velké využití paměti po zapnutí

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 02:08

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : JUMPERM [Práva správce]
Mód : Smazat -- Datum : 12/15/2014 01:38:46

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000\Software\Microsoft\Windows\CurrentVersion\Run | HP Officejet 7500 E910 (NET) : "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY1AL310J905JB:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1 [7][x][x][x][x][x][-] -> Smazáno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29F6B0AA-4CEA-48EB-9636-04316CE976DC} | NameServer : 93.153.117.33 93.153.117.1 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29F6B0AA-4CEA-48EB-9636-04316CE976DC} | NameServer : 93.153.117.33 93.153.117.1 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29F6B0AA-4CEA-48EB-9636-04316CE976DC} | NameServer : 93.153.117.33 93.153.117.1 -> Nahrazeno ()
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FIREFX:Addon] l1eneqcv.default : QipCounter [QipCounter@qip.ru] -> Smazáno
[FIREFX:Addon] l1eneqcv.default : Automatic password input in Fx [{C1CA7765-44E4-452e-9D00-A04F3D434281}] -> Smazáno
[PUM.HomePage][FIREFX:Config] l1eneqcv.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 8411b88a7ba3cafec3d127903492baeb
[BSP] 879c5280dcc36aa61e5b5b518bdbfa32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 119236 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 247269376 | Size: 117738 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_12142014_153601.log - RKreport_SCN_12152014_013803.log

Reklama
jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 02:08

Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by JUMPERM on po 15.12.2014 at 1:41:12,17.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JUMPERM\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.12.2014 1:43:48 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\ALM deleted successfully
C:\PROGRA~2\CorelDRAW Graphics Suite X6 deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\TrueSuite deleted successfully
C:\Users\novak\AppData\Roaming\Abvent deleted successfully
C:\Users\novak\AppData\Roaming\EDrawings deleted successfully
C:\Users\novak\AppData\Roaming\TFPU deleted successfully
C:\Users\JUMPERM\AppData\Roaming\pyshell deleted successfully
C:\Users\novak\AppData\Local\Lumion_3_2_1_Free deleted successfully
C:\Users\novak\AppData\Local\WnSoft-WaveCache deleted successfully
C:\Users\JUMPERM\AppData\Local\WnSoft-WaveCache deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{C1CA7765-44E4-452e-9D00-A04F3D434281} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C1CA7765-44E4-452e-9D00-A04F3D434281} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\novak\AppData\Roaming\Mozilla\Firefox\Profiles\t149ip9k.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");

Added to C:\Users\novak\AppData\Roaming\Mozilla\Firefox\Profiles\t149ip9k.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\novak\AppData\Roaming\Mozilla\Firefox\Profiles\t149ip9k.default

user.js not found
---- Lines {C1CA7765-44E4-452e-9D00-A04F3D434281} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C1CA7765-44E4-452e-9D00-A04F3D434281}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_15.12.2014_0156_.backup

ProfilePath: C:\Users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default

user.js not found
---- Lines {C1CA7765-44E4-452e-9D00-A04F3D434281} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C1CA7765-44E4-452e-9D00-A04F3D434281}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_15.12.2014_0156_.backup

==== Deleting Files \ Folders ======================

C:\Users\novak\AppData\Roaming\burnaware.ini deleted
C:\Users\novak\AppData\Roaming\FotoSketcher.ini deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default\Invalidprefs.js deleted
"C:\Users\JUMPERM\AppData\Roaming\business-inkjet" deleted
"C:\Users\JUMPERM\AppData\Roaming\designjet" deleted
"C:\Users\JUMPERM\AppData\Roaming\deskjet" deleted
"C:\Users\JUMPERM\AppData\Roaming\docInfo" deleted
"C:\ProgramData\Alerts" deleted
"C:\ProgramData\Ambient" deleted
"C:\ProgramData\Analog Pad" deleted
"C:\ProgramData\Analog Sync" deleted
"C:\ProgramData\filter" deleted
"C:\ProgramData\grep" deleted
"C:\ProgramData\howto" deleted
"C:\ProgramData\images" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\novak\AppData\Roaming\Mozilla\Firefox\Profiles\t149ip9k.default
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BBF0479C2D30519A2E746D12CAE54B43 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U71
1ED046D972B98E0ADEC4D4D61BF37695 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.710.14
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
9CD7CD8FD07718851DD8081CDF8CA3E7 - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll - AdobeExManDetect
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\novak\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\novak\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JUMPERM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\JUMPERM\AppData\Local\Mozilla\Firefox\Profiles\l1eneqcv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=13 38000167 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\novak\AppData\Local\Temp emptied successfully
C:\Users\JUMPERM\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JUMPERM\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 15.12.2014 at 2:02:53,00 ======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jaro3 » 15 pro 2014 10:35

