VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Hostitel sluzby - zahlcuje disk a pamat (?)

https://forum.viry.cz:443/viewtopic.php?t=140284

Stránka 2 z 2

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 17 zář 2014 17:38
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 17 zář 2014 20:38
od Drakenko
Zdravim, pisem z kamaratovho PC - moj, o ktory sa tu jedna, vykonaval cistenie takmer dve hodiny, pri tom tiez dva krat vyhodil chybove okno Error while deleting files, teraz uz sa takmer hodinu restartuje. S tym restartom bol problem aj skor, kedy mu to trvalo aj vyse hodinu a pol (naco som ho nasilne vypol), je mozne, ze sa ani tentokrat nerestarte sam? Pred spustenim cistenia bola RAM vytazena na 98-99%

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 17 zář 2014 21:30
od Rudy
Možné to je. Rád bych ale viděl log CF.

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 17 zář 2014 22:58
od Drakenko
Tu je log. Opäť je výkon v normále, ale bojím sa že sa to zase poj***.

ComboFix 14-09-16.01 - Jakub 17.09.2014 19:29:53.1.4 - x64
Running from: c:\users\Jakub\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2014-08-17 to 2014-09-17 )))))))))))))))))))))))))))))))
.
.
2014-09-17 19:05 . 2014-09-17 19:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-17 19:05 . 2014-09-17 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-17 19:05 . 2014-09-17 19:05 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2014-09-16 18:16 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B27B384D-F412-4812-AFE7-19A380598A9C}\mpengine.dll
2014-09-16 16:47 . 2014-09-16 16:57 -------- d-----w- C:\AdwCleaner
2014-09-16 16:25 . 2014-09-16 19:11 -------- d-----w- c:\program files\trend micro
2014-09-16 15:40 . 2014-09-16 15:46 -------- d-----w- C:\FRST
2014-09-15 16:06 . 2014-09-15 16:06 -------- d-----w- c:\users\Jakub\AppData\Roaming\HD Tune Pro
2014-09-15 16:05 . 2014-09-15 16:05 -------- d-----w- c:\program files (x86)\HD Tune Pro
2014-09-14 17:17 . 2014-09-14 17:17 -------- d-----w- C:\found.000
2014-09-04 09:44 . 2014-09-04 09:44 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-09-03 22:12 . 2014-09-03 22:12 -------- d-----w- c:\users\Jakub\AppData\Local\Adobe
2014-08-28 10:22 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-25 14:21 . 2014-08-29 18:37 -------- d-----w- c:\users\Jakub\AppData\Local\Battle.net
2014-08-25 14:21 . 2014-08-25 14:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Battle.net
2014-08-25 14:20 . 2014-08-25 14:20 -------- d-----w- c:\program files (x86)\Battle.net
2014-08-20 11:08 . 2014-08-20 11:08 262312 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 10:14 . 2013-02-01 12:00 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-14 16:33 . 2013-03-09 12:43 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-09-05 11:10 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-16 21:01 . 2014-08-03 20:58 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-16 21:01 . 2014-08-03 20:58 128000 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-16 21:01 . 2014-08-03 20:58 144384 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-16 21:01 . 2014-08-03 20:58 40448 ----a-w- c:\windows\system32\wuapp.exe
2014-08-16 21:00 . 2014-08-03 20:58 100352 ----a-w- c:\windows\system32\wudriver.dll
2014-08-16 21:00 . 2014-08-03 20:58 773632 ----a-w- c:\windows\system32\wuapi.dll
2014-08-16 21:00 . 2014-08-03 20:58 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-08-16 21:00 . 2014-08-03 20:58 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-08-16 21:00 . 2014-08-03 20:58 59416 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-16 21:00 . 2014-08-03 20:58 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-16 21:00 . 2014-08-03 20:58 86528 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-16 21:00 . 2014-08-03 20:58 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-08-16 21:00 . 2014-08-03 20:58 629248 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-08 19:10 . 2014-08-04 10:35 967 ----a-w- c:\windows\ScUnin.pif
2014-08-08 19:10 . 2014-08-04 10:35 70656 ----a-w- c:\windows\ScUnin.exe
2014-08-07 06:33 . 2014-08-15 16:47 712192 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 03:09 . 2014-08-15 16:47 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-08-02 00:15 . 2014-07-16 10:34 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15 . 2014-07-16 10:34 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-24 12:11 . 2014-08-15 16:47 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-07-24 12:10 . 2014-08-15 16:47 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-07-24 12:10 . 2014-08-15 16:47 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-07-24 12:10 . 2014-08-15 16:47 53760 ----a-w- c:\windows\system32\UXInit.dll
