dss tu, chcete i ten druhy log ?
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by slavek at 18:31:20 on 2011-07-17
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.697 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Internet Explorer\conhost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:50848
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ICQ] "c:\program files\icq7.5\ICQ.exe" silent loginmode=4
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [AsusServiceProvider] c:\program files\asus\aasp\1.00.23\aaCenter.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.23\AsRunHelp.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico] <no file>
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\bttray.lnk - c:\program files\msi\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\msi\bluetooth software\btsendto_ie_ctx.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{3F781C49-F97B-472E-9DDA-BF0A13C2CE0D} : NameServer = 82.100.26.35,82.100.26.1
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\slavek\data aplikací\mozilla\firefox\profiles\y5dqa2c4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50848
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2011-7-11 247608]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
.
=============== Created Last 30 ================
.
2011-07-17 16:30:45 169472 ----a-w- c:\documents and settings\slavek\data aplikací\microsoft\conhost.exe
2011-07-17 16:15:18 -------- d-----w- c:\windows\rpcminer
2011-07-17 16:15:18 -------- d-----w- c:\windows\phoenix
2011-07-17 16:15:17 246272 ----a-w- c:\windows\unrar.exe
2011-07-17 16:15:03 110592 ----a-w- c:\windows\l1rezerv.exe
2011-07-17 16:14:58 114176 ----a-w- c:\windows\systemup.exe
2011-07-17 16:14:43 169472 ----a-w- c:\program files\internet explorer\conhost.exe
2011-07-17 16:14:43 -------- d-----w- C:\Microsoft
2011-07-17 16:14:32 169472 ----a-w- c:\windows\gbot111.exe
2011-07-17 16:14:11 -------- d--h--w- c:\windows\update.2
2011-07-17 16:14:03 232960 ----a-w- c:\windows\sysdriver32_.exe
2011-07-17 16:13:58 -------- d--h--w- c:\windows\update.5.0
2011-07-17 16:13:39 232960 ----a-w- c:\windows\sysdriver32.exe
2011-07-17 16:03:56 -------- d-sha-r- C:\cmdcons
2011-07-17 16:02:22 98816 ----a-w- c:\windows\sed.exe
2011-07-17 16:02:22 256000 ----a-w- c:\windows\PEV.exe
2011-07-17 16:02:22 208896 ----a-w- c:\windows\MBR.exe
2011-07-17 16:02:18 -------- d-----w- C:\ComboFix
2011-07-17 15:51:38 -------- d--h--w- c:\windows\PIF
2011-07-16 08:53:06 -------- d-----w- c:\program files\trend micro
2011-07-16 07:09:58 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-16 07:09:26 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-07-16 07:09:07 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-16 07:08:26 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-16 07:06:06 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-07-16 07:05:39 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-07-15 19:49:58 388096 ----a-r- c:\documents and settings\slavek\data aplikací\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-15 19:49:57 -------- d-----w- c:\program files\hjt
2011-07-15 17:26:31 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-15 17:16:56 -------- d-----w- c:\windows\system32\cs-cz
2011-07-15 17:16:55 -------- d-----w- c:\windows\system32\cs
2011-07-15 17:16:55 -------- d-----w- c:\windows\system32\bits
2011-07-15 17:16:55 -------- d-----w- c:\windows\l2schemas
2011-07-15 17:13:49 -------- d-----w- c:\windows\network diagnostic
2011-07-15 00:12:38 -------- d-----w- c:\program files\AMD APP
2011-07-15 00:12:33 -------- d-----w- c:\program files\ATI
2011-07-15 00:01:58 -------- d-----w- C:\ATI
2011-07-14 22:09:13 -------- d-----w- c:\windows\ufa
2011-07-14 21:07:55 181760 ----a-w- c:\program files\windows nt\dwm.exe
2011-07-14 21:06:36 -------- d-----w- c:\windows\av_ico
2011-07-14 21:04:54 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-14 21:04:54 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-13 09:42:06 -------- d-----w- c:\program files\MSI
2011-07-13 09:41:33 17484 ----a-w- c:\windows\system32\drivers\frmupgr.sys
2011-07-13 09:41:32 52856 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-07-13 09:41:29 77824 ----a-r- c:\windows\system32\btw_ci.dll
2011-07-13 09:40:54 -------- d-----w- c:\windows\system32\appmgmt
2011-07-12 19:09:17 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-12 19:08:51 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-12 19:08:40 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-12 19:08:40 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-12 19:08:40 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-12 19:08:40 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-12 19:08:40 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-12 19:08:40 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-12 19:08:40 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-12 19:08:40 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-12 19:06:28 -------- d-----w- c:\program files\MSXML 6.0
2011-07-12 11:53:29 -------- d-----w- c:\program files\ICQ7.5
2011-07-12 07:55:18 -------- d-----w- c:\documents and settings\slavek\local settings\data aplikací\Temp
2011-07-12 07:55:18 -------- d-----w- c:\documents and settings\slavek\local settings\data aplikací\Adobe
2011-07-11 21:38:57 -------- d-----w- c:\program files\QIP
2011-07-11 20:45:12 -------- d-----w- c:\program files\ICQ6Toolbar