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 16:55

ComboFix 14-12-14.01 - JUMPERM 15.12.2014 16:34:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3067.1470 [GMT 1:00]
Spuštěný z: c:\users\JUMPERM\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Winlogon
c:\programdata\Winlogon\piztmhvct.exe
c:\users\JUMPERM\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\users\JUMPERM\IE
c:\windows\IsUn0405.exe
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-15 do 2014-12-15 )))))))))))))))))))))))))))))))
.
.
2014-12-15 07:24 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Local\ArcSoft
2014-12-15 07:24 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Roaming\TFPU
2014-12-15 07:23 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Local\Adobe
2014-12-15 01:00 . 2014-12-15 00:41 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-15 01:00 . 2014-12-15 15:45 -------- d-----w- c:\users\JUMPERM\AppData\Local\Temp
2014-12-15 00:41 . 2014-12-15 00:57 -------- d-----w- C:\zoek_backup
2014-12-14 14:28 . 2014-12-15 00:33 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-14 14:28 . 2014-12-14 14:28 -------- d-----w- c:\programdata\RogueKiller
2014-12-14 13:50 . 2014-12-14 13:50 -------- d-----w- c:\windows\ERUNT
2014-12-13 10:03 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C556C29-352F-4512-84A6-1DE6F6027DB9}\mpengine.dll
2014-12-12 11:30 . 2014-12-15 00:03 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 11:29 . 2014-12-12 11:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-12 11:29 . 2014-12-12 11:29 -------- d-----w- c:\programdata\Malwarebytes
2014-12-12 11:29 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-12 11:29 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 11:29 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-12 11:22 . 2014-12-14 13:41 -------- d-----w- C:\AdwCleaner
2014-12-12 11:20 . 2014-12-12 11:20 -------- d-----w- c:\users\JUMPERM\AppData\Local\ArcSoft
2014-12-12 11:19 . 2014-12-15 01:00 -------- d-----w- c:\users\JUMPERM\AppData\Local\Adobe
2014-12-11 23:05 . 2014-12-11 23:05 -------- d---a-w- c:\programdata\Reprise
2014-12-11 23:05 . 2014-12-11 23:05 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\SketchUp
2014-12-11 22:44 . 2014-12-11 22:44 -------- d-----w- c:\programdata\SketchUp
2014-12-11 22:44 . 2014-12-11 22:44 -------- d-----w- c:\program files\SketchUp
2014-12-11 09:27 . 2014-12-11 09:27 -------- d-----w- c:\program files\CCleaner
2014-12-11 08:03 . 2014-12-13 08:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-12-11 08:02 . 2014-12-13 08:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-12-11 00:21 . 2014-12-11 00:21 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-11 00:20 . 2014-12-11 00:20 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-12-11 00:01 . 2014-12-11 00:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-12-10 14:29 . 2014-12-10 14:29 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 07:51 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 07:51 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 07:51 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 07:51 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 07:51 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 07:38 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 07:38 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 07:38 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:38 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 07:38 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 07:38 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 07:38 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-03 11:39 . 2014-12-03 11:39 -------- d-sh--w- c:\users\JUMPERM\AppData\Local\EmieBrowserModeList
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-11-25 12:59 . 2014-11-25 12:59 18638520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 19:18 . 2014-11-24 19:18 -------- d-----w- c:\program files\Fingerprint Sensor
2014-11-19 21:00 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-11-19 21:00 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-11-19 21:00 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-11-19 21:00 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-11-19 20:56 . 2014-11-19 20:58 -------- d-----w- c:\users\JUMPERM\AppData\Local\Microsoft Games
2014-11-19 19:58 . 2014-11-19 19:58 -------- d-----w- c:\program files\AuthenTec
2014-11-19 09:14 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 09:14 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-18 19:35 . 2014-11-18 19:35 -------- d-----w- c:\program files\Microsoft Games
2014-11-16 11:18 . 2014-11-16 11:18 -------- d-sh--w- c:\users\novak\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 20:13 . 2012-04-02 21:51 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 20:13 . 2011-09-05 23:52 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-09-05 20:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:32 . 2014-11-12 07:42 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-22 15:56 . 2014-10-22 15:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-18 01:33 . 2014-11-12 07:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-12 07:42 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 07:42 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 07:42 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-12 07:42 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 07:42 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:42 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 07:42 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44 . 2014-11-12 07:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 07:42 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44 . 2014-11-12 07:42 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44 . 2014-11-12 07:42 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 07:42 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40 . 2014-10-01 06:25 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23 . 2014-11-12 07:42 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23 . 2014-11-12 07:42 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 07:42 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23 . 2014-11-12 07:42 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 07:42 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 07:42 17408 ----a-w- c:\windows\system32\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2009-09-15 16:36 147888 ----a-w- c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2014-09-19 90624]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-09-17 357400]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-24 184320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2010-06-23 1592264]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-05 2586912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-12-18 72192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
Dual Smart Solution.lnk - c:\program files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe -startup [2014-3-18 888832]
Network Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2013-5-19 5724472]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2014-6-8 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2014-6-8 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2012-10-17 16384]
R3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2012-11-23 10752]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2013-04-01 11520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-07 232512]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-11 1811704]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2012-10-21 102400]
S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [2009-12-18 127384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-09-17 2058776]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-02 1042808]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2014-06-02 296312]
S2 WMCoreService;Mobile Broadband Service;c:\program files\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2012-10-18 971752]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2011-06-13 23592]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2011-06-13 26152]
S3 Mbm3CBus;TOSHIBA F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 364232]
S3 Mbm3DevMt;TOSHIBA Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 402504]
S3 Mbm3mdfl;TOSHIBA Mobile Broadband Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 14920]
S3 Mbm3Mdm;TOSHIBA Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 419656]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\t36wgps.sys [2011-05-26 87080]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-06-10 231976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-NEXIS32 3.40.11 - c:\windows\IsUn0405.exe
AddRemove-{1891b882-48f7-442d-98d0-c1ce533f25bd} - c:\programdata\Package Cache\{1891b882-48f7-442d-98d0-c1ce533f25bd}\WD SmartWare Installer.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-QipGuard - c:\users\JUMPERM\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:ba,4d,a0,6d,e7,a8,8e,45,a8,72,6b,22,bc,77,69,d7
.
[HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000_Classes\CLSID\{BA4DA06D-E7A8-8E45-A872-6B22BC7769D7}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-12-15 16:48:53
ComboFix-quarantined-files.txt 2014-12-15 15:48
.
Před spuštěním: Volných bajtů: 15 523 233 792
Po spuštění: Volných bajtů: 15 406 047 232
.
- - End Of File - - 23FC83AB09F21F338FB705E0FEA8B6C4
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jaro3 » 15 pro 2014 18:28

