VIRY.CZ

Je to o trochu lepsi, ale porad se mi to obcas seka a vyskoci ping.

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Projel jsem notebook Rkillem, zda se ze to nic nenaslo. Mam pokracovat tim ComboFixem? Kdyz po projeti PC ComboFixem restartuju/vypnu, ztratim tim ucinek Rkillu?


Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/30/2013 12:26:59 AM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\G575\Downloads\quietHDD.exe (PID: 2012) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/30/2013 12:27:30 AM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

Rkill jen vypina pripadne nezadouci procesy a aktivni havet aby nezasahovala do cinnosti ComboFixu...Defakto RKill pripravuje pole pusobnosti pro ComboFix

ComboFix 13-11-27.01 - G575 30.11.2013 1:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3691.2858 [GMT 1:00]
Spuštěný z: c:\users\G575\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-28 do 2013-11-30 )))))))))))))))))))))))))))))))
.
.
2013-11-30 00:47 . 2013-11-30 00:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-30 00:47 . 2013-11-30 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-28 15:44 . 2013-11-28 15:44 -------- d-----w- C:\FRST
2013-11-28 11:56 . 2013-11-28 11:57 -------- d-----w- C:\AdwCleaner
2013-11-28 11:42 . 2013-11-28 11:42 -------- d-----w- c:\windows\ERUNT
2013-11-27 22:18 . 2013-11-27 22:18 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 22:45 . 2013-10-01 10:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-11-19 22:45 . 2013-09-30 13:40 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-16 12:31 . 2013-09-30 10:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-16 12:31 . 2013-09-30 10:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 20:55 . 2013-09-30 13:40 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-03 17:33 . 2013-09-25 15:55 151552 ----a-w- c:\windows\KMSEmulator.exe
2013-09-30 15:39 . 2013-09-30 13:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-30 12:15 . 2013-09-30 12:15 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-21 16:06 . 2013-09-21 16:06 1379648 ----a-w- c:\windows\SysWow64\VSFilter.dll
2013-09-15 22:50 . 2013-09-25 15:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1291A2A6-D81E-4721-AD86-7EA1372D1931}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\G575\AppData\Roaming\Mozilla\Firefox\Profiles\fea540a2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-09-30 14:17; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\G575\AppData\Roaming\Mozilla\Firefox\Profiles\fea540a2.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2013-11-04 15:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\G575\AppData\Roaming\Mozilla\Firefox\Profiles\fea540a2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-IECT3298566 - c:\programdata\Conduit\IE\CT3298566\UninstallerUI.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-11-30 01:50:02
ComboFix-quarantined-files.txt 2013-11-30 00:50
.
Před spuštěním: Volných bajtů: 53 135 372 288
Po spuštění: Volných bajtů: 53 125 419 008
.
- - End Of File - - F40FBBF4DCA6C102B2CFCAD893F8CDF0
A36C5E4F47E84449FF07ED3517B43A31

Nejaka zmena? Na havet se mi zda PC jiz ciste...

Ve SpeedFanu jsem si vsiml ze konecne kdyz nic nedelam tak vytizeni procesoru spadne i na 0%, predtim ikdyz jsem nic nedelal tak minimalni vytizeni bylo vzdy kolem 15%. Co se tyka internetu tak to se ukaze behem dneska. Kazdopadne diky za tvuj cas a pomoc, moc si toho cenim, diky.

No tak porad to blbne

Zkuste restartovat router a pripadne dalsi zarizeni v datove ceste...

Pak se obratte pripadne na poskytovatele...