2014-07-24 12:10 . 2014-08-15 16:47 1407488 ----a-w- c:\windows\system32\urlmon.dll
2014-07-24 12:09 . 2014-08-15 16:47 197120 ----a-w- c:\windows\system32\msrating.dll
2014-07-24 12:09 . 2014-08-15 16:47 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-07-24 12:09 . 2014-08-15 16:47 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-07-24 12:09 . 2014-08-15 16:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-07-24 12:09 . 2014-08-15 16:47 3959296 ----a-w- c:\windows\system32\jscript9.dll
2014-07-24 12:09 . 2014-08-15 16:47 855552 ----a-w- c:\windows\system32\jscript.dll
2014-07-24 12:09 . 2014-08-15 16:47 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-07-24 12:09 . 2014-08-15 16:47 15399936 ----a-w- c:\windows\system32\ieframe.dll
2014-07-24 12:09 . 2014-08-15 16:47 2655232 ----a-w- c:\windows\system32\iertutil.dll
2014-07-24 12:09 . 2014-08-15 16:47 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-07-24 12:09 . 2014-08-15 16:47 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-07-24 12:09 . 2014-08-15 16:47 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-07-24 12:09 . 2014-08-15 16:47 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2014-07-24 12:09 . 2014-08-15 16:47 451584 ----a-w- c:\windows\system32\dxtmsft.dll
2014-07-24 12:09 . 2014-08-15 16:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-07-24 12:09 . 2014-08-15 16:47 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-24 10:52 . 2014-08-15 16:47 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-07-24 10:52 . 2014-08-15 16:47 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2014-07-24 10:51 . 2014-08-15 16:47 2861568 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-07-24 10:51 . 2014-08-15 16:47 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-07-24 10:51 . 2014-08-15 16:47 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-07-24 10:51 . 2014-08-15 16:47 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-07-24 10:33 . 2014-08-15 16:47 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-24 10:29 . 2014-08-15 16:47 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-07-24 08:03 . 2014-08-15 16:47 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll
2014-07-15 23:03 . 2014-08-15 16:48 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-07-15 22:51 . 2014-08-15 16:59 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-07-12 02:36 . 2014-08-15 16:48 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-07-01 11:01 . 2013-01-29 19:21 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-06-30 22:42 . 2014-07-15 14:41 394240 ----a-w- c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-07-15 14:41 87552 ----a-w- c:\windows\system32\aepic.dll
2014-06-19 23:35 . 2014-08-15 16:47 1312768 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-19 22:24 . 2014-08-15 16:47 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\data\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Steam"="c:\data\Hry\Space Marine\steam.exe" [2014-08-28 1939136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-06-08 5123216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WinampAgent"="c:\data\Winamp3\winampa.exe" [2002-07-23 12288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"LogMeIn Hamachi Ui"="c:\data\Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys;c:\windows\SYSNATIVE\DRIVERS\BLKWGU.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\data\Hamachi\hamachi-2.exe;c:\data\Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AU8168;AU 8168 NT Driver;c:\windows\system32\DRIVERS\au630x64.sys;c:\windows\SYSNATIVE\DRIVERS\au630x64.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\dwovow7m.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (sk)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-UnrealTournament - c:\data\HryUnrealTournament\System\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.6.15\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\data\Hry\Space Marine\bin\steamwebhelper.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2014-09-17 23:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-17 21:53
.
Pre-Run: 656 080 916 480 bytes free
Post-Run: 679 466 627 072 bytes free
.
- - End Of File - - 3A731B71451F0CD8C5EBD929781606D8
A36C5E4F47E84449FF07ED3517B43A31

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 18 zář 2014 10:30
od Drakenko
Tak vyzerá to, že včerajšia procedúra velmi nepomohla - disk 99%, pamäť 95% :(

Re: Hostitel sluzby - zahlcuje disk a pamat (?)

Napsal: 18 zář 2014 18:23
od Rudy
Něco CF smazal, zbytek logu je OK. Na zkoušku vypněte aut. aktualizace a přesvědčte se, jestli se něco změní.
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz