na 6s odpoji wifi a zase pripoji, pak prestane jit zvuk,spam
Napsal: 14 led 2010 23:06
Dobrý večer, moc prosím o kontrolu logu z comboFIXu. Děje se i vícekrát za den, že se z ničeho nic, ptřeba po hodině zapnutého pc, samovolně odpojí wifi, a následně cca za 6 vteřin opět připojí. Pak přestane jít zvuk. (pokud mám ale behem toho winamp zapnutej, funguje dokud ho nevypnu, pak uz nic neprehraje) Zaroven mi přišel email od volnyho, že z mé sítě někdo šíří spam - mám pocit že možná moje pc.
Netstat se zda byt čístý:
Aktivnˇ pýipojenˇ
Proto Mˇstnˇ adresa Cizˇ adresa Stav
TCP vojtanotebook:epmap vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:microsoft-ds vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2869 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:1026 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2003 localhost:2004 NAVµZµNO
TCP vojtanotebook:2004 localhost:2003 NAVµZµNO
TCP vojtanotebook:2007 localhost:2008 NAVµZµNO
TCP vojtanotebook:2008 localhost:2007 NAVµZµNO
TCP vojtanotebook:12025 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12080 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12110 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12119 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12143 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:netbios-ssn vojtanotebook:0 NASLOUCHµNÖ
UDP vojtanotebook:microsoft-ds *:*
UDP vojtanotebook:isakmp *:*
UDP vojtanotebook:1029 *:*
UDP vojtanotebook:1124 *:*
UDP vojtanotebook:1125 *:*
UDP vojtanotebook:1735 *:*
UDP vojtanotebook:4500 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:1027 *:*
UDP vojtanotebook:1028 *:*
UDP vojtanotebook:1900 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:netbios-ns *:*
UDP vojtanotebook:netbios-dgm *:*
UDP vojtanotebook:1900 *:*
zde log z ComboFIx:
ComboFix 10-01-14.02 - Vojtech 14.01.2010 22:34:28.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.564 [GMT 1:00]
Spuštěný z: c:\documents and settings\Vojtech\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 21:12 . 2010-01-14 21:12 77312 ----a-w- C:\mbr.exe
2010-01-14 20:37 . 2010-01-14 20:37 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-01-12 11:52 . 2010-01-12 11:52 -------- d-----w- C:\Snap
2010-01-12 11:06 . 2010-01-12 11:06 -------- d-----w- c:\program files\IPCam
2010-01-12 11:05 . 2010-01-12 11:05 -------- d-----w- c:\program files\maygion
2009-12-29 18:42 . 2009-12-29 18:42 -------- d-----w- c:\program files\Codec Pack - All In 1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:02 . 2001-10-25 14:00 61434 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 21:02 . 2001-10-25 14:00 337664 ----a-w- c:\windows\system32\perfh005.dat
2010-01-14 16:52 . 2007-10-18 15:43 -------- d-----w- c:\program files\Krtecek_2_0
2010-01-13 17:58 . 2008-05-27 15:17 -------- d-----w- c:\program files\TotalValidatorTool
2010-01-13 17:58 . 2007-11-22 10:55 -------- d-----w- c:\program files\Bradbury
2010-01-13 17:58 . 2008-12-12 13:18 -------- d-----w- c:\program files\Super Clone DVD 5.0
2010-01-13 17:57 . 2008-12-20 12:58 -------- d-----w- c:\program files\Popisovač CD-DVD
2010-01-13 17:42 . 2007-09-05 22:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-13 17:42 . 2007-09-05 23:15 -------- d-----w- c:\program files\Macromedia
2010-01-13 17:41 . 2007-09-05 23:15 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 17:39 . 2007-10-11 09:24 -------- d-----w- c:\program files\Look@LAN
2010-01-13 17:38 . 2007-09-09 14:40 -------- d-----w- c:\program files\Google
2010-01-13 17:37 . 2007-12-06 23:13 -------- d-----w- c:\program files\FreeRIP3
2010-01-13 17:36 . 2008-10-06 20:41 -------- d-----w- c:\program files\Free Audio Pack
2010-01-13 17:36 . 2009-06-08 18:46 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-01-13 17:36 . 2009-11-25 14:06 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-01-13 17:34 . 2007-09-08 10:11 -------- d-----w- c:\program files\Corel
2010-01-13 17:26 . 2010-01-13 17:26 0 ----a-w- c:\documents and settings\Vojtech\ntuser.tmp
2010-01-13 17:22 . 2007-09-05 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 15:46 . 2008-03-10 16:41 -------- d-----w- c:\program files\ESET
2010-01-13 14:35 . 2008-09-19 13:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-13 08:36 . 2009-08-10 21:55 -------- d-----w- c:\program files\WinClamAVShield
2010-01-12 11:06 . 2007-09-05 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:14 . 2008-12-08 18:22 -------- d-----w- c:\program files\Winamp
2009-12-29 18:41 . 2007-09-05 20:57 737280 -c--a-w- c:\windows\iun6002.exe
2009-12-28 09:56 . 2009-08-09 23:46 -------- d-----w- c:\program files\Spyware Terminator
2009-12-13 19:37 . 2009-10-11 00:31 -------- d-----w- c:\program files\TortoiseSVN
2009-12-13 19:35 . 2009-10-11 15:16 -------- d-----w- c:\program files\Subversion
2009-12-13 19:33 . 2009-04-09 18:47 -------- d-----w- c:\program files\CSVed
2009-12-10 18:48 . 2008-05-15 10:52 -------- d-----w- c:\program files\rajce2
2009-12-06 08:28 . 2009-12-06 08:28 -------- d-----w- c:\program files\TeamViewer
2009-11-24 23:54 . 2009-10-26 23:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-26 23:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-26 23:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-26 23:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-26 23:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-26 23:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-26 19:54 . 2009-10-26 19:54 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2007-11-28 20:19 . 2007-11-28 20:19 518 ----a-w- c:\program files\Zástupce - putty.lnk
2007-11-26 15:51 . 2007-11-26 15:51 380928 -c--a-w- c:\program files\putty.exe
2006-03-20 13:34 . 2007-09-20 20:41 4796416 ----a-w- c:\program files\mplayerc.exe
2009-04-13 22:15 . 2008-01-28 14:00 12208 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2007-09-05 . 32870B6F41858B75B2358F143DA9C794 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-03_22.36.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 20:47 . 2010-01-14 20:47 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\usbui.dll
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\usbui.dll
+ 2010-01-13 17:40 . 2007-06-06 10:51 17408 c:\windows\system32\ReinstallBackups\0017\DriverFiles\DKbFltr.SYS
+ 2001-10-25 14:00 . 2010-01-14 21:02 52438 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 52438 c:\windows\system32\perfc009.dat
+ 2010-01-13 19:16 . 2010-01-13 19:16 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\drivers\usbuhci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\drivers\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\drivers\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\drivers\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\drivers\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\drivers\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\drivers\pci.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\drivers\atapi.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\drivers\atapi.sys
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\dllcache\usbui.dll
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\dllcache\usbui.dll
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\dllcache\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\dllcache\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\dllcache\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\dllcache\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-01-13 17:40 . 2004-12-09 04:04 5120 c:\windows\system32\ReinstallBackups\0017\DriverFiles\FILTRCOI.DLL
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\drivers\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\drivers\pciide.sys
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2010-01-14 21:02 340154 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 340154 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-09 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-09 2171904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\jre\\bin\\java.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\miranda-pack-105\\miranda32.exe"=
"c:\\Program Files\\miranda-pack-105\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\EasyPHP 3.0\\EasyPHP.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\EasyPHP 3.0\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IPCam\\IPCamMaster\\IPCamMaster.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.9.2009 15:49 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2009 0:46 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.9.2009 15:49 20560]
S4 SVNService;SVNService;c:\program files\Subversion\bin\SvnService.exe [11.10.2009 16:16 61440]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Vojtech\Data aplikací\Mozilla\Firefox\Profiles\k8jl3leu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:42
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\
.
Celkový čas: 2010-01-14 22:45:13
ComboFix-quarantined-files.txt 2010-01-14 21:45
ComboFix2.txt 2010-01-09 20:52
ComboFix3.txt 2010-01-03 22:39
ComboFix4.txt 2008-12-22 10:35
Před spuštěním: Volných bajtů: 15 297 335 296
Po spuštění: Volných bajtů: 15 321 341 952
- - End Of File - - FC92E3138F6A24ED8B9A814BB2BDD7CA
Děkuji za jakoukoli pomoc!
Netstat se zda byt čístý:
Aktivnˇ pýipojenˇ
Proto Mˇstnˇ adresa Cizˇ adresa Stav
TCP vojtanotebook:epmap vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:microsoft-ds vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2869 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:1026 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:2003 localhost:2004 NAVµZµNO
TCP vojtanotebook:2004 localhost:2003 NAVµZµNO
TCP vojtanotebook:2007 localhost:2008 NAVµZµNO
TCP vojtanotebook:2008 localhost:2007 NAVµZµNO
TCP vojtanotebook:12025 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12080 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12110 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12119 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:12143 vojtanotebook:0 NASLOUCHµNÖ
TCP vojtanotebook:netbios-ssn vojtanotebook:0 NASLOUCHµNÖ
UDP vojtanotebook:microsoft-ds *:*
UDP vojtanotebook:isakmp *:*
UDP vojtanotebook:1029 *:*
UDP vojtanotebook:1124 *:*
UDP vojtanotebook:1125 *:*
UDP vojtanotebook:1735 *:*
UDP vojtanotebook:4500 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:1027 *:*
UDP vojtanotebook:1028 *:*
UDP vojtanotebook:1900 *:*
UDP vojtanotebook:ntp *:*
UDP vojtanotebook:netbios-ns *:*
UDP vojtanotebook:netbios-dgm *:*
UDP vojtanotebook:1900 *:*
zde log z ComboFIx:
ComboFix 10-01-14.02 - Vojtech 14.01.2010 22:34:28.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.564 [GMT 1:00]
Spuštěný z: c:\documents and settings\Vojtech\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 21:12 . 2010-01-14 21:12 77312 ----a-w- C:\mbr.exe
2010-01-14 20:37 . 2010-01-14 20:37 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-01-12 11:52 . 2010-01-12 11:52 -------- d-----w- C:\Snap
2010-01-12 11:06 . 2010-01-12 11:06 -------- d-----w- c:\program files\IPCam
2010-01-12 11:05 . 2010-01-12 11:05 -------- d-----w- c:\program files\maygion
2009-12-29 18:42 . 2009-12-29 18:42 -------- d-----w- c:\program files\Codec Pack - All In 1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:02 . 2001-10-25 14:00 61434 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 21:02 . 2001-10-25 14:00 337664 ----a-w- c:\windows\system32\perfh005.dat
2010-01-14 16:52 . 2007-10-18 15:43 -------- d-----w- c:\program files\Krtecek_2_0
2010-01-13 17:58 . 2008-05-27 15:17 -------- d-----w- c:\program files\TotalValidatorTool
2010-01-13 17:58 . 2007-11-22 10:55 -------- d-----w- c:\program files\Bradbury
2010-01-13 17:58 . 2008-12-12 13:18 -------- d-----w- c:\program files\Super Clone DVD 5.0
2010-01-13 17:57 . 2008-12-20 12:58 -------- d-----w- c:\program files\Popisovač CD-DVD
2010-01-13 17:42 . 2007-09-05 22:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-13 17:42 . 2007-09-05 23:15 -------- d-----w- c:\program files\Macromedia
2010-01-13 17:41 . 2007-09-05 23:15 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-13 17:39 . 2007-10-11 09:24 -------- d-----w- c:\program files\Look@LAN
2010-01-13 17:38 . 2007-09-09 14:40 -------- d-----w- c:\program files\Google
2010-01-13 17:37 . 2007-12-06 23:13 -------- d-----w- c:\program files\FreeRIP3
2010-01-13 17:36 . 2008-10-06 20:41 -------- d-----w- c:\program files\Free Audio Pack
2010-01-13 17:36 . 2009-06-08 18:46 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-01-13 17:36 . 2009-11-25 14:06 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-01-13 17:34 . 2007-09-08 10:11 -------- d-----w- c:\program files\Corel
2010-01-13 17:26 . 2010-01-13 17:26 0 ----a-w- c:\documents and settings\Vojtech\ntuser.tmp
2010-01-13 17:22 . 2007-09-05 19:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 15:46 . 2008-03-10 16:41 -------- d-----w- c:\program files\ESET
2010-01-13 14:35 . 2008-09-19 13:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-13 08:36 . 2009-08-10 21:55 -------- d-----w- c:\program files\WinClamAVShield
2010-01-12 11:06 . 2007-09-05 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:14 . 2008-12-08 18:22 -------- d-----w- c:\program files\Winamp
2009-12-29 18:41 . 2007-09-05 20:57 737280 -c--a-w- c:\windows\iun6002.exe
2009-12-28 09:56 . 2009-08-09 23:46 -------- d-----w- c:\program files\Spyware Terminator
2009-12-13 19:37 . 2009-10-11 00:31 -------- d-----w- c:\program files\TortoiseSVN
2009-12-13 19:35 . 2009-10-11 15:16 -------- d-----w- c:\program files\Subversion
2009-12-13 19:33 . 2009-04-09 18:47 -------- d-----w- c:\program files\CSVed
2009-12-10 18:48 . 2008-05-15 10:52 -------- d-----w- c:\program files\rajce2
2009-12-06 08:28 . 2009-12-06 08:28 -------- d-----w- c:\program files\TeamViewer
2009-11-24 23:54 . 2009-10-26 23:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-26 23:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-26 23:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-26 23:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-26 23:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-26 23:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-26 19:54 . 2009-10-26 19:54 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2007-11-28 20:19 . 2007-11-28 20:19 518 ----a-w- c:\program files\Zástupce - putty.lnk
