00000000
P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 00000000
P8 : c0000005 P9 : 00000008

Děkuji za jakoukoli radu...

Vojta

#4 Příspěvek od **motji** » 17 led 2010 21:51

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

-----------------------------------------------

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

VIRY.CZ

na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam

na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam

Re: na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam

Re: na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam

Re: na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam