Pomalý net,vypadává zvuk,vypína se firewall

[MarekSkala]

Vypíná se mi z ničeho nic zvuk(zajímavý je, že zvuky erroru a podobnejch windows ptakovin fungujou,ale zvuk z youtube nebo ze hry ne) a firewall..vždy mi pomuže jenom restart,ale tak 5 minut po něm to zas blbne...nevim co se stalo...muselo to být někdy teď, protože PC běžel fajn

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bill Gates at 2011-09-12 19:48:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 48 GB (63%) free of 76 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:47, on 12.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\inetsrv\DavCData.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Bill Gates\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\Bill Gates.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://utorrentbar.ourtoolbar.com/SetupFinish
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4455 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - D:\Documents and Settings\Bill Gates\Data aplikací\Mozilla\Firefox\Profiles\wlrfspee.default

prefs.js - "browser.startup.homepage" - "google.com"

"jqs@sun.com"=D:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=D:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

D:\Documents and Settings\Bill Gates\Data aplikací\Mozilla\Firefox\Profiles\wlrfspee.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - D:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-09-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - D:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avast"=D:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2011-04-14 20053608]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"Pando Media Booster"=D:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-09-12 3077528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Pando Networks\Media Booster\PMB.exe"="D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Pando Networks\Media Booster\PMB.exe"="D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-12 19:48:42 ----D---- D:\Program Files\trend micro
2011-09-12 19:48:41 ----D---- D:\rsit
2011-09-12 17:43:16 ----A---- D:\WINDOWS\system32\woot.exe
2011-09-12 17:04:25 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2011-09-12 17:04:25 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2011-09-12 17:04:25 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2011-09-12 17:04:25 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2011-09-12 17:04:22 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2011-09-12 16:42:18 ----D---- D:\Documents and Settings\All Users\Data aplikací\PMB Files
2011-09-12 16:41:59 ----D---- D:\Program Files\Pando Networks
2011-09-10 22:50:01 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2011-09-10 22:46:58 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\Leadertech
2011-09-10 14:32:54 ----D---- D:\Program Files\EA Sports
2011-09-10 14:32:52 ----A---- D:\WINDOWS\system32\D3DX9_37.dll
2011-09-10 14:32:52 ----A---- D:\WINDOWS\system32\d3dx9_35.dll
2011-09-10 14:32:51 ----A---- D:\WINDOWS\system32\xinput1_3.dll
2011-09-10 14:32:51 ----A---- D:\WINDOWS\system32\d3dx9_34.dll
2011-09-10 14:32:50 ----A---- D:\WINDOWS\system32\d3dx9_33.dll
2011-09-10 14:32:49 ----A---- D:\WINDOWS\system32\d3dx9_32.dll
2011-09-10 14:32:49 ----A---- D:\WINDOWS\system32\d3dx9_31.dll
2011-09-10 14:32:40 ----A---- D:\WINDOWS\system32\d3dx9_30.dll
2011-09-10 14:32:40 ----A---- D:\WINDOWS\system32\d3dx9_29.dll
2011-09-10 14:32:39 ----A---- D:\WINDOWS\system32\xinput9_1_0.dll
2011-09-10 14:32:39 ----A---- D:\WINDOWS\system32\d3dx9_27.dll
2011-09-10 14:32:38 ----A---- D:\WINDOWS\system32\d3dx9_26.dll
2011-09-10 14:32:38 ----A---- D:\WINDOWS\system32\d3dx9_25.dll
2011-09-10 14:32:37 ----A---- D:\WINDOWS\system32\d3dx9_24.dll
2011-09-09 19:38:18 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\Mount&Blade With Fire and Sword
2011-09-09 17:58:10 ----A---- D:\WINDOWS\system32\D3DCompiler_42.dll
2011-09-09 17:58:07 ----A---- D:\WINDOWS\system32\D3DX9_42.dll
2011-09-09 17:57:55 ----A---- D:\WINDOWS\system32\D3DX9_41.dll
2011-09-09 17:57:29 ----D---- D:\WINDOWS\Logs
2011-09-09 17:57:26 ----D---- D:\Program Files\Mount&Blade With Fire and Sword
2011-09-07 18:03:47 ----A---- D:\WINDOWS\doom3.ini
2011-09-07 18:02:20 ----D---- D:\Program Files\Doom 3
2011-09-07 16:25:20 ----D---- D:\Program Files\Conduit
2011-09-07 16:25:15 ----D---- D:\Program Files\uTorrentBar
2011-09-07 16:25:03 ----D---- D:\Program Files\uTorrent
2011-09-07 16:24:06 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\uTorrent
2011-09-07 15:38:18 ----D---- D:\Program Files\SystemRequirementsLab
2011-09-07 15:38:09 ----D---- D:\WINDOWS\Sun
2011-09-07 15:37:14 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\Mozilla
2011-09-07 15:36:55 ----D---- D:\Program Files\Mozilla Firefox
2011-09-07 15:36:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sun
2011-09-07 15:36:09 ----D---- D:\Program Files\Common Files\Java
2011-09-07 15:35:53 ----A---- D:\WINDOWS\system32\javaws.exe
2011-09-07 15:35:53 ----A---- D:\WINDOWS\system32\javaw.exe
2011-09-07 15:35:53 ----A---- D:\WINDOWS\system32\java.exe
2011-09-07 15:35:53 ----A---- D:\WINDOWS\system32\deployJava1.dll
2011-09-07 15:35:40 ----D---- D:\Program Files\Java
2011-09-07 15:35:09 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\Sun
2011-09-07 15:29:27 ----D---- D:\Documents and Settings\Bill Gates\Data aplikací\Adobe
2011-09-05 16:16:21 ----A---- D:\WINDOWS\system32\drivers\kbdhid.sys
2011-09-05 16:15:56 ----A---- D:\WINDOWS\system32\hidserv.dll
2011-09-05 16:15:51 ----A---- D:\WINDOWS\system32\drivers\usbccgp.sys

======List of files/folders modified in the last 1 month======

2011-09-12 19:48:42 ----RD---- D:\Program Files
2011-09-12 19:44:10 ----D---- D:\WINDOWS\Temp
2011-09-12 19:39:45 ----D---- D:\WINDOWS\system32
2011-09-12 19:39:45 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2011-09-12 19:34:49 ----D---- D:\WINDOWS\Registration
2011-09-12 19:34:43 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-09-12 19:31:23 ----D---- D:\WINDOWS\system32\inetsrv
2011-09-12 19:26:04 ----D---- D:\WINDOWS\Prefetch
2011-09-12 17:25:49 ----D---- D:\WINDOWS
2011-09-12 17:13:59 ----SD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-09-12 17:04:26 ----HD---- D:\WINDOWS\inf
2011-09-12 17:04:23 ----D---- D:\WINDOWS\system32\CatRoot2
2011-09-12 17:04:19 ----D---- D:\WINDOWS\system32\DirectX
2011-09-12 17:01:35 ----HD---- D:\Program Files\InstallShield Installation Information
2011-09-12 14:15:50 ----D---- D:\Program Files\SpeedFan
2011-09-10 22:46:15 ----SHD---- D:\WINDOWS\Installer
2011-09-10 22:40:09 ----RSD---- D:\WINDOWS\assembly
2011-09-10 14:00:15 ----SD---- D:\Documents and Settings\Bill Gates\Data aplikací\Microsoft
2011-09-08 14:07:31 ----D---- D:\Documents and Settings\All Users\Data aplikací\Adobe
2011-09-07 18:00:56 ----D---- D:\Program Files\Common Files\InstallShield
2011-09-07 17:42:01 ----D---- D:\WINDOWS\Microsoft.NET
2011-09-07 16:50:31 ----D---- D:\WINDOWS\system32\Logfiles
2011-09-07 15:36:09 ----D---- D:\Program Files\Common Files
2011-09-05 16:16:26 ----RSHDC---- D:\WINDOWS\system32\dllcache
2011-09-05 16:16:21 ----D---- D:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; D:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; D:\WINDOWS\system32\speedfan.sys [2010-12-18 21696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2007-12-16 232512]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; D:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 cpuz135;cpuz135; \??\D:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-05-03 6404712]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-05-04 295528]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; D:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 ENTECH;ENTECH; \??\D:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Monfilt;Monfilt; D:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 rt2870;802.11n USB Wireless LAN Card Driver; D:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-11-27 650624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 IISADMIN;Správa služby IIS; D:\WINDOWS\system32\i [2011-09-12 88]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2011-09-07 153376]
R2 W3SVC;Publikování na webu; D:\WINDOWS\system32\i [2011-09-12 88]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2007-12-16 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2007-12-16 136176]

-----------------EOF-----------------

[Rudy]

Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[MarekSkala]

ComboFix 11-09-13.01 - Bill Gates 13.09.2011 14:55:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1522 [GMT 2:00]
Spuštěný z: d:\documents and settings\Bill Gates\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\system32\Cache
.
Nakažená kopie d:\windows\system32\ctfmon.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\system32\ctfmon.exe.backup
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-13 do 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-12 17:48 . 2011-09-12 17:48 -------- d-----w- d:\program files\trend micro
2011-09-12 17:48 . 2011-09-12 17:48 -------- d-----w- D:\rsit
2011-09-12 15:43 . 2011-09-12 15:43 174670 ----a-w- d:\windows\system32\woot.exe
2011-09-12 15:04 . 2008-07-31 08:41 68616 ----a-w- d:\windows\system32\XAPOFX1_1.dll
2011-09-12 15:04 . 2008-07-31 08:40 509448 ----a-w- d:\windows\system32\XAudio2_2.dll
2011-09-12 15:04 . 2008-07-12 06:18 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-09-12 15:04 . 2008-07-12 06:18 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-09-12 15:04 . 2008-07-12 06:18 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-09-12 14:42 . 2011-09-13 13:22 -------- d-----w- d:\documents and settings\Bill Gates\Local Settings\Data aplikací\PMB Files
2011-09-12 14:42 . 2011-09-12 14:42 -------- d-----w- d:\documents and settings\All Users\Data aplikac
2011-09-12 14:41 . 2011-09-12 14:41 -------- d-----w- d:\program files\Pando Networks
2011-09-10 20:50 . 2011-09-10 20:50 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2011-09-10 20:46 . 2011-09-10 20:46 -------- d-----w- d:\documents and settings\Bill Gates\Data aplikací\Leadertech
2011-09-09 17:38 . 2011-09-10 09:36 -------- d-----w- d:\documents and settings\Bill Gates\Data aplikací\Mount&Blade With Fire and Sword
2011-09-09 15:58 . 2009-09-04 15:29 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2011-09-09 15:58 . 2009-09-04 15:29 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
2011-09-09 15:57 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll
2011-09-09 15:57 . 2011-09-09 15:57 -------- d-----w- d:\windows\Logs
2011-09-09 15:57 . 2011-09-09 17:38 -------- d-----w- d:\program files\Mount&Blade With Fire and Sword
2011-09-09 14:02 . 2011-09-09 14:02 -------- d-----w- d:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-09-08 12:06 . 2011-09-08 12:06 -------- d-----w- d:\documents and settings\Bill Gates\Local Settings\Data aplikací\Adobe
2011-09-07 16:02 . 2011-09-07 16:10 -------- d-----w- d:\program files\Doom 3
2011-09-07 14:25 . 2011-09-07 14:25 -------- d-s---w- d:\documents and settings\Bill Gates\UserData
2011-09-07 14:25 . 2011-09-07 14:25 -------- d-----w- d:\program files\Conduit
2011-09-07 14:25 . 2011-09-10 12:09 -------- d-----w- d:\documents and settings\Bill Gates\Local Settings\Data aplikací\Conduit
2011-09-07 14:25 . 2011-09-07 14:25 -------- d-----w- d:\program files\uTorrent
2011-09-07 14:24 . 2011-09-10 20:55 -------- d-----w- d:\documents and settings\Bill Gates\Data aplikací\uTorrent
2011-09-07 14:24 . 2011-09-07 14:24 -------- d-----w- d:\documents and settings\Bill Gates\Local Settings\Data aplikací\uTorrent
2011-09-07 13:38 . 2011-09-07 13:38 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-07 13:38 . 2011-09-07 13:38 -------- d-----w- d:\program files\SystemRequirementsLab
2011-09-07 13:38 . 2011-09-10 12:11 -------- d-----w- d:\documents and settings\Bill Gates\SystemRequirementsLab
2011-09-07 13:38 . 2011-09-07 13:38 -------- d-----w- d:\windows\Sun
2011-09-07 13:37 . 2011-09-07 13:37 -------- d-----w- d:\documents and settings\Bill Gates\Local Settings\Data aplikací\Mozilla
2011-09-07 13:36 . 2011-09-07 13:36 -------- d-----w- d:\program files\Common Files\Java
2011-09-07 13:35 . 2011-09-07 13:35 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-09-07 13:35 . 2011-09-07 13:35 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-09-07 13:35 . 2011-09-07 13:35 -------- d-----w- d:\program files\Java
2011-09-05 14:16 . 2008-04-14 05:59 14592 -c--a-w- d:\windows\system32\dllcache\kbdhid.sys
2011-09-05 14:16 . 2008-04-14 05:59 14592 ----a-w- d:\windows\system32\drivers\kbdhid.sys
2011-09-05 14:15 . 2008-04-14 06:51 21504 -c--a-w- d:\windows\system32\dllcache\hidserv.dll
2011-09-05 14:15 . 2008-04-14 06:51 21504 ----a-w- d:\windows\system32\hidserv.dll
2011-09-05 14:15 . 2008-04-13 22:15 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2011-09-05 14:15 . 2008-04-13 22:15 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 08:00 . 2007-12-15 23:49 73216 ----a-w- d:\windows\system32\ff_vfw.dll
2011-09-03 06:15 . 2011-09-07 13:36 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "d:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- d:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "d:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "d:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 13:10 122512 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Pando Media Booster"="d:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Antivirus"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57487:TCP"= 57487:TCP:Pando Media Booster
"57487:UDP"= 57487:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [16.12.2007 1:51 441176]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [16.12.2007 1:51 307928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [16.12.2007 1:54 232512]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [16.12.2007 1:51 19544]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [10.12.2007 1:05 21992]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [16.12.2007 1:51 136176]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [16.12.2007 1:57 1691480]
S3 gupdatem;Služba Google Update (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [16.12.2007 1:51 136176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-13 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2007-12-15 23:51]
.
2011-09-13 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2007-12-15 23:51]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://utorrentbar.ourtoolbar.com/SetupFinish
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - d:\documents and settings\Bill Gates\Data aplikací\Mozilla\Firefox\Profiles\wlrfspee.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 15:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
d:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\windows\system32\inetsrv\inetinfo.exe
d:\windows\RTHDCPL.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-09-13 15:26:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-13 13:26
.
Před spuštěním: Volných bajtů: 50 262 777 856
Po spuštění: Volných bajtů: 53 383 593 984
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6E73C8C6AE5A460304A95B12D4EB2F60

[Rudy]

CF něco smazal a jeden nakažený soubor obnovil ze zálohy. Zbytek logu vypadá čistý. Nastala nějaká změna?

[MarekSkala]

bohužel ne, internet je furt pomalý,zvuk vypadává a do brány firewall se nedostanu a furt mi to tu hází nějakej win 32 error,až to hodí znova tak si to zapíšu

//je to "V aplikaci Generic Host Process for Win 32 services došlo k problému a je třeba jej zavřít"

[Rudy]

Máte všechny systémové aktualizace?

[MarekSkala]

Nejspíše ano, aktualizace vypnuté nemám a SP 3 mam také.

[Rudy]

OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[MarekSkala]

Status: Deleted (events: 4)
14.9.2011 20:16:21 Deleted virus Net-Worm.Win32.Kolab.anen D:\System Volume Information\_restore{1969856B-F157-430D-80C8-A3D2D3D116E3}\RP20\A0009867.exe High
14.9.2011 20:19:12 Deleted Trojan program Trojan-Downloader.BAT.Ftp.it D:\WINDOWS\system32\i High
14.9.2011 20:19:17 Deleted virus Worm.Win32.Ngrbot.eiv D:\WINDOWS\system32\woot.exe High
14.9.2011 20:19:17 Deleted virus Worm.Win32.Ngrbot.eiv D:\WINDOWS\system32\woot.exe//PEBundle High
Po skenu mi nešel net tak sem to restartoval a pak zase stejnej error a firewall zase nejde spustit..zvuk zatim de, ale bůhví , jak dlouho

[Rudy]

Co jste instaloval těsně před tím, než se problém objevil?