2007-11-26 15:51 . 2007-11-26 15:51 380928 -c--a-w- c:\program files\putty.exe
2006-03-20 13:34 . 2007-09-20 20:41 4796416 ----a-w- c:\program files\mplayerc.exe
2009-04-13 22:15 . 2008-01-28 14:00 12208 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2007-09-05 . 32870B6F41858B75B2358F143DA9C794 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-03_22.36.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 20:47 . 2010-01-14 20:47 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\usbui.dll
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\usbui.dll
+ 2010-01-13 17:40 . 2007-06-06 10:51 17408 c:\windows\system32\ReinstallBackups\0017\DriverFiles\DKbFltr.SYS
+ 2001-10-25 14:00 . 2010-01-14 21:02 52438 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 52438 c:\windows\system32\perfc009.dat
+ 2010-01-13 19:16 . 2010-01-13 19:16 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\drivers\usbuhci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\drivers\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\drivers\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\drivers\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\drivers\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\drivers\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\drivers\pci.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\drivers\isapnp.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\drivers\atapi.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\drivers\atapi.sys
- 2007-09-05 23:57 . 2004-08-17 13:49 75264 c:\windows\system32\dllcache\usbui.dll
+ 2007-09-05 23:57 . 2004-08-17 14:49 75264 c:\windows\system32\dllcache\usbui.dll
- 2004-08-03 21:08 . 2004-08-03 21:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 20480 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 57600 c:\windows\system32\dllcache\usbhub.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 57600 c:\windows\system32\dllcache\usbhub.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 26624 c:\windows\system32\dllcache\usbehci.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 25088 c:\windows\system32\dllcache\pciidex.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 25088 c:\windows\system32\dllcache\pciidex.sys
- 2004-08-17 13:43 . 2004-08-17 13:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2004-08-17 13:43 . 2004-08-17 14:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2001-10-25 14:00 . 2001-10-24 10:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2001-10-25 14:00 . 2001-10-24 09:44 35840 c:\windows\system32\dllcache\isapnp.sys
- 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2004-08-03 20:59 . 2004-08-03 21:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-01-13 17:40 . 2004-12-09 04:04 5120 c:\windows\system32\ReinstallBackups\0017\DriverFiles\FILTRCOI.DLL
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\drivers\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\drivers\pciide.sys
- 2001-10-25 14:00 . 2001-10-24 09:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2001-10-24 10:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2001-10-25 14:00 . 2010-01-14 21:02 340154 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-01-03 19:25 340154 c:\windows\system32\perfh009.dat
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\drivers\usbport.sys
- 2004-08-03 21:08 . 2004-08-03 21:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2004-08-03 21:08 . 2004-08-03 22:08 142976 c:\windows\system32\dllcache\usbport.sys
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-09 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-09 2171904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\jre\\bin\\java.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\miranda-pack-105\\miranda32.exe"=
"c:\\Program Files\\miranda-pack-105\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\EasyPHP 3.0\\EasyPHP.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\EasyPHP 3.0\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IPCam\\IPCamMaster\\IPCamMaster.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.9.2009 15:49 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.8.2009 0:46 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.9.2009 15:49 20560]
S4 SVNService;SVNService;c:\program files\Subversion\bin\SvnService.exe [11.10.2009 16:16 61440]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Vojtech\Data aplikací\Mozilla\Firefox\Profiles\k8jl3leu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:42
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bb,86,8c,64,27,c2,74,a1,34,b4,05,dd,52,5d,24,63,54,a0,76,da,67,
cf,fb,6b,a6,ae,bc,e5,8c,b1,34,b9,e2,0c,c4,31,35,94,d3,c9,20,14,a1,9b,41,83,\
.
Celkový čas: 2010-01-14 22:45:13
ComboFix-quarantined-files.txt 2010-01-14 21:45
ComboFix2.txt 2010-01-09 20:52
ComboFix3.txt 2010-01-03 22:39
ComboFix4.txt 2008-12-22 10:35
Před spuštěním: Volných bajtů: 15 297 335 296
Po spuštění: Volných bajtů: 15 321 341 952
- - End Of File - - FC92E3138F6A24ED8B9A814BB2BDD7CA
Děkuji za jakoukoli pomoc!
Stáhněte Gmer