exploler.exe pożera procesr 2770 4

O temacie

Autor

Zaczęty 5.01.2013 roku

Wyświetleń 2770

Odpowiedzi 4

gothic1210
  • Gość

gothic1210
Gość

exploler.exe pożera procesr
2013-01-05, 20:32
Przejrzałem całe Google i nie mam pojęcia co zrobić Otóż proces exploler.exe pobiera ponad 50% zasobów przy nic nie robieniu. Wystarczy, że po starcie systemu otworzę byle jaki folder i zaraz go zamknę i już obciążenie dla wszystkich 4 rdzeni skacze do 60-90% a czasem zamula nawet inne programy. Co mam z tym zrobić? System mam Widnows 7. Czyszczony, zdefragmentowany i z płatną wersją Nortona. CO może być źle?
Screen z msconfig



Jeszcze takie coś>
Cytuj
Pełna ścieżka: c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
____________________________
____________________________

Deweloperzy
Microsoft Corporation


Wersja
6.1.7601.17567


Zidentyfikowano
2012-11-29 na 21:49:42


Ostatnio używany
2013-01-05 na 20:10:29


Element grupy Autostart
Nie

____________________________
____________________________
Niezawodny
Przy typowym użytkowaniu ten program bardzo rzadko ulega awarii.
____________________________
Wielu użytkowników
Miliony użytkowników Norton Community używało tego pliku.
____________________________
Dojrzały
Ten plik został wydany więcej niż 31 dni1 rok 9 mies. temu.
____________________________

Zaufana


Produkt marki Norton nadał temu plikowi ocenę Zaufany.

____________________________




 file origin tree



explorer.exe





____________________________
Wydajność

Śr.  Użycie zasobów:
Umiarkowane


Śr.  Wykorzystanie procesora:
Niski


Śr.  Wykorzystanie pamięci:
Umiarkowane

____________________________
Alert dotyczący wydajności
Czas:
 2013-01-05 20:10:21






Identyfikator procesu
1820


Procesor
 100% co najmniej jednego procesora.


Pamięć
Normalny


Liczba dojść
Normalny


Operacje odczytu dysku
Normalny


Operacje zapisu dysku
Normalny



Śr.  Użycie zasobów:
Umiarkowane


Śr.  Wykorzystanie procesora:
Niski


Śr.  Wykorzystanie pamięci:
Umiarkowane




Identyfikator procesu
1820


Procesor
 100% co najmniej jednego procesora.


Pamięć
Normalny


Liczba dojść
Normalny


Operacje odczytu dysku
Normalny


Operacje zapisu dysku
Normalny


____________________________
Podpis cyfrowy pliku – SHA:
6bed1a3a956a859ef4420feb2466c040800eaf01ef53214ef9dab53aeff1cff0
____________________________
Podpis cyfrowy pliku – MD5:
332feab1435662fc6c672e25beb37be3
____________________________
Tak zauważyłem, że w innych folderach jest ok 10-14% co wydaje się być w miarę normlane. No, ale jak wejdę w Muzykę to komputer jest wręcz paraliżowany. Nic się nie da zrobić praktycznie. Robiłem skana przed wirusami i nic. Mam zrobić reinstal?
 
Zkirtaem

Zkirtaem

Moderator
Mięso
posty2171
Propsy1689
ProfesjaGracz
  • Moderator
  • Mięso

Zkirtaem
Moderator

exploler.exe pożera procesr
#1 2013-01-05, 20:37(Ostatnia zmiana: 2013-01-05, 20:38)
exploler.exe
exp :lol:  er.exe


stary/powolny/przypsuty dysk twardy? Albo ram, jak nie to pozostaje teoria wedle której tylko sformatowałeś pecet i już nałapałeś wirusów, niektórzy mają do tego talent. Jak masz linuxa to sprawdź czy on działa lepiej, jeśli nie to oczywiste: coś ze skrzynką, fizycznie.
 
gothic1210
  • Gość

gothic1210
Gość

exploler.exe pożera procesr
#2 2013-01-05, 20:40
Cytat: Zkirtaem#msg w 2013-01-05, 20:37
exploler.exe
exp :lol:  er.exe


stary/powolny/przypsuty dysk twardy? Albo ram, jak nie to pozostaje teoria wedle której tylko sformatowałeś pecet i już nałapałeś wirusów, niektórzy mają do tego talent. Jak masz linuxa to sprawdź czy on działa lepiej, jeśli nie to oczywiste: coś ze skrzynką, fizycznie.
Kurde, wszystko ma miesiąc. Skanowałem Nortonem. Nie ma wirusów.
 
Ali G

Ali G

Użytkownicy
Nie odmawia się, kiedy pieniądz woła.
posty682
Propsy727
ProfesjaNierób
  • Użytkownicy
  • Nie odmawia się, kiedy pieniądz woła.

Ali G

exploler.exe pożera procesr
#3 2013-01-05, 21:14
To spróbuj przeskanować go ComboFixem.A po czym ci tak zaczął mulić(instalowałeś jakiś program, zrzucałeś coś z zewnętrznych nośników pendrive, karta pamięci)?
 
gothic1210
  • Gość

gothic1210
Gość

exploler.exe pożera procesr
#4 2013-01-05, 22:32
Mam:
Spoiler
ComboFix 13-01-05.01 - a 2013-01-05  22:20:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.7132.5365 [GMT 1:00]
Uruchomiony z: c:\users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLAJ602X\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-12-05 do 2013-01-05  )))))))))))))))))))))))))))))))
.
.
2013-01-05 21:26 . 2013-01-05 21:26   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-01-05 17:12 . 2013-01-05 17:12   --------   d-----w-   c:\users\a\AppData\Local\Macromedia
2013-01-05 17:11 . 2013-01-05 17:11   --------   d-----w-   c:\users\a\AppData\Local\Mozilla
2013-01-05 17:10 . 2013-01-05 17:10   --------   d-----w-   c:\program files (x86)\Mozilla Maintenance Service
2013-01-05 17:10 . 2013-01-05 17:10   --------   d-----w-   c:\users\a\AppData\Local\NPE
2013-01-04 15:09 . 2013-01-05 16:23   --------   d-----w-   c:\users\a\AppData\Roaming\Skype
2013-01-04 15:09 . 2013-01-04 15:09   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-01-04 15:09 . 2013-01-04 15:09   --------   d-----r-   c:\program files (x86)\Skype
2013-01-04 13:31 . 2013-01-04 13:52   --------   d-----w-   c:\users\a\AppData\Local\Wheelman
2013-01-04 13:31 . 2013-01-04 13:31   --------   d-----w-   c:\users\a\AppData\Local\PC
2013-01-04 13:17 . 2013-01-04 13:17   --------   d-----w-   c:\users\a\AppData\Roaming\InstallShield
2013-01-03 19:32 . 2013-01-03 19:32   --------   d-----w-   c:\users\a\AppData\Roaming\Creevity Mp3 Cover Downloader
2013-01-02 19:11 . 2013-01-02 19:16   --------   d-----w-   c:\users\a\Notepad++
2013-01-02 19:11 . 2013-01-02 19:11   --------   d-----w-   c:\users\a\AppData\Roaming\Notepad++
2013-01-02 13:58 . 2013-01-02 13:58   --------   d-----w-   c:\program files (x86)\MSECache
2013-01-01 09:35 . 2012-11-14 03:51   19450880   ----a-w-   c:\windows\system32\mshtml.dll
2013-01-01 09:35 . 2012-11-14 03:25   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-01-01 09:35 . 2012-11-14 01:14   2706432   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-12-31 13:43 . 2012-11-08 23:46   28672   ----a-w-   c:\windows\system32\IEUDINIT.EXE
2012-12-31 13:37 . 2012-12-31 13:37   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-12-31 11:06 . 2012-12-31 11:12   --------   d-----w-   c:\program files (x86)\MSI Afterburner
2012-12-30 21:46 . 2012-12-30 21:46   --------   d-----w-   c:\users\a\AppData\Local\Downloaded Installations
2012-12-30 19:23 . 2012-12-31 11:30   --------   d-----w-   c:\users\a\AppData\Local\The Witcher
2012-12-28 12:11 . 2012-12-28 12:11   --------   d-sh--w-   c:\users\a\Phone Browser
2012-12-25 11:16 . 2012-12-25 11:16   --------   d-----w-   c:\users\a\AppData\Local\Windows Live Writer
2012-12-25 11:16 . 2012-12-25 11:16   --------   d-----w-   c:\users\a\AppData\Roaming\Windows Live Writer
2012-12-23 09:21 . 2012-12-25 08:13   --------   d-----w-   c:\users\a\Tracing
2012-12-23 09:20 . 2013-01-04 15:09   --------   d-----w-   c:\programdata\Skype
2012-12-23 09:20 . 2012-12-23 09:20   --------   d-----w-   c:\windows\pl
2012-12-23 09:17 . 2012-12-23 09:17   --------   d-----w-   c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-23 09:16 . 2012-12-23 09:16   --------   d-----w-   c:\program files\Windows Live
2012-12-23 09:15 . 2012-12-23 09:15   --------   d-----w-   c:\windows\PCHEALTH
2012-12-23 09:15 . 2012-12-23 09:17   --------   d-----w-   c:\program files (x86)\Windows Live
2012-12-23 09:14 . 2012-12-23 09:14   --------   d-----w-   c:\program files (x86)\Microsoft SkyDrive
2012-12-23 09:14 . 2013-01-05 16:27   --------   d-----r-   c:\users\a\SkyDrive
2012-12-23 09:14 . 2012-12-23 09:14   --------   d-----w-   c:\programdata\Microsoft SkyDrive
2012-12-23 09:13 . 2013-01-05 10:07   --------   d-----w-   c:\users\a\AppData\Local\Windows Live
2012-12-23 09:12 . 2012-12-23 09:12   --------   d-----w-   c:\program files (x86)\Common Files\Windows Live
2012-12-22 11:20 . 2013-01-05 17:10   --------   d-----w-   c:\users\a\AppData\Roaming\Glory of the Roman Empire
2012-12-22 10:27 . 2012-12-27 10:56   --------   d-----w-   c:\users\a\AppData\Roaming\Gadu-Gadu 10
2012-12-22 10:27 . 2012-12-22 10:27   --------   d-----w-   c:\programdata\Gadu-Gadu 10
2012-12-21 13:29 . 2012-12-21 13:30   --------   d-----w-   c:\users\a\AppData\Roaming\PC Suite
2012-12-21 13:29 . 2012-12-21 13:30   --------   d-----w-   c:\users\a\AppData\Roaming\Nokia
2012-12-21 13:29 . 2012-12-21 13:30   --------   d-----w-   c:\programdata\PC Suite
2012-12-21 13:29 . 2012-12-21 13:29   --------   d-----w-   c:\program files (x86)\Common Files\PCSuite
2012-12-21 13:29 . 2012-12-21 13:29   --------   d-----w-   c:\program files (x86)\Common Files\Nokia
2012-12-21 13:29 . 2012-12-21 13:29   --------   d-----w-   c:\program files\DIFX
2012-12-21 13:29 . 2012-06-11 10:33   26112   ----a-w-   c:\windows\system32\drivers\pccsmcfdx64.sys
2012-12-21 13:29 . 2012-12-21 13:29   --------   d-----w-   c:\program files (x86)\PC Connectivity Solution
2012-12-21 13:29 . 2012-12-21 13:29   --------   d-----w-   c:\program files (x86)\Nokia
2012-12-21 13:29 . 2012-01-09 16:28   57856   ----a-w-   c:\windows\system32\nmwcdclsX64.dll
2012-12-21 12:00 . 2012-12-21 12:00   --------   d-----w-   c:\programdata\Installations
2012-12-21 11:35 . 2012-12-21 11:36   --------   d-----w-   c:\users\a\AppData\Local\AdFender
2012-12-21 11:35 . 2012-12-21 11:35   --------   d-----w-   c:\program files (x86)\AdFender
2012-12-21 11:35 . 2012-12-21 11:35   --------   d-----w-   c:\programdata\AdFender
2012-12-21 11:33 . 2012-12-16 17:11   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-21 11:33 . 2012-12-16 14:45   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-21 11:33 . 2012-12-16 14:13   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-21 11:33 . 2012-12-16 14:13   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-20 17:45 . 2008-10-15 05:22   519000   ----a-w-   c:\windows\system32\d3dx10_40.dll
2012-12-20 17:45 . 2008-10-15 05:22   452440   ----a-w-   c:\windows\SysWow64\d3dx10_40.dll
2012-12-20 17:45 . 2008-10-15 05:22   2605920   ----a-w-   c:\windows\system32\D3DCompiler_40.dll
2012-12-20 17:45 . 2008-10-15 05:22   2036576   ----a-w-   c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-20 17:45 . 2008-10-15 05:22   5631312   ----a-w-   c:\windows\system32\D3DX9_40.dll
2012-12-20 17:45 . 2008-10-15 05:22   4379984   ----a-w-   c:\windows\SysWow64\D3DX9_40.dll
2012-12-20 17:44 . 2012-12-20 17:44   --------   d-----w-   c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-12-19 13:28 . 2012-12-19 13:28   --------   d-----w-   c:\program files (x86)\Common Files\Steam
2012-12-13 16:31 . 2012-12-13 16:31   98304   ----a-w-   c:\windows\SysWow64\CmdLineExt.dll
2012-12-13 14:45 . 2012-11-09 05:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-12-13 14:45 . 2012-11-09 04:42   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-12-13 14:00 . 2012-11-22 03:26   3149824   ----a-w-   c:\windows\system32\win32k.sys
2012-12-13 13:54 . 2012-11-02 05:59   478208   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-13 13:54 . 2012-11-02 05:11   376832   ----a-w-   c:\windows\SysWow64\dpnet.dll
2012-12-12 19:02 . 2012-12-12 19:02   --------   d-sh--w-   c:\programdata\SecuROM
2012-12-09 12:48 . 2012-12-09 12:48   --------   d-----w-   c:\users\a\AppData\Roaming\ProtectDISC
2012-12-08 17:51 . 2012-12-08 17:51   916456   ----a-w-   c:\windows\system32\deployJava1.dll
2012-12-08 17:51 . 2012-12-08 17:51   289768   ----a-w-   c:\windows\system32\javaws.exe
2012-12-08 17:51 . 2012-12-08 17:51   1034216   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-12-08 17:51 . 2012-12-08 17:51   189416   ----a-w-   c:\windows\system32\javaw.exe
2012-12-08 17:51 . 2012-12-08 17:51   188904   ----a-w-   c:\windows\system32\java.exe
2012-12-08 17:51 . 2012-12-08 17:51   108008   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-08 17:51 . 2012-12-08 17:51   --------   d-----w-   c:\program files\Java
2012-12-07 18:53 . 2013-01-05 16:54   --------   d-----w-   c:\users\a\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-05 21:12 . 2012-11-27 16:18   30528   ----a-w-   c:\windows\GVTDrv64.sys
2013-01-05 21:12 . 2012-11-27 16:18   25640   ----a-w-   c:\windows\etdrv.sys
2013-01-05 21:12 . 2012-11-27 16:17   25640   ----a-w-   c:\windows\gdrv.sys
2012-12-23 08:31 . 2012-11-29 17:55   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-23 08:31 . 2012-11-29 17:55   697272   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 17:07 . 2012-12-02 08:50   67413224   ----a-w-   c:\windows\system32\MRT.exe
2012-12-04 17:08 . 2012-12-04 17:08   283200   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-01 15:20 . 2012-12-01 15:20   43680   ----a-w-   c:\windows\system32\drivers\lirsgt.sys
2012-12-01 15:20 . 2012-12-01 15:20   314016   ----a-w-   c:\windows\system32\drivers\atksgt.sys
2012-12-01 11:36 . 2012-12-01 11:36   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-29 20:30 . 2012-11-29 20:30   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2012-11-29 20:30 . 2012-11-29 20:30   1700352   ----a-w-   c:\windows\SysWow64\gdiplus.dll
2012-11-29 20:30 . 2012-11-29 20:30   1060864   ----a-w-   c:\windows\SysWow64\mfc71.dll
2012-11-19 00:01 . 2012-11-29 18:42   9125352   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{907F2517-0332-4448-995E-D53AA1BE25A3}\mpengine.dll
2012-10-16 08:38 . 2012-11-29 20:54   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 20:54   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 20:54   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-29 20:50   55296   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-29 20:50   226816   ----a-w-   c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-29 20:50   44032   ----a-w-   c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-29 20:50   193536   ----a-w-   c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 01:00 . 2012-12-02 16:19   776864   ----a-w-   c:\windows\system32\drivers\NISx64\1402000.013\srtsp64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-23 09:21   222712   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-23 09:21   222712   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-23 09:21   222712   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-07-09 40960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe [2012-6-20 2772112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-09-20 136648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-05 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-30 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2012-03-08 22128]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-04 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-09-20 57512]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-03-30 105088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-03-30 223872]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-06 1384608]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-01 138912]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2013-01-05 25640]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130104.001\IDSvia64.sys [2012-11-30 513184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-03-30 56448]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-29 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-23 09:21   261624   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-23 09:21   261624   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-23 09:21   261624   ----a-w-   c:\users\a\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.pl/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 10.0.0.1 82.160.1.1
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\nzq1qqmf.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/
FF - ExtSQL: 2013-01-05 09:16; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF - ExtSQL: 2013-01-05 17:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Euro Truck Simulator_is1 - d:\pliki programów (x86)\Euro Truck Simulator\unins000.exe
AddRemove-Gadu-Gadu 10 - d:\gg\Gadu-Gadu 10\Uninstall.exe
AddRemove-Glory of the Roman Empire - d:\pliki programów (x86)\Glory of the Roman Empire\Uninstall\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4290000085-330791910-2155845305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4290000085-330791910-2155845305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-01-05  22:29:01
ComboFix-quarantined-files.txt  2013-01-05 21:29
.
Przed: 158 576 934 912 bajtów wolnych
Po: 158 185 541 632 bajtów wolnych
.
- - End Of File - - A833BF60E71026F68A396E9351B35195
Nic konkretnego. Jeszcze odpalę sprawdzanie dysku. Jak nic nie wyskoczy to format :|
 

0 użytkowników i 1 Gość przegląda ten wątek.
0 użytkowników
Do góry