kontrola combofix - spomaleny cely comp

Zpráva

liam · #1 Příspěvek od **liam** » 03 dub 2013 19:03

prosim o kontrolu combofixu, cely comp spomaleny , net to iste , malwarebytes naslo 3 infiltracie , combo nieco tiez prec, ale docistit bude treba , dik

ComboFix 13-04-02.01 - Patrik . 04. 2013 19:43:13.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3055.1805 [GMT 2:00]
Running from: c:\users\Patrik\Desktop\ComboFix.exe
AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))
.
.
2013-04-03 17:49 . 2013-04-03 17:51 -------- d-----w- c:\users\Patrik\AppData\Local\temp
2013-04-03 17:49 . 2013-04-03 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-03 16:30 . 2013-04-03 16:30 -------- d-----w- c:\users\Patrik\AppData\Local\Programs
2013-04-03 16:25 . 2013-04-03 17:48 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8732123D-6ECC-43B2-9D66-9D9016557CA7}\offreg.dll
2013-04-02 07:31 . 2013-04-02 07:32 -------- d-----w- c:\windows\system32\drivers\NSM\0206000.049
2013-04-02 07:12 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8732123D-6ECC-43B2-9D66-9D9016557CA7}\mpengine.dll
2013-03-21 19:04 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 17:59 . 2013-03-20 17:59 -------- d-----w- c:\users\lio
2013-03-18 18:11 . 2011-11-08 16:07 1458176 ------w- c:\programdata\Microsoft\Windows\Templates\A4Tech\OscarX7Editor5Mode\Setup.exe
2013-03-18 18:11 . 2013-03-18 18:11 -------- d-----w- c:\program files\OscarX7Editor5Mode
2013-03-18 18:11 . 2013-03-18 18:11 -------- d-----w- c:\program files\5 mode Oscar
2013-03-10 20:08 . 2013-03-10 20:08 -------- d-----w- c:\users\Patrik\AppData\Local\Arma 3 Alpha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 20:54 . 2012-08-15 19:11 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-26 20:54 . 2012-08-15 19:11 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-26 20:54 . 2012-06-03 17:51 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-13 09:18 . 2012-06-03 13:41 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 09:18 . 2012-06-03 13:41 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-01 14:35 . 2012-08-15 19:11 291088 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-23 16:35 . 2012-06-03 17:09 138904 ----a-w- c:\users\Patrik\AppData\Roaming\PnkBstrK.sys
2013-02-23 16:35 . 2012-08-15 19:11 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-02-21 18:28 . 2013-02-21 18:28 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-02-12 04:48 . 2013-03-13 06:36 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 06:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-25 13:43 . 2013-02-01 20:30 8941856 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-01-25 13:43 . 2013-02-01 20:30 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-01-25 13:43 . 2013-02-01 20:30 7964168 ----a-w- c:\windows\system32\nvcuda.dll
2013-01-25 13:43 . 2013-02-01 20:30 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-01-25 13:43 . 2013-02-01 20:30 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-01-25 13:43 . 2013-02-01 20:30 20534048 ----a-w- c:\windows\system32\nvoglv32.dll
2013-01-25 13:43 . 2013-02-01 20:30 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-25 13:43 . 2013-02-01 20:30 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-01-25 13:43 . 2013-02-01 20:30 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-01-25 13:43 . 2012-08-15 10:39 2530376 ----a-w- c:\windows\system32\nvapi.dll
2013-01-25 13:43 . 2012-08-15 10:39 15037248 ----a-w- c:\windows\system32\nvd3dum.dll
2013-01-25 13:43 . 2012-08-15 10:39 12771784 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-01-25 10:45 . 2012-08-15 10:40 4114208 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-25 10:45 . 2012-08-15 10:40 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-25 10:45 . 2012-08-15 10:40 859936 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-01-25 10:45 . 2012-08-15 10:40 633632 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-25 10:45 . 2012-08-15 10:40 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-25 10:45 . 2012-08-15 10:40 55584 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-01-25 10:45 . 2012-08-15 10:40 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-25 03:36 . 2013-01-25 03:36 555808 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-17 00:28 . 2012-06-03 13:44 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-27 15:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 15:23 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 15:23 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 15:23 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:23 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30 . 2013-02-27 15:23 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22 . 2013-02-27 15:23 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 15:23 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09 . 2013-02-27 15:23 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 15:23 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 15:23 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54 . 2013-02-27 15:23 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 15:23 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 15:23 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48 . 2013-02-27 15:23 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 15:23 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43 . 2013-02-27 15:23 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37 . 2013-02-27 15:23 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 15:23 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 15:23 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 15:23 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00 . 2013-02-14 14:10 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 14:10 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 15:23 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50 . 2013-02-14 14:10 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-14 14:11 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 14:08 . 2013-03-08 14:08 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OscarX7Mouse5Mode"="c:\program files\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" [2012-03-20 3521024]
"Facebook Update"="c:\users\Patrik\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-27 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-03 7866912]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"egui"="c:\program files\ESET\ESET Endpoint Antivirus\egui.exe" [2012-07-04 3154464]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-03-27 19:34 138096 ----atw- c:\users\Patrik\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-15 11:47 116648 ----atw- c:\users\Patrik\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [x]
R3 EagleXNt;EagleXNt; [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSM\0206000.049\ccSetx86.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NSM;Norton Family;c:\program files\Norton Family\Engine\2.6.0.73\ccSvcHst.exe [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\System32\Drivers\NSM\0206000.049\SymRdrS.SYS [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 09:18]
.
2013-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000Core.job
- c:\users\Patrik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17 19:34]
.
2013-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000UA.job
- c:\users\Patrik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17 19:34]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000Core.job
- c:\users\Patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 11:47]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000UA.job
- c:\users\Patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/cz/gate/?returnUrl=|bf3|cz
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\7iewwfq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb9ee7c04-b060-4219-abe0-f075a754bb32%7D&mid=b87c57e6e04b47d0b2fad1566fa91bae-d941917184a68a78480c9d7a29c30cbec03b9b07&ds=st011&v=11.1.0.7&lang=sk&pr=sa&d=2012-06-04%2013%3A28%3A58&sap=ku&q=
FF - ExtSQL: 2013-02-21 19:28; {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}; c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw
FF - ExtSQL: !HIDDEN! 2012-09-19 22:25; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-PunkBusterSvc - j:\game\CS\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSM]
"ImagePath"="\"c:\program files\Norton Family\Engine\2.6.0.73\ccSvcHst.exe\" /s \"NSM\" /m \"c:\program files\Norton Family\Engine\2.6.0.73\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5456)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
j:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-04-03 19:54:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-03 17:54
.
Pre-Run: 46 470 053 888 bytes free
Post-Run: 46 598 545 408 bytes free
.
- - End Of File - - 1CC2FE0C82D53AAC270BE8A1AF2C44D2

