Taskmgr a Svchost zatěžují CPU na 100%

Zpráva

SUP_AZC · #1 Příspěvek od **SUP_AZC** » 02 říj 2011 19:03

Dobrý den

Prosím o radu. Na NB mam nainstalovány Visty Home Basic, které startují cca 5min a když naběhnou tak je CPU vytížené na 100% a nejde nic dělat. V nouzovém režimu je to stejné. Občas Visty vytuhnou úplně. Mohl by mi někdo prosím pomoci. Udělal jsem si log z ComboFixu, ale já tam nic nevidím (v mém případě to není až tak překvapující

)

ComboFix 11-09-30.05 - Lenka 30.09.2011 20:56:40.2.2 - x86
Spuštěný z: G:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40804,9440618518
c:\program files\RegGenie\Backups\40805,7730700116
c:\program files\RegGenie\RegGenie.ini
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\RegGenieOnUninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 20:35 . 2011-09-30 20:38 -------- d-----w- c:\users\Lenka\AppData\Local\temp
2011-09-30 20:35 . 2011-09-30 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-30 18:37 . 2011-09-30 18:37 87608 ----a-w- c:\users\Lenka\AppData\Roaming\inst.exe
2011-09-30 17:05 . 2011-09-30 17:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8387142-6CEB-4379-A413-2F4E4CCF719E}\offreg.dll
2011-09-30 17:05 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8387142-6CEB-4379-A413-2F4E4CCF719E}\mpengine.dll
2011-09-29 19:04 . 2011-09-29 19:04 -------- d-----w- C:\Intel
2011-09-29 18:56 . 2011-09-29 18:56 -------- d-----w- c:\users\Lenka\AppData\Local\ApplicationHistory
2011-09-28 22:01 . 2011-09-28 22:01 -------- d-----w- c:\users\Lenka\AppData\Roaming\Avira
2011-09-25 18:05 . 2011-09-25 18:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-09-19 16:36 . 2011-09-19 16:36 -------- d-----w- c:\users\Lenka\AppData\Roaming\RegGenie
2011-09-18 21:08 . 2011-09-18 21:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-09-16 13:11 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-16 13:11 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-16 13:11 . 2011-09-16 13:11 -------- d-----w- c:\programdata\Avira
2011-09-16 13:11 . 2011-09-16 13:11 -------- d-----w- c:\program files\Avira
2011-09-15 18:22 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 22:32 . 2011-09-14 22:32 -------- d-----w- c:\users\Lenka\AppData\Roaming\Malwarebytes
2011-09-14 22:32 . 2011-09-14 22:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 13:50 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-12 13:50 . 2011-07-22 03:00 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-09-12 13:50 . 2011-07-22 02:46 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-09-12 13:50 . 2011-07-22 02:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-09-12 13:50 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\system32\wininet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 18:37 . 2009-11-01 08:28 47360 ----a-w- c:\users\Lenka\AppData\Roaming\pcouffin.sys
2011-09-14 21:18 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-14 10:39 . 2009-11-06 18:04 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-11 13:25 . 2011-08-25 19:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 23:35 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-08 07:29 . 2011-07-31 15:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 178712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 154136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-11-28 00:40 298536 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:34 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed]
2008-12-09 08:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-02-18 16:00 177720 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 14:23 31744 ----a-w- c:\program files\RotateImage\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2009-07-29 14:52 1024512 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-05-18 16:28 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-03-10 20:44 506936 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"McAfee Managed Services Tray"=c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
"MVS Splash"=c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-27 24880]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-31 4232704]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\DRIVERS\vwmfbus.sys [2009-11-11 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfdiag.sys [2009-11-11 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\DRIVERS\vwmfmdfl.sys [2009-11-11 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\DRIVERS\vwmfmdm.sys [2009-11-11 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfserd.sys [2009-11-11 100224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2008-08-07 202048]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 691696]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-05-13 20:23 117248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\h8mj7kva.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-avast - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-EPSON BX610FW Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJU.EXE
MSConfigStartUp-HP Health Check Scheduler - c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-IAAnotif - c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSConfigStartUp-ioCentre - c:\genius\ioCentre\gTaskBar.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 22:36
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-09-30 22:59:36
ComboFix-quarantined-files.txt 2011-09-30 20:59
ComboFix2.txt 2011-09-14 21:03
.
Před spuštěním: Volných bajtů: 148 668 657 664
Po spuštění: Volných bajtů: 148 208 828 416
.
- - End Of File - - 11B9D06A248AA9C126B67D1C562A9E49

#2 Příspěvek od **Rudy** » 02 říj 2011 19:36

Zdravím!
1. Zbytky po dřívějším antiviru symantec odinstalujte pomocí SymNrt: http://www.techspot.com/downloads/1437- ... ymnrt.html .
2. CF řadu položek smazal. Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\pdfforge Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

SUP_AZC · #3 Příspěvek od **SUP_AZC** » 02 říj 2011 22:37

Velmi děkuji za radu. Problém bohužel stále trvá. Sice už jde alespoň po startu systému spustit správce úloh, ale pořád se na tom pracovat smysluplně nedá. Všimnul jsem si, že při startu extrémně také zatěžuje systém avira. Poté co naběhne už ale běží v pořádku a pak opět přijde na řadu taskmgr a svchost. Další věc, které jsem si všimnul je, že mi pořád problikává ledka od HDD.

#4 Příspěvek od **Rudy** » 03 říj 2011 16:53

Dejte log CF po posledním skenu.

SUP_AZC · #5 Příspěvek od **SUP_AZC** » 03 říj 2011 22:58

Tady je nový scan z CF.

ComboFix 11-10-03.01 - Lenka 03.10.2011 19:47:49.4.2 - x86
Spuštěný z: c:\users\Lenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lenka\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-03 do 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 19:18 . 2011-10-03 19:20 -------- d-----w- c:\users\Lenka\AppData\Local\temp
2011-10-03 19:18 . 2011-10-03 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-03 17:03 . 2011-10-03 17:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8387142-6CEB-4379-A413-2F4E4CCF719E}\offreg.dll
2011-09-30 18:37 . 2011-09-30 18:37 87608 ----a-w- c:\users\Lenka\AppData\Roaming\inst.exe
2011-09-30 17:05 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8387142-6CEB-4379-A413-2F4E4CCF719E}\mpengine.dll
2011-09-29 19:04 . 2011-09-29 19:04 -------- d-----w- C:\Intel
2011-09-29 18:56 . 2011-09-29 18:56 -------- d-----w- c:\users\Lenka\AppData\Local\ApplicationHistory
2011-09-28 22:01 . 2011-09-28 22:01 -------- d-----w- c:\users\Lenka\AppData\Roaming\Avira
2011-09-25 18:05 . 2011-09-25 18:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-09-19 16:36 . 2011-09-19 16:36 -------- d-----w- c:\users\Lenka\AppData\Roaming\RegGenie
2011-09-18 21:08 . 2011-09-18 21:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-09-16 13:11 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-16 13:11 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-16 13:11 . 2011-09-16 13:11 -------- d-----w- c:\programdata\Avira
2011-09-16 13:11 . 2011-09-16 13:11 -------- d-----w- c:\program files\Avira
2011-09-15 18:22 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 22:32 . 2011-09-14 22:32 -------- d-----w- c:\users\Lenka\AppData\Roaming\Malwarebytes
2011-09-14 22:32 . 2011-09-14 22:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 13:50 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-12 13:50 . 2011-07-22 03:00 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-09-12 13:50 . 2011-07-22 02:46 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-09-12 13:50 . 2011-07-22 02:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-09-12 13:50 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\system32\wininet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 18:37 . 2009-11-01 08:28 47360 ----a-w- c:\users\Lenka\AppData\Roaming\pcouffin.sys
2011-09-14 21:18 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-14 10:39 . 2009-11-06 18:04 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-11 13:25 . 2011-08-25 19:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 23:35 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-08 07:29 . 2011-07-31 15:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 178712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 154136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-11-28 00:40 298536 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 22:34 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed]
2008-12-09 08:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-02-18 16:00 177720 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 14:23 31744 ----a-w- c:\program files\RotateImage\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-05-18 16:28 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-03-10 20:44 506936 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"McAfee Managed Services Tray"=c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
"MVS Splash"=c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-31 4232704]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\DRIVERS\vwmfbus.sys [2009-11-11 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfdiag.sys [2009-11-11 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\DRIVERS\vwmfmdfl.sys [2009-11-11 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\DRIVERS\vwmfmdm.sys [2009-11-11 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfserd.sys [2009-11-11 100224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2008-08-07 202048]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 691696]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-27 24880]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-05-13 20:23 117248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\h8mj7kva.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3640)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-03 21:43:15
ComboFix-quarantined-files.txt 2011-10-03 19:42
ComboFix2.txt 2011-10-02 23:28
.
Před spuštěním: Volných bajtů: 149 640 491 008
Po spuštění: Volných bajtů: 149 612 265 472
.
- - End Of File - - E714EEEE1FB5CD9B3DB09837766C1244

#6 Příspěvek od **Rudy** » 04 říj 2011 17:04

Log již vypadá OK. Zkuste obnovu systému k datu, kdy korketně fungoval.

VIRY.CZ

Taskmgr a Svchost zatěžují CPU na 100%

Taskmgr a Svchost zatěžují CPU na 100%

Re: Taskmgr a Svchost zatěžují CPU na 100%

Re: Taskmgr a Svchost zatěžují CPU na 100%

Re: Taskmgr a Svchost zatěžují CPU na 100%

Re: Taskmgr a Svchost zatěžují CPU na 100%

Re: Taskmgr a Svchost zatěžují CPU na 100%