2011-07-11 20:45:08 -------- d-----w- c:\documents and settings\all users\data aplikací\ICQ
2011-07-11 20:37:56 -------- d-----w- c:\program files\VideoLAN
2011-07-11 09:41:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-11 09:41:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-11 08:07:08 -------- d-----w- c:\windows\ServicePackFiles
2011-07-10 01:37:02 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2011-07-10 01:37:02 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2011-07-10 01:37:02 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2011-07-10 01:37:01 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2011-07-10 01:37:01 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2011-07-10 01:37:01 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2011-07-10 01:35:03 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-07-10 01:11:07 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-07-10 01:10:49 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-10 01:10:33 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-10 01:10:25 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-07-10 01:10:25 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-07-10 01:09:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-07-10 01:09:04 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-10 01:05:56 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-07-10 01:04:33 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-07-10 01:02:45 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-07-10 01:00:25 -------- d-----w- c:\windows\system32\PreInstall
2011-07-09 21:36:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-09 21:31:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-09 16:04:09 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-07-09 16:03:08 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-09 16:02:11 75264 ----a-w- c:\windows\system32\usbui.dll
2011-07-09 16:00:59 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-06 11:35:21 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44:26 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43:50 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:05 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47:32 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47:31 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43:01 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 18:32:09,31 ===============
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Katastrofálně pomalý internet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Katastrofálně pomalý internet
Tohle staci, prosim o moment strpeni nez napisu skript pro CFko
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
jj, vklídku 
sem rad ze se to tu s vama da resit a nemusim to zas cely preinstalovat
sem rad ze se to tu s vama da resit a nemusim to zas cely preinstalovat Re: Katastrofálně pomalý internet
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: File:: C:\Documents and Settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\searchplugins\icqplugin.xml Driver:: ICQ Service srvbtcclient srviecheck srvsysdriver32 Folder:: c:\program files\ICQ6Toolbar c:\windows\update.5.0 c:\windows\update.2 c:\windows\ufa c:\windows\TEMP c:\windows\rpcminer c:\windows\phoenix c:\windows\rpcminer c:\windows\phoenix C:\Microsoft c:\windows\update.2 c:\windows\update.5.0 C:\WINDOWS\update.tray-7-0 c:\docume~1\slavek\LOCALS~1\Temp Collect:: c:\windows\gbot111.exe c:\windows\unrar.exe c:\windows\l1rezerv.exe c:\windows\systemup.exe c:\program files\internet explorer\conhost.exe c:\windows\update.5.0\svchost.exe c:\windows\update.2\svchost.exe c:\windows\sysdriver32.exe c:\windows\gbot111.exe c:\windows\sysdriver32_.exe c:\windows\sysdriver32.exe c:\Documents and Settings\slavek\Dokumenty\Stažené soubory\Flash-Player.exe c:\windows\TEMP\csrss.exe c:\documents and settings\slavek\data aplikací\microsoft\conhost.exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\slavek\\Dokumenty\\Stažené soubory\\Flash-Player.exe"=- "c:\\WINDOWS\\update.tray-7-0\\svchost.exe"=- "c:\\WINDOWS\\update.2\\svchost.exe"=- Firefox:: FF - ProfilePath - c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/#utm_source=icq&u ... um=generic FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50848 FF - prefs.js: network.proxy.type - 1 DDS:: uProxyServer = hxxp=127.0.0.1:50848 uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: <No Name>: - LocalServer32 - <no file> dURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll dURLSearchHooks: <No Name>: - LocalServer32 - <no file> TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mRun: [wxpdrv] c:\windows\services32.exe mRun: [tray_ico] <no file> Handler: ipp - <Clsid value has no data> Handler: msdaipp - <Clsid value has no data> ATJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
po spusteni skriptu me CF upozornil na zaply avast ackoliv je vypnuty, v oznamovaci oblasti neni a v procesech take ne, po kliknuti na ok mi vyskocilo dalsi varovani ze je porad avast zapnuty
Re: Katastrofálně pomalý internet
Odkliknete to, ono CFko ohledne antiviru obcas blbne 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
tak log je na svete
ComboFix 11-07-17.02 - slavek 17.07.2011 18:57:18.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.596 [GMT 2:00]
Spuštěný z: c:\documents and settings\slavek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\slavek\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\searchplugins\icqplugin.xml"
.