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy 2

RegLock::
[HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000_Classes\CLSID\{BA4DA06D-E7A8-8E45-A872-6B22BC7769D7}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 21:05

ComboFix 14-12-14.01 - JUMPERM 15.12.2014 19:53:30.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3067.1806 [GMT 1:00]
Spuštěný z: c:\users\JUMPERM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JUMPERM\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spybot - Search & Destroy 2
c:\program files\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
c:\program files\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\141211-090745.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\141211-211534.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\141211-215832.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Logs\141211-090745.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\141211-211534.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\141211-215832.xml.cleaning.log
c:\programdata\Spybot - Search & Destroy\Logs\Cleaner.log
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.141211-1020.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.141211-2144.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.141211-2231.txt
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-15 do 2014-12-15 )))))))))))))))))))))))))))))))
.
.
2014-12-15 19:05 . 2014-12-15 19:05 -------- d-----w- c:\users\novak\AppData\Local\temp
2014-12-15 07:24 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Local\ArcSoft
2014-12-15 07:24 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Roaming\TFPU
2014-12-15 07:23 . 2014-12-15 07:24 -------- d-----w- c:\users\novak\AppData\Local\Adobe
2014-12-15 01:00 . 2014-12-15 00:41 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-15 01:00 . 2014-12-15 19:53 -------- d-----w- c:\users\JUMPERM\AppData\Local\Temp
2014-12-15 00:41 . 2014-12-15 00:57 -------- d-----w- C:\zoek_backup
2014-12-14 14:28 . 2014-12-15 00:33 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-14 14:28 . 2014-12-14 14:28 -------- d-----w- c:\programdata\RogueKiller
2014-12-14 13:50 . 2014-12-14 13:50 -------- d-----w- c:\windows\ERUNT
2014-12-13 10:03 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C556C29-352F-4512-84A6-1DE6F6027DB9}\mpengine.dll
2014-12-12 11:30 . 2014-12-15 00:03 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 11:29 . 2014-12-12 11:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-12 11:29 . 2014-12-12 11:29 -------- d-----w- c:\programdata\Malwarebytes
2014-12-12 11:29 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-12 11:29 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 11:29 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-12 11:22 . 2014-12-14 13:41 -------- d-----w- C:\AdwCleaner
2014-12-12 11:20 . 2014-12-12 11:20 -------- d-----w- c:\users\JUMPERM\AppData\Local\ArcSoft
2014-12-12 11:19 . 2014-12-15 01:00 -------- d-----w- c:\users\JUMPERM\AppData\Local\Adobe
2014-12-11 23:05 . 2014-12-11 23:05 -------- d---a-w- c:\programdata\Reprise
2014-12-11 23:05 . 2014-12-11 23:05 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\SketchUp
2014-12-11 22:44 . 2014-12-11 22:44 -------- d-----w- c:\programdata\SketchUp
2014-12-11 22:44 . 2014-12-11 22:44 -------- d-----w- c:\program files\SketchUp
2014-12-11 09:27 . 2014-12-11 09:27 -------- d-----w- c:\program files\CCleaner
2014-12-11 00:21 . 2014-12-11 00:21 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-11 00:20 . 2014-12-11 00:20 -------- d-----w- c:\users\JUMPERM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-12-11 00:01 . 2014-12-11 00:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-12-10 14:29 . 2014-12-10 14:29 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 07:51 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 07:51 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 07:51 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 07:51 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 07:51 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 07:38 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 07:38 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 07:38 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:38 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 07:38 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 07:38 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 07:38 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-03 11:39 . 2014-12-03 11:39 -------- d-sh--w- c:\users\JUMPERM\AppData\Local\EmieBrowserModeList
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-11-25 12:59 . 2014-11-25 12:59 18638520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 19:18 . 2014-11-24 19:18 -------- d-----w- c:\program files\Fingerprint Sensor
2014-11-19 21:00 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-11-19 21:00 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-11-19 21:00 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-11-19 21:00 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-11-19 21:00 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-11-19 20:56 . 2014-11-19 20:58 -------- d-----w- c:\users\JUMPERM\AppData\Local\Microsoft Games
