Šíleně zpomalený internet - prosím o kontrolu logu.

Příspěvekod **memphisto** » 02 lis 2012 12:00

Dávej ty logy sem! Nikam je neuploaduj. Já se tam nedostanu a v tom texťáku se to nedá číst

Reklama

Douxis · Příspěvekod **Douxis** » 02 lis 2012 12:04

Podařilo se mi uvolnit místo a již mám na systémovém disku 6Gb, ale internet je stále pomalý. Nemůže být chyba třeba na síťové kartě ? Na nějakém hardwaru ?

Douxis · Příspěvekod **Douxis** » 02 lis 2012 12:05

ComboFix 12-11-02.01 - Jenda 02.11.2012 11:32:24.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.4094.2567 [GMT 1:00]
Spuštěný z: c:\users\Jenda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jenda\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\KMSEmulator.exe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\AutoKMSDaily.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209008588-1604793429-2944631721-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209008588-1604793429-2944631721-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\McAfee
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AutoKMSDaily.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209008588-1604793429-2944631721-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1209008588-1604793429-2944631721-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-02 do 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 10:41 . 2012-11-02 10:41 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-11-02 10:41 . 2012-11-02 10:41 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-11-02 10:41 . 2012-11-02 10:41 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-11-02 10:41 . 2012-11-02 10:41 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-11-02 10:41 . 2012-11-02 10:41 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-11-02 10:37 . 2012-11-02 10:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-02 10:37 . 2012-11-02 10:37 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2012-11-02 10:37 . 2012-11-02 10:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-02 10:37 . 2012-11-02 10:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\users\Jenda\AppData\Roaming\Malwarebytes
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-02 09:25 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 08:33 . 2012-11-02 08:33 -------- d-----w- c:\program files\CCleaner
2012-11-02 08:25 . 2012-11-02 08:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-02 08:25 . 2012-11-02 08:25 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-29 15:28 . 2012-10-29 15:28 -------- d-----w- c:\program files\trend micro
2012-10-29 15:28 . 2012-10-29 15:28 -------- d-----w- C:\rsit
2012-10-25 12:02 . 2012-10-25 12:02 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-25 12:02 . 2012-10-25 12:02 -------- d-----w- c:\windows\system32\Macromed
2012-10-22 16:22 . 2012-10-22 16:22 -------- d-----w- c:\programdata\RELOADED
2012-10-22 12:29 . 2012-10-22 12:29 -------- d-----w- c:\users\Jenda\AppData\Local\WMTools Downloaded Files
2012-10-07 19:37 . 2012-10-07 19:37 -------- d-----w- c:\users\Jenda\AppData\Local\NVIDIA Corporation
2012-10-03 21:54 . 2012-10-07 19:41 -------- d-----w- c:\program files (x86)\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 10:42 . 2012-11-02 10:42 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-11-02 08:25 . 2011-05-17 12:28 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-25 12:02 . 2011-05-16 12:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 08:27 . 2012-09-22 08:27 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2012-08-30 19:14 . 2012-09-23 19:31 9066344 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:14 . 2012-09-23 19:31 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-08-30 19:14 . 2012-09-23 19:31 7397736 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:14 . 2012-09-23 19:31 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-08-30 19:14 . 2012-09-23 19:31 2745192 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:14 . 2012-09-23 19:31 26228072 ----a-w- c:\windows\system32\nvoglv64.dll
2012-08-30 19:14 . 2012-09-23 19:31 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-08-30 19:14 . 2012-09-23 19:31 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:14 . 2012-09-23 19:31 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-09-23 19:31 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-23 19:31 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-08-30 19:14 . 2012-09-23 19:31 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-23 19:31 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-09-23 19:31 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-08-30 19:14 . 2012-09-23 19:31 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-09-23 19:31 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:14 . 2012-09-23 19:31 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2011-10-09 14:20 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-05-16 12:14 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2011-05-16 12:14 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2009-07-13 21:59 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 16:18 . 2011-04-07 21:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-04-07 21:19 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-04-07 21:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2011-04-07 21:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-04-07 21:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-04-07 21:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-21 11:01 . 2012-09-14 16:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-12-29 13:07 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-12-29 13:07 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-05-17 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe
.
[-] 2011-05-17 . 167001177321D292EDE6941F4CB8C140 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.

Douxis · Příspěvekod **Douxis** » 02 lis 2012 12:06

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-11-02 1526808]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-16 254528]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 146568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-09-22 21656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 12:02]
.
2012-11-02 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-04-18 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\e0t513x1.default\
FF - ExtSQL: 2012-11-02 09:25; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-05-16 14:37; mozilla_cc@internetdownloadmanager.com; c:\users\Jenda\AppData\Roaming\IDM\idmmzcc3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,4d,32,20,f2,a6,61,35,b4,c0,4c,14,b8,db,ac,69,6d,d6,0b,6f,65,16,e6,
ae,5a,f0,5a,0c,8c,f8,89,87,7f,c4,54,10,2f,9f,86,af,90,ab,51,70,f0,3c,45,24,\
"??"=hex:99,a5,6a,12,24,00,a1,cd,0f,29,ab,65,65,0c,8e,59
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001\Software\SecuROM\License information*]
"datasecu"=hex:18,e9,91,a4,d2,28,fd,42,c6,4d,a8,c4,22,ef,1b,38,00,d1,be,06,33,
78,ce,34,a6,e5,55,e3,d7,5e,80,b5,93,17,a2,71,ef,0a,16,2f,9a,dd,10,15,7a,c5,\
"rkeysecu"=hex:fb,c9,a9,9a,c8,2f,56,3d,1f,a5,bc,f1,9b,b1,5f,f2
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5d,ef,a5,d2,8b,e4,8d,ea,2c,90,66,a5,0a,87,ac,0b,fc,a0,e5,4c,7f,
8c,e1,a1,a3,f0,e7,9a,20,ae,1c,ba,6f,ee,82,5d,2e,65,fa,ba,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001_Classes\Wow6432Node\CLSID\{a245c316-7640-43e9-b89d-39db6a983518}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a8
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,af,fa,49,0e,e2,7c,c5,c3,17,69,69,9a,ee,4c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-11-02 11:46:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-02 10:46
ComboFix2.txt 2012-11-02 09:56
.
Před spuštěním: 4 997 300 224
Po spuštění: 5 080 031 232
.
- - End Of File - - A738FB21DFDC9BC8318FEF0D36563C0F

Příspěvekod **memphisto** » 02 lis 2012 13:06

Ach jo. Proč tam furt cpeš ten zavirovaný aktivátor na Office?! Má pak nějaká kontrola smysl?! Volného máš 5 GB a to je pořád málo. Volno má být 10-15 % kapacity disku.

Douxis · Příspěvekod **Douxis** » 02 lis 2012 14:11

Já nic nikam necpu ! :O. No nic, asi se to nevyřeší. Každopádně děkuji za ochotu a strávený čas ! :)

Příspěvekod **memphisto** » 02 lis 2012 14:21

Tak to se omlouvám, protože se tam pořád vrací ten zavšivený aktivátor Office AutoKMS.exe. Uvolni první dostatek místa na systémovém disku.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\windows\AutoKMS

File::
c:\windows\Tasks\AutoKMSDaily.job

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Douxis · Příspěvekod **Douxis** » 02 lis 2012 15:03

Zde přikládám :) :

ComboFix 12-11-02.02 - Jenda 02.11.2012 14:49:36.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.4094.2385 [GMT 1:00]
Spuštěný z: c:\users\Jenda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jenda\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AutoKMSDaily.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\AutoKMSDaily.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-02 do 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 13:54 . 2012-11-02 13:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-02 13:54 . 2012-11-02 13:54 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2012-11-02 13:54 . 2012-11-02 13:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-02 13:54 . 2012-11-02 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 13:54 . 2012-11-02 13:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\users\Jenda\AppData\Roaming\Malwarebytes
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 09:25 . 2012-11-02 09:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-02 09:25 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 08:33 . 2012-11-02 08:33 -------- d-----w- c:\program files\CCleaner
2012-11-02 08:25 . 2012-11-02 08:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-02 08:25 . 2012-11-02 08:25 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-29 15:28 . 2012-10-29 15:28 -------- d-----w- c:\program files\trend micro
2012-10-29 15:28 . 2012-10-29 15:28 -------- d-----w- C:\rsit
2012-10-25 12:02 . 2012-10-25 12:02 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-25 12:02 . 2012-10-25 12:02 -------- d-----w- c:\windows\system32\Macromed
2012-10-22 16:22 . 2012-10-22 16:22 -------- d-----w- c:\programdata\RELOADED
2012-10-22 12:29 . 2012-10-22 12:29 -------- d-----w- c:\users\Jenda\AppData\Local\WMTools Downloaded Files
2012-10-07 19:37 . 2012-10-07 19:37 -------- d-----w- c:\users\Jenda\AppData\Local\NVIDIA Corporation
2012-10-03 21:54 . 2012-10-07 19:41 -------- d-----w- c:\program files (x86)\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 08:25 . 2011-05-17 12:28 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-25 12:02 . 2011-05-16 12:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 08:27 . 2012-09-22 08:27 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2012-08-30 19:14 . 2012-09-23 19:31 9066344 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:14 . 2012-09-23 19:31 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-08-30 19:14 . 2012-09-23 19:31 7397736 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:14 . 2012-09-23 19:31 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-08-30 19:14 . 2012-09-23 19:31 2745192 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:14 . 2012-09-23 19:31 26228072 ----a-w- c:\windows\system32\nvoglv64.dll
2012-08-30 19:14 . 2012-09-23 19:31 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-08-30 19:14 . 2012-09-23 19:31 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:14 . 2012-09-23 19:31 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-09-23 19:31 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-23 19:31 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-08-30 19:14 . 2012-09-23 19:31 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-23 19:31 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-09-23 19:31 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-08-30 19:14 . 2012-09-23 19:31 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-09-23 19:31 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:14 . 2012-09-23 19:31 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2011-10-09 14:20 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-05-16 12:14 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2011-05-16 12:14 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2009-07-13 21:59 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 16:18 . 2011-04-07 21:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-04-07 21:19 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-04-07 21:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2011-04-07 21:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-04-07 21:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-04-07 21:19 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-21 11:01 . 2012-09-14 16:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-12-29 13:07 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-12-29 13:07 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-05-17 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe
.
[-] 2011-05-17 . 167001177321D292EDE6941F4CB8C140 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2010-12-20 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe

Douxis · Příspěvekod **Douxis** » 02 lis 2012 15:04

.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-11-02 1526808]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-16 254528]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 146568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-09-22 21656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 12:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\e0t513x1.default\
FF - ExtSQL: 2012-11-02 09:25; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-05-16 14:37; mozilla_cc@internetdownloadmanager.com; c:\users\Jenda\AppData\Roaming\IDM\idmmzcc3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,4d,32,20,f2,a6,61,35,b4,c0,4c,14,b8,db,ac,69,6d,d6,0b,6f,65,16,e6,
ae,5a,f0,5a,0c,8c,f8,89,87,7f,c4,54,10,2f,9f,86,af,90,ab,51,70,f0,3c,45,24,\
"??"=hex:99,a5,6a,12,24,00,a1,cd,0f,29,ab,65,65,0c,8e,59
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001\Software\SecuROM\License information*]
"datasecu"=hex:18,e9,91,a4,d2,28,fd,42,c6,4d,a8,c4,22,ef,1b,38,00,d1,be,06,33,
78,ce,34,a6,e5,55,e3,d7,5e,80,b5,93,17,a2,71,ef,0a,16,2f,9a,dd,10,15,7a,c5,\
"rkeysecu"=hex:fb,c9,a9,9a,c8,2f,56,3d,1f,a5,bc,f1,9b,b1,5f,f2
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5d,ef,a5,d2,8b,e4,8d,ea,2c,90,66,a5,0a,87,ac,0b,fc,a0,e5,4c,7f,
8c,e1,a1,a3,f0,e7,9a,20,ae,1c,ba,6f,ee,82,5d,2e,65,fa,ba,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1209008588-1604793429-2944631721-1001_Classes\Wow6432Node\CLSID\{a245c316-7640-43e9-b89d-39db6a983518}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a8
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,c3,4d,9e,47,61,a7,8f,c3,af,fa,49,0e,e2,7c,c5,c3,17,69,69,9a,ee,4c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-11-02 15:02:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-02 14:02
ComboFix2.txt 2012-11-02 10:46
ComboFix3.txt 2012-11-02 09:56
.
Před spuštěním: 6 331 760 640
Po spuštění: 6 286 917 632
.
- - End Of File - - 463C248270FD8AB0C2FF396F89CF1DF3

Douxis · Příspěvekod **Douxis** » 02 lis 2012 15:05

Ještě poznámka, chvilku po startu systému je internet malou chvilku rychlejší, ale potom se opět strašně zpomalí a vynechává.

Příspěvekod **memphisto** » 02 lis 2012 18:25

Hurá, už je pryč. Co Garena? Používáš? Už máš víc volného místa, ale pořád to není ono. V prohlížeči smaž cache

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken mùže trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Douxis · Příspěvekod **Douxis** » 04 lis 2012 14:33

Děkuji, večer na to skočím :)

Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Re: Šíleně zpomalený internet - prosím o kontrolu logu.

Kdo je online