file zipped: c:\documents and settings\slavek\data aplikací\microsoft\conhost.exe
file zipped: c:\documents and settings\slavek\Dokumenty\Stažené soubory\Flash-Player.exe
file zipped: c:\program files\internet explorer\conhost.exe
file zipped: c:\windows\gbot111.exe
file zipped: c:\windows\l1rezerv.exe
file zipped: c:\windows\sysdriver32.exe
file zipped: c:\windows\sysdriver32_.exe
file zipped: c:\windows\systemup.exe
file zipped: c:\windows\TEMP\csrss.exe
file zipped: c:\windows\unrar.exe
file zipped: c:\windows\update.2\svchost.exe
file zipped: c:\windows\update.5.0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\slavek\LOCALS~1\Temp
c:\docume~1\slavek\LOCALS~1\Temp\AdobeARM.log
c:\docume~1\slavek\LOCALS~1\Temp\Attach.txt
c:\docume~1\slavek\LOCALS~1\Temp\Av-test.txt
c:\docume~1\slavek\LOCALS~1\Temp\DDS.txt
c:\docume~1\slavek\LOCALS~1\Temp\jusched.log
c:\docume~1\slavek\LOCALS~1\Temp\log115.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsi5.tmp
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\AssocsB
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\dds.cmd
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\DDS.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\DDS00
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\desktop.ini
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\FileExtension.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\MBR.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\mbr.log
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\MSClsid.exe
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\notifykeysB.com
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\notifykeysC.com
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\osidDDS.vbs
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\OsProp.vbs
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\PEV.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\Policies.exe
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\RunMbr.dat
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\Screentxt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SED.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\setpath_N.cmd
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\ShellExec.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDS.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDSVista.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDSW7.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\System.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\UserInfo.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\wlgn.dat
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\XP.mac
c:\docume~1\slavek\LOCALS~1\Temp\Perflib_Perfdata_6e4.dat
c:\documents and settings\slavek\Data aplikací\Microsoft\conhost.exe
C:\Microsoft
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\internet explorer\conhost.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\gbot111.exe
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\csrss.exe
c:\windows\ufa
c:\windows\ufa.rar
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_ICQ Service
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:53 . 2011-07-16 08:53 -------- d-----w- C:\rsit
2011-07-15 00:01 . 2011-07-15 00:01 -------- d-----w- C:\ATI
2011-07-09 16:01 . 2011-07-17 17:00 -------- d-----r- C:\Program Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 19:49 . 2011-07-15 19:49 388096 ----a-r- c:\documents and settings\slavek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-12 13:13 . 2011-07-09 21:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 09:41 . 2011-07-11 09:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-11 09:41 . 2011-07-11 09:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43 . 2011-07-09 15:35 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-09 15:35 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-09 15:35 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-09 15:35 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-07-09 15:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-09 15:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-09 15:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-09 15:35 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-09 15:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-09 15:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32 . 2011-07-09 14:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:30 . 2011-07-09 15:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-12 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50848
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3F781C49-F97B-472E-9DDA-BF0A13C2CE0D}: NameServer = 82.100.26.35,82.100.26.1
FF - ProfilePath - c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-17 19:05:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-17 17:05
ComboFix2.txt 2011-07-17 16:16
.