2014-11-19 19:58 . 2014-11-19 19:58 -------- d-----w- c:\program files\AuthenTec
2014-11-19 09:14 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 09:14 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-18 19:35 . 2014-11-18 19:35 -------- d-----w- c:\program files\Microsoft Games
2014-11-16 11:18 . 2014-11-16 11:18 -------- d-sh--w- c:\users\novak\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 20:13 . 2012-04-02 21:51 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 20:13 . 2011-09-05 23:52 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2011-09-05 20:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:32 . 2014-11-12 07:42 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-22 15:56 . 2014-10-22 15:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-18 01:33 . 2014-11-12 07:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-12 07:42 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 07:42 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 07:42 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-12 07:42 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 07:42 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:42 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 07:42 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44 . 2014-11-12 07:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 07:42 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44 . 2014-11-12 07:42 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44 . 2014-11-12 07:42 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 07:42 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40 . 2014-10-01 06:25 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23 . 2014-11-12 07:42 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23 . 2014-11-12 07:42 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 07:42 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23 . 2014-11-12 07:42 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 07:42 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 07:42 17408 ----a-w- c:\windows\system32\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2009-09-15 16:36 147888 ----a-w- c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2014-09-19 90624]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-09-17 357400]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-24 184320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2010-06-23 1592264]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-05 2586912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-12-18 72192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
Dual Smart Solution.lnk - c:\program files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe -startup [2014-3-18 888832]
Network Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2013-5-19 5724472]
Remote Control.lnk - c:\program files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe [2014-6-8 81920]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2014-6-8 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2012-10-17 16384]
R3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2012-11-23 10752]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2013-04-01 11520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-07 232512]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-11 1811704]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2012-10-21 102400]
S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [2009-12-18 127384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-09-17 2058776]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-02 1042808]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2014-06-02 296312]
S2 WMCoreService;Mobile Broadband Service;c:\program files\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2012-10-18 971752]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwanuss.sys [2011-06-13 23592]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwanussf.sys [2011-06-13 26152]
S3 Mbm3CBus;TOSHIBA F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 364232]
S3 Mbm3DevMt;TOSHIBA Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 402504]
S3 Mbm3mdfl;TOSHIBA Mobile Broadband Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 14920]
S3 Mbm3Mdm;TOSHIBA Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 419656]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\t36wgps.sys [2011-05-26 87080]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2011-06-10 231976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\JUMPERM\AppData\Roaming\Mozilla\Firefox\Profiles\l1eneqcv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2935395961-1555773229-2710049042-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:ba,4d,a0,6d,e7,a8,8e,45,a8,72,6b,22,bc,77,69,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5044)
c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
c:\program files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2014-12-15 20:58:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-15 19:58
ComboFix2.txt 2014-12-15 15:48
.
Před spuštěním: Volných bajtů: 15 564 984 320
Po spuštění: Volných bajtů: 15 524 933 632
.
- - End Of File - - 79A67FF0FF8EDA3B66BD74260F9CABFD
A36C5E4F47E84449FF07ED3517B43A31

