Dobrý den,
už dlhśí čas mám pomalý PC, a programy sa dlhšie načítavajú. Neśiel mi spustiť RSIT, písalo to nejakú chybu (nepametám si presne čo, ale bolo tam, že nejaká premenná nieje deklarovná-poznám programátorské názvy =D )
Sustil som tam teda ComboFix. Tu je log a prosím o prezretie, či tam nieje niečo zlé.
Inak beží to Windows 7 32bit.
Ešte k logu poviem takto:
Dnes som si nainštaloval MBAM a Sophos Virus Removal Tool, a dám to preskenovať, ak bude treba.
Používam PsPad, ale nepoužívam ICQ ani SWFCatcher. Bol by som rád, ak by sa dalo vypnúť a zmazať Toolbary. Používam Mozilla Firefox, v IE otvorím stránku iba ak treba.
Ďakujem veľmi pekne
ComboFix 13-05-31.01 - Andrej . 05. 2013 10:13:37.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3071.1578 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Dec2005_d3dx9_28_x64.cab
c:\programdata\Dec2005_d3dx9_28_x86.cab
c:\programdata\DEC2006_d3dx10_00_x64.cab
c:\programdata\DEC2006_d3dx10_00_x86.cab
c:\programdata\DEC2006_d3dx9_32_x64.cab
c:\programdata\DEC2006_d3dx9_32_x86.cab
c:\programdata\DEC2006_XACT_x64.cab
c:\programdata\DEC2006_XACT_x86.cab
c:\programdata\DSETUP.dll
c:\programdata\dsetup32.dll
c:\programdata\Feb2005_d3dx9_24_x64.cab
c:\programdata\Feb2005_d3dx9_24_x86.cab
c:\programdata\Feb2006_d3dx9_29_x64.cab
c:\programdata\Feb2006_d3dx9_29_x86.cab
c:\programdata\Feb2006_XACT_x64.cab
c:\programdata\Feb2006_XACT_x86.cab
c:\programdata\FEB2007_XACT_x64.cab
c:\programdata\FEB2007_XACT_x86.cab
c:\programdata\MPK
c:\programdata\MPK\mpk_export.db
c:\users\Martin\Favorites\DXSETUP.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\SETCF74.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\Andrej\AppData\Local\temp
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2013-05-31 08:22 . 2013-05-31 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-31 08:11 . 2013-05-31 08:11 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\offreg.dll
2013-05-31 08:03 . 2013-05-31 08:06 -------- d-----w- c:\program files\trend micro
2013-05-31 08:03 . 2013-05-31 08:03 -------- d-----w- C:\rsit
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\programdata\Sophos
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\program files\Sophos Virus Removal Tool
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\users\Andrej\AppData\Roaming\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\programdata\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-31 07:42 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-31 07:39 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\mpengine.dll
2013-05-30 09:11 . 2013-05-30 09:11 -------- d-----w- c:\users\Andrej\AppData\Local\backburner
2013-05-21 01:54 . 2013-01-18 14:20 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-20 18:30 . 2013-05-20 18:30 -------- d-----w- C:\found.000
2013-05-20 18:12 . 2013-05-21 01:52 -------- d-----w- c:\windows\LastGood
2013-05-20 10:45 . 2013-05-20 10:45 -------- d-----w- C:\Riot Games
2013-05-15 15:37 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 15:37 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 15:37 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 15:34 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:34 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 15:34 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 15:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 15:34 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-14 03:18 . 2013-05-14 03:18 -------- d-----w- c:\program files\Common Files\Alias Shared
2013-05-13 18:32 . 2013-05-13 18:32 -------- d-----w- c:\users\Lukáš\AppData\Roaming\GHISLER
2013-05-11 17:18 . 2013-05-11 17:46 -------- d-----w- c:\program files\Wireless 5-Mode Oscar Editor
2013-05-11 17:15 . 2013-05-11 17:16 -------- d-----w- c:\program files\X7_5ModeWireless
2013-05-04 10:10 . 2013-05-04 10:10 -------- d-----w- c:\users\Andrej\AppData\Local\TNS
2013-05-01 19:48 . 2013-05-30 17:46 -------- d-----w- c:\users\Andrej\AppData\Local\PMB Files
2013-05-01 19:46 . 2013-05-30 17:46 -------- d-----w- c:\programdata\PMB Files
2013-05-01 19:27 . 2013-05-01 19:27 -------- d-----w- c:\users\Andrej\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 13:50 . 2012-03-31 21:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 13:50 . 2011-12-07 18:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-12-07 18:21 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 11:36 . 2013-04-20 11:32 87608 ----a-w- c:\users\Andrej\AppData\Roaming\inst.exe
2013-04-20 11:36 . 2013-04-20 11:32 47360 ----a-w- c:\users\Andrej\AppData\Roaming\pcouffin.sys
2013-04-13 04:45 . 2013-05-15 15:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 21:46 . 2013-04-05 21:46 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:46 . 2013-04-05 21:46 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 21:46 . 2013-04-05 21:46 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 21:46 . 2013-04-05 21:46 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 21:46 . 2013-04-05 21:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 21:46 . 2013-04-05 21:46 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 21:46 . 2013-04-05 21:46 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 21:46 . 2013-04-05 21:46 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 21:46 . 2013-04-05 21:46 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 21:46 . 2013-04-05 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 21:46 . 2013-04-05 21:46 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 21:46 . 2013-04-05 21:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 21:45 . 2013-04-05 21:45 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 21:45 . 2013-04-05 21:45 361984 ----a-w- c:\windows\system32\html.iec
2013-04-05 21:45 . 2013-04-05 21:45 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 21:45 . 2013-04-05 21:45 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 21:45 . 2013-04-05 21:45 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 21:44 . 2013-04-05 21:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-05 21:44 . 2013-04-05 21:44 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 21:44 . 2013-04-05 21:44 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 21:44 . 2013-04-05 21:44 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-05 21:44 . 2013-04-05 21:44 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-05 21:44 . 2013-04-05 21:44 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-05 21:44 . 2013-04-05 21:44 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-05 21:44 . 2013-04-05 21:44 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 21:44 . 2013-04-05 21:44 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 21:44 . 2013-04-05 21:44 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-05 21:44 . 2013-04-05 21:44 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 21:44 . 2013-04-05 21:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-05 21:44 . 2013-04-05 21:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-05 21:44 . 2013-04-05 21:44 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-05 21:44 . 2013-04-05 21:44 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 21:44 . 2013-04-05 21:44 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 21:44 . 2013-04-05 21:44 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-05 21:44 . 2013-04-05 21:44 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-19 05:04 . 2013-04-10 05:41 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:41 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 05:41 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 05:41 69632 ----a-w- c:\windows\system32\smss.exe
2010-08-03 10:11 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 10:11 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xfire"="d:\andrej\Stahovanie\Xfire\Xfire.exe" [2013-03-21 3560832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-14 5074384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:50]
.
2013-05-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-12-07 13:39]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: Od&oslať do programu OneNote
IE: YamicsoftDisabled
IE: YamicsoftDisabled\E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\bnufp2dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-31 10:40:14
ComboFix-quarantined-files.txt 2013-05-31 08:40
ComboFix2.txt 2012-07-23 17:57
.
Pre-Run: 379 721 478 144 bytes free
Post-Run: 380 373 041 152 bytes free
.
- - End Of File - - 9A0D4245D85F649F931A5A497776B91F
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC, nefunguje RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, nefunguje RSIT
To, že vám nefunguje RSIT vám nedává důvod spouštět profi utilitu ComboFix. I v takovém případě platí, že si s ním laik může nabořit systém.
Ještě dosčistíme. otevřte poznámkový blok a zkopírujte do něj:
Ještě dosčistíme. otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\users\Andrej\.swt
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kniightfiight
Re: Pomalé PC, nefunguje RSIT
No, som nevedel, že sa to nesmie...
Este v tomto logu som videl, ze sa spustil Windows Media Player. Mohol by sa nespustat?
DAKUJEM
ComboFix 13-05-31.01 - Andrej . 05. 2013 19:51:36.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3071.2317 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrej\Desktop\CFScript.txt
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrej\.swt
c:\users\Andrej\.swt\lib\win32\x86\swt-win32-3740.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-31 18:00 . 2013-05-31 18:03 -------- d-----w- c:\users\Andrej\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-31 13:15 . 2013-05-31 13:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\offreg.dll
2013-05-31 10:12 . 2013-05-31 10:12 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2013-05-31 08:03 . 2013-05-31 08:06 -------- d-----w- c:\program files\trend micro
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\programdata\Sophos
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\program files\Sophos Virus Removal Tool
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\users\Andrej\AppData\Roaming\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\programdata\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-31 07:42 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-31 07:39 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\mpengine.dll
2013-05-30 09:11 . 2013-05-30 09:11 -------- d-----w- c:\users\Andrej\AppData\Local\backburner
2013-05-21 01:54 . 2013-01-18 14:20 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-20 18:12 . 2013-05-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
2013-05-20 10:45 . 2013-05-20 10:45 -------- d-----w- C:\Riot Games
2013-05-15 15:37 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 15:37 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 15:37 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 15:34 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:34 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 15:34 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 15:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 15:34 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-14 03:18 . 2013-05-14 03:18 -------- d-----w- c:\program files\Common Files\Alias Shared
2013-05-13 18:32 . 2013-05-13 18:32 -------- d-----w- c:\users\Lukáš\AppData\Roaming\GHISLER
2013-05-11 17:18 . 2013-05-11 17:46 -------- d-----w- c:\program files\Wireless 5-Mode Oscar Editor
2013-05-11 17:15 . 2013-05-11 17:16 -------- d-----w- c:\program files\X7_5ModeWireless
2013-05-04 10:10 . 2013-05-04 10:10 -------- d-----w- c:\users\Andrej\AppData\Local\TNS
2013-05-01 19:48 . 2013-05-30 17:46 -------- d-----w- c:\users\Andrej\AppData\Local\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 18:04 . 2013-05-31 18:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-19 13:50 . 2012-03-31 21:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 13:50 . 2011-12-07 18:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-12-07 18:21 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 11:36 . 2013-04-20 11:32 87608 ----a-w- c:\users\Andrej\AppData\Roaming\inst.exe
2013-04-20 11:36 . 2013-04-20 11:32 47360 ----a-w- c:\users\Andrej\AppData\Roaming\pcouffin.sys
2013-04-13 04:45 . 2013-05-15 15:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 21:46 . 2013-04-05 21:46 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:46 . 2013-04-05 21:46 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 21:46 . 2013-04-05 21:46 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 21:46 . 2013-04-05 21:46 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 21:46 . 2013-04-05 21:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 21:46 . 2013-04-05 21:46 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 21:46 . 2013-04-05 21:46 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 21:46 . 2013-04-05 21:46 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 21:46 . 2013-04-05 21:46 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 21:46 . 2013-04-05 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 21:46 . 2013-04-05 21:46 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 21:46 . 2013-04-05 21:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 21:45 . 2013-04-05 21:45 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 21:45 . 2013-04-05 21:45 361984 ----a-w- c:\windows\system32\html.iec
2013-04-05 21:45 . 2013-04-05 21:45 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 21:45 . 2013-04-05 21:45 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 21:45 . 2013-04-05 21:45 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 21:44 . 2013-04-05 21:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-05 21:44 . 2013-04-05 21:44 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 21:44 . 2013-04-05 21:44 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 21:44 . 2013-04-05 21:44 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-05 21:44 . 2013-04-05 21:44 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-05 21:44 . 2013-04-05 21:44 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-05 21:44 . 2013-04-05 21:44 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-05 21:44 . 2013-04-05 21:44 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 21:44 . 2013-04-05 21:44 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 21:44 . 2013-04-05 21:44 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-05 21:44 . 2013-04-05 21:44 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 21:44 . 2013-04-05 21:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-05 21:44 . 2013-04-05 21:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-05 21:44 . 2013-04-05 21:44 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-05 21:44 . 2013-04-05 21:44 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 21:44 . 2013-04-05 21:44 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 21:44 . 2013-04-05 21:44 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-05 21:44 . 2013-04-05 21:44 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-19 05:04 . 2013-04-10 05:41 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:41 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 05:41 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 05:41 69632 ----a-w- c:\windows\system32\smss.exe
2010-08-03 10:11 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 10:11 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xfire"="d:\andrej\Stahovanie\Xfire\Xfire.exe" [2013-03-21 3560832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-14 5074384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:50]
.
2013-05-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-12-07 13:39]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: Od&oslať do programu OneNote
IE: YamicsoftDisabled
IE: YamicsoftDisabled\E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\bnufp2dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1068)
d:\andrej\Stahovanie\Xfire\xfire_toucan_46139.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-31 20:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-31 18:24
ComboFix2.txt 2013-05-31 08:40
ComboFix3.txt 2012-07-23 17:57
.
Pre-Run: 380 463 669 248 bytes free
Post-Run: 380 283 023 360 bytes free
.
- - End Of File - - D1F574BAFDB08CCA5BF6B8A5DAD0E9C9
Este v tomto logu som videl, ze sa spustil Windows Media Player. Mohol by sa nespustat?
DAKUJEM
ComboFix 13-05-31.01 - Andrej . 05. 2013 19:51:36.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3071.2317 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrej\Desktop\CFScript.txt
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrej\.swt
c:\users\Andrej\.swt\lib\win32\x86\swt-win32-3740.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-31 18:00 . 2013-05-31 18:03 -------- d-----w- c:\users\Andrej\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2013-05-31 18:00 . 2013-05-31 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-31 13:15 . 2013-05-31 13:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\offreg.dll
2013-05-31 10:12 . 2013-05-31 10:12 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Malwarebytes
2013-05-31 08:03 . 2013-05-31 08:06 -------- d-----w- c:\program files\trend micro
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\programdata\Sophos
2013-05-31 07:45 . 2013-05-31 07:45 -------- d-----w- c:\program files\Sophos Virus Removal Tool
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\users\Andrej\AppData\Roaming\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\programdata\Malwarebytes
2013-05-31 07:42 . 2013-05-31 07:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-31 07:42 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-31 07:39 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8638659C-A964-488F-8FB0-DE2B191C1389}\mpengine.dll
2013-05-30 09:11 . 2013-05-30 09:11 -------- d-----w- c:\users\Andrej\AppData\Local\backburner
2013-05-21 01:54 . 2013-01-18 14:20 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-20 18:12 . 2013-05-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
2013-05-20 10:45 . 2013-05-20 10:45 -------- d-----w- C:\Riot Games
2013-05-15 15:37 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 15:37 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 15:37 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 15:34 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:34 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 15:34 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 15:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 15:34 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-14 03:18 . 2013-05-14 03:18 -------- d-----w- c:\program files\Common Files\Alias Shared
2013-05-13 18:32 . 2013-05-13 18:32 -------- d-----w- c:\users\Lukáš\AppData\Roaming\GHISLER
2013-05-11 17:18 . 2013-05-11 17:46 -------- d-----w- c:\program files\Wireless 5-Mode Oscar Editor
2013-05-11 17:15 . 2013-05-11 17:16 -------- d-----w- c:\program files\X7_5ModeWireless
2013-05-04 10:10 . 2013-05-04 10:10 -------- d-----w- c:\users\Andrej\AppData\Local\TNS
2013-05-01 19:48 . 2013-05-30 17:46 -------- d-----w- c:\users\Andrej\AppData\Local\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 18:04 . 2013-05-31 18:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-31 07:45 . 2013-05-31 07:45 73728 ----a-r- c:\users\Andrej\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-19 13:50 . 2012-03-31 21:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-19 13:50 . 2011-12-07 18:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-12-07 18:21 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 11:36 . 2013-04-20 11:32 87608 ----a-w- c:\users\Andrej\AppData\Roaming\inst.exe
2013-04-20 11:36 . 2013-04-20 11:32 47360 ----a-w- c:\users\Andrej\AppData\Roaming\pcouffin.sys
2013-04-13 04:45 . 2013-05-15 15:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 21:46 . 2013-04-05 21:46 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:46 . 2013-04-05 21:46 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 21:46 . 2013-04-05 21:46 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 21:46 . 2013-04-05 21:46 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 21:46 . 2013-04-05 21:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 21:46 . 2013-04-05 21:46 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 21:46 . 2013-04-05 21:46 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 21:46 . 2013-04-05 21:46 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 21:46 . 2013-04-05 21:46 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 21:46 . 2013-04-05 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 21:46 . 2013-04-05 21:46 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 21:46 . 2013-04-05 21:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 21:45 . 2013-04-05 21:45 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 21:45 . 2013-04-05 21:45 361984 ----a-w- c:\windows\system32\html.iec
2013-04-05 21:45 . 2013-04-05 21:45 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 21:45 . 2013-04-05 21:45 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 21:45 . 2013-04-05 21:45 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 21:44 . 2013-04-05 21:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-05 21:44 . 2013-04-05 21:44 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-05 21:44 . 2013-04-05 21:44 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 21:44 . 2013-04-05 21:44 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 21:44 . 2013-04-05 21:44 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-05 21:44 . 2013-04-05 21:44 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-05 21:44 . 2013-04-05 21:44 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-05 21:44 . 2013-04-05 21:44 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-05 21:44 . 2013-04-05 21:44 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 21:44 . 2013-04-05 21:44 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 21:44 . 2013-04-05 21:44 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-05 21:44 . 2013-04-05 21:44 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 21:44 . 2013-04-05 21:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-05 21:44 . 2013-04-05 21:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-05 21:44 . 2013-04-05 21:44 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-05 21:44 . 2013-04-05 21:44 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 21:44 . 2013-04-05 21:44 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 21:44 . 2013-04-05 21:44 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-05 21:44 . 2013-04-05 21:44 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-19 05:04 . 2013-04-10 05:41 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:41 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 05:41 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 05:41 69632 ----a-w- c:\windows\system32\smss.exe
2010-08-03 10:11 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 10:11 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xfire"="d:\andrej\Stahovanie\Xfire\Xfire.exe" [2013-03-21 3560832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-14 5074384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:50]
.
2013-05-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-12-07 13:39]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748102567-3861943476-210638618-1003UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: Od&oslať do programu OneNote
IE: YamicsoftDisabled
IE: YamicsoftDisabled\E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\bnufp2dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1068)
d:\andrej\Stahovanie\Xfire\xfire_toucan_46139.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-31 20:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-31 18:24
ComboFix2.txt 2013-05-31 08:40
ComboFix3.txt 2012-07-23 17:57
.
Pre-Run: 380 463 669 248 bytes free
Post-Run: 380 283 023 360 bytes free
.
- - End Of File - - D1F574BAFDB08CCA5BF6B8A5DAD0E9C9
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, nefunguje RSIT
Log je již OK. Startmenu>přík. řádek>(napsat) msconfig>Enter. Podívejte se do záložek "Po spuštění" a "Služby". Pokud tam najdete WMP, odstraňte zatržítko, nastavení uložte a restartujte PC. Zrychlil se PC?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kniightfiight
Re: Pomalé PC, nefunguje RSIT
WMP služba tam nieje. Ano, hej, je rýchlejśí než bol.
Ďakujem veľmi pekne za pomoc
Ďakujem veľmi pekne za pomoc
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, nefunguje RSIT
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?