Před spuštěním: Volných bajtů: 142 244 597 760
Po spuštění: Volných bajtů: 142 220 095 488
.
- - End Of File - - 6DB45C16435754DF5B42F4183CE0E06C
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 11-07-17.02 - slavek 17.07.2011 18:57:18.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.596 [GMT 2:00]
Spuštěný z: c:\documents and settings\slavek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\slavek\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\searchplugins\icqplugin.xml"
.
file zipped: c:\documents and settings\slavek\data aplikací\microsoft\conhost.exe
file zipped: c:\documents and settings\slavek\Dokumenty\Stažené soubory\Flash-Player.exe
file zipped: c:\program files\internet explorer\conhost.exe
file zipped: c:\windows\gbot111.exe
file zipped: c:\windows\l1rezerv.exe
file zipped: c:\windows\sysdriver32.exe
file zipped: c:\windows\sysdriver32_.exe
file zipped: c:\windows\systemup.exe
file zipped: c:\windows\TEMP\csrss.exe
file zipped: c:\windows\unrar.exe
file zipped: c:\windows\update.2\svchost.exe
file zipped: c:\windows\update.5.0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\slavek\LOCALS~1\Temp
c:\docume~1\slavek\LOCALS~1\Temp\AdobeARM.log
c:\docume~1\slavek\LOCALS~1\Temp\Attach.txt
c:\docume~1\slavek\LOCALS~1\Temp\Av-test.txt
c:\docume~1\slavek\LOCALS~1\Temp\DDS.txt
c:\docume~1\slavek\LOCALS~1\Temp\jusched.log
c:\docume~1\slavek\LOCALS~1\Temp\log115.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsi5.tmp
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\AssocsB
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\dds.cmd
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\DDS.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\DDS00
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\desktop.ini
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\FileExtension.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\MBR.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\mbr.log
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\MSClsid.exe
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\notifykeysB.com
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\notifykeysC.com
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\osidDDS.vbs
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\OsProp.vbs
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\PEV.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\Policies.exe
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\RunMbr.dat
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\Screentxt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SED.DAT
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\setpath_N.cmd
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\ShellExec.txt
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDS.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDSVista.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\SvcWhtDDSW7.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\System.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\UserInfo.dll
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\wlgn.dat
c:\docume~1\slavek\LOCALS~1\Temp\nsy6.tmp\XP.mac
c:\docume~1\slavek\LOCALS~1\Temp\Perflib_Perfdata_6e4.dat
c:\documents and settings\slavek\Data aplikací\Microsoft\conhost.exe
C:\Microsoft
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\internet explorer\conhost.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\gbot111.exe
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\csrss.exe
c:\windows\ufa
c:\windows\ufa.rar
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_ICQ Service
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:53 . 2011-07-16 08:53 -------- d-----w- C:\rsit
2011-07-15 00:01 . 2011-07-15 00:01 -------- d-----w- C:\ATI
2011-07-09 16:01 . 2011-07-17 17:00 -------- d-----r- C:\Program Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 19:49 . 2011-07-15 19:49 388096 ----a-r- c:\documents and settings\slavek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-12 13:13 . 2011-07-09 21:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 09:41 . 2011-07-11 09:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-11 09:41 . 2011-07-11 09:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43 . 2011-07-09 15:35 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-09 15:35 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-09 15:35 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-09 15:35 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-07-09 15:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-09 15:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-09 15:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-09 15:35 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-09 15:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-09 15:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32 . 2011-07-09 14:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:30 . 2011-07-09 15:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-12 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50848
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3F781C49-F97B-472E-9DDA-BF0A13C2CE0D}: NameServer = 82.100.26.35,82.100.26.1
FF - ProfilePath - c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-17 19:05:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-17 17:05
ComboFix2.txt 2011-07-17 16:16
.
Před spuštěním: Volných bajtů: 142 244 597 760
Po spuštění: Volných bajtů: 142 220 095 488
.
- - End Of File - - 6DB45C16435754DF5B42F4183CE0E06C
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Katastrofálně pomalý internet
Tak dalsi havet se nam ukazala, takze pomazeme 
Skript pro ComboFix - postup je stejny
Skript pro ComboFix - postup je stejny
Kód: Vybrat vše
KillAll::
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50848
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
Reboot::"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
log sem uploadnul, uz to slo, je moc velky sem by se to nevesel
Re: Katastrofálně pomalý internet
Ja jej u sebe nevidim, uploadnete mi jej sem http://leteckaposta.cz/
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
Ja sem log dam bez casti SnapShot - lepe se to lusti a je to i pro ostatni kolegy
ComboFix 11-07-17.02 - slavek 17.07.2011 19:25:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.584 [GMT 2:00]
Spuštěný z: c:\documents and settings\slavek\Plocha\ComboFix.exe
Použité ovládací přepínače :: E:\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:53 . 2011-07-16 08:53 -------- d-----w- C:\rsit
2011-07-15 00:01 . 2011-07-15 00:01 -------- d-----w- C:\ATI
2011-07-09 16:01 . 2011-07-17 17:00 -------- d-----r- C:\Program Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2006-03-02 12:00 1510912 ----a-w- c:\windows\system32\shdocvw.dll
2011-04-25 14:47 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:30 . 2011-07-09 15:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-12 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50848
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3F781C49-F97B-472E-9DDA-BF0A13C2CE0D}: NameServer = 82.100.26.35,82.100.26.1
FF - ProfilePath - c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-07-17 19:28:50
ComboFix-quarantined-files.txt 2011-07-17 17:28
ComboFix2.txt 2011-07-17 17:07
ComboFix3.txt 2011-07-17 16:16
.
Před spuštěním: Volných bajtů: 142 223 564 800
Po spuštění: Volných bajtů: 142 207 741 952
.
- - End Of File - - B1D25D0261A0DEC155D77D9F4E3B1E28
ComboFix 11-07-17.02 - slavek 17.07.2011 19:25:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.584 [GMT 2:00]
Spuštěný z: c:\documents and settings\slavek\Plocha\ComboFix.exe
Použité ovládací přepínače :: E:\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:53 . 2011-07-16 08:53 -------- d-----w- C:\rsit
2011-07-15 00:01 . 2011-07-15 00:01 -------- d-----w- C:\ATI
2011-07-09 16:01 . 2011-07-17 17:00 -------- d-----r- C:\Program Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2006-03-02 12:00 1510912 ----a-w- c:\windows\system32\shdocvw.dll
2011-04-25 14:47 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:30 . 2011-07-09 15:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-12 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50848
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3F781C49-F97B-472E-9DDA-BF0A13C2CE0D}: NameServer = 82.100.26.35,82.100.26.1
FF - ProfilePath - c:\documents and settings\slavek\Data aplikací\Mozilla\Firefox\Profiles\y5dqa2c4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-07-17 19:28:50
ComboFix-quarantined-files.txt 2011-07-17 17:28
ComboFix2.txt 2011-07-17 17:07
ComboFix3.txt 2011-07-17 16:16
.
Před spuštěním: Volných bajtů: 142 223 564 800
Po spuštění: Volných bajtů: 142 207 741 952
.
- - End Of File - - B1D25D0261A0DEC155D77D9F4E3B1E28
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "tray_ico1"=- "tray_ico2"=- "tray_ico3"=- "tray_ico4"=- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyOverride"="" :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Katastrofálně pomalý internet
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"SunJavaUpdateSched"|"c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Adobe ARM"|"c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyOverride"|"" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002935_.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: slavek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1841961 bytes
->FireFox cache emptied: 131707934 bytes
->Flash cache emptied: 8055 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
je to tu
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 127,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 07172011_195232
Files moved on Reboot...
Registry entries deleted on Reboot...
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"SunJavaUpdateSched"|"c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Adobe ARM"|"c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyOverride"|"" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002935_.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: slavek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1841961 bytes
->FireFox cache emptied: 131707934 bytes
->Flash cache emptied: 8055 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
je to tu
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 127,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 07172011_195232
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: Katastrofálně pomalý internet
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?