#2 Příspěvek od **Rudy** » 03 dub 2013 19:17

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům? Hodláte si zbořit systém?

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311204924-3056197995-1987572141-1000UA.job

Folder::
c:\users\Patrik\AppData\Local\Facebook\Update

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Firefox::
FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\7iewwfq5.default\
FF - ExtSQL: 2013-02-21 19:28; {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}; c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.52\coFFFw
FF - ExtSQL: !HIDDEN! 2012-09-19 22:25; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

liam · #3 Příspěvek od **liam** » 03 dub 2013 19:27

idem nato, viem, asi som nemal combofix dat,ale comp je nejaky cudny, pustim akykolvek prehlaidac a stranky nacitava velmi dlho, pritom rychlost netu je v poriadku, idem pustit ten script

#4 Příspěvek od **Rudy** » 03 dub 2013 19:52

Vy byste ho měl dát pouze na pokyn rádce. Laborovat s CF je pro laika dost nebzpečné.

liam · #5 Příspěvek od **liam** » 03 dub 2013 19:58

ospravedlnujem sa zato, script prebehol , skype po ukonceni ostava stale v procesoch aktivny, ked ho dam ukoncit dostanem hlasku ze pristup pdmietnuty, pritom som tam ako admin , stranky cez prehliadace dlho nabiehaju,alebo vobec, pomoze vypnutie sietovky a spet zapnutie, ale po case ten isty problem

#6 Příspěvek od **Rudy** » 03 dub 2013 20:01

Nepošahal jste si systém AdvancedSystemCare? To je pěkný šmejd, v rukou laika dokáže systém znefunkčnit.

liam · #7 Příspěvek od **liam** » 03 dub 2013 20:04

s ASC som precistil davnejsie iba temp a zaplaty na win

liam · #8 Příspěvek od **liam** » 03 dub 2013 20:19

vyssie spominany problem je stale , stranky nenacita,alebo nacita po niekolkych minutych , skype ostava aj po odhlaseni a ukonceni , mozna sa zhodi cely system a aspon sa to cele precisti

#9 Příspěvek od **Rudy** » 03 dub 2013 20:23

Tohle vypadá na vážnější problém. Zkuste obnovu systému k datu, kdy korketně fungoval.

liam · #10 Příspěvek od **liam** » 03 dub 2013 20:27

tak to bude asi problem, body obnovenia su prec, je tam iba dnes z vecera , takze to vidim na reinstal systemu

#11 Příspěvek od **Rudy** » 03 dub 2013 21:55

Zkusil bych opravu z instal média: http://forum.viry.cz/viewtopic.php?f=46&t=106339 .

VIRY.CZ

kontrola combofix - spomaleny cely comp

kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp

Re: kontrola combofix - spomaleny cely comp