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 21:06

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:55, on 15.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 34.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\TOSHIBA\3GUty\tw3gctrl.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
C:\Program Files\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Users\JUMPERM\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: BHOHOOK - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
O4 - HKLM\..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKLM\..\Run: [TOSHIBA_3G_UTY] C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Dual Smart Solution.lnk = ?
O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = okbox.local
O17 - HKLM\Software\..\Telephony: DomainName = okbox.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{115B03EF-5C06-49ED-9BBB-FA55A3553058}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = okbox.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{115B03EF-5C06-49ED-9BBB-FA55A3553058}: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = okbox.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{115B03EF-5C06-49ED-9BBB-FA55A3553058}: NameServer =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: 3G RF Power Control Utility (TW3GSVC) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe

--
End of file - 12727 bytes

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 15 pro 2014 21:09

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-15 21:06:21
-----------------------------
21:06:21.074 OS Version: Windows 6.1.7601 Service Pack 1
21:06:21.074 Number of processors: 2 586 0x1706
21:06:21.074 ComputerName: JUMPER-PC UserName: JUMPERM
21:06:22.338 Initialize success
21:06:22.384 VM: initialized successfully
21:06:22.384 VM: Intel CPU BiosDisabled
21:06:28.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:06:28.290 Disk 0 Vendor: Hitachi_HTS543225L9SA00 FBEOC43C Size: 238475MB BusType: 11
21:06:28.508 Disk 0 MBR read successfully
21:06:28.508 Disk 0 MBR scan
21:06:28.508 Disk 0 Windows 7 default MBR code
21:06:28.539 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:06:28.555 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119236 MB offset 3074048
21:06:28.555 Disk 0 Boot: NTFS code=2
21:06:28.586 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117738 MB offset 247269376
21:06:28.586 Disk 0 scanning sectors +488396800
21:06:28.789 Disk 0 scanning C:\Windows\system32\drivers
21:06:38.258 Service scanning
21:07:13.374 Modules scanning
21:07:13.374 Disk 0 trace - called modules:
21:07:13.405 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:07:13.405 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b0880]
21:07:13.421 3 CLASSPNP.SYS[8b9ca59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860cc908]
21:07:13.436 Disk 0 statistics 84806/0/0 @ 4,44 MB/s
21:07:13.436 Scan finished successfully
21:07:32.702 Disk 0 MBR has been saved successfully to "C:\Users\JUMPERM\Desktop\MBR.dat"
21:07:32.702 The log file has been saved successfully to "C:\Users\JUMPERM\Desktop\aswMBR.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jaro3 » 16 pro 2014 10:12

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"



ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jumperm
nováček
Příspěvky: 16
Registrován: prosinec 14
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod jumperm » 16 pro 2014 15:52

Vypadá to že jsou vyřešený, zatím vše funguje jak má, tak moc děkuju za pomoc, snad se to nevrátí ale už jsem notas několikrát zapnul a bez problémů. Ještě jednou díky.

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: velké využití paměti po zapnutí

Příspěvekod Orcus » 16 pro 2014 23:01

OK, pokud je to vše, můžeš téma označit jako vyřešené.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 88 hostů