Explorer.exe vyťažuje CPU na 50%

Zpráva

#16 Příspěvek od **Rudy** » 18 led 2013 19:15

John Polak píše:Chcel som len vedieť, či pri možnosti vypnuť obnovenie systému, ktoré sa doporučuje v návode neprídem o súbory.

Nepřjdete. Smaží se pouze zálohy systému. AVPTool zkuste.

John Polak · #17 Příspěvek od **John Polak** » 19 led 2013 18:55

Po dokončení skenovania som chcel uložiť log, tak ako je to opísané v bode 7, lenže záložka Detected threats je prázdna a tlačítko save je teda neaktívne. Jediné aktívne tlačítko save bolo to v zložke Automatic Scan report. Textový súbor, ktorý som z programu uložil má ale 108Mb a jediný program v ktorom ho je možné otvoriť, bez toho aby prestal reagovať je WordPad. Skúsil som to po druhý krát, ale záložka Detected threats bola opäť prázdna. Jediné čo sa zmenilo bola veľkosť textového súboru, ktorý som uložil z Automatic Scan report. Ten mal teraz 184Mb.

#18 Příspěvek od **Rudy** » 19 led 2013 19:35

Scan report je mi k ničemu, tam najdu jen to, co kontroloval. Pokud je log prázdný, znamená to, že AVP nic nenašel.

John Polak · #19 Příspěvek od **John Polak** » 19 led 2013 20:13

Tiež som si to myslel, pre istotu som to ale napísať musel. Existuje ešte niaky respektíve viete o niakom spôsobe, ktorý by mi pomohol znížiť vyťaženie procesora?

#20 Příspěvek od **Rudy** » 19 led 2013 21:02

Otevřte správce úloh a zjistěte, který proces nejvíce zatěžuje systém.

John Polak · #21 Příspěvek od **John Polak** » 19 led 2013 21:36

Najviac systém zaťažuje už spomínaný explorer.exe (windows prieskumník). Neviem či to niako pomôže, ale urobil som log z ComboFix:

ComboFix 13-01-17.04 - John . 01. 2013 20:47:29.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1793 [GMT 1:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\cseDVH.dll
c:\windows\system32\jucheck.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\Mcx1.JOHNPAVILION\AppData\Local\temp
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\Mcx1.JOHNPAVILION.000\AppData\Local\temp
2013-01-19 20:00 . 2013-01-19 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 19:40 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{135D6F74-1AD9-4483-8EE2-5E4A5F0168F1}\mpengine.dll
2013-01-18 19:53 . 2013-01-18 19:53 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-18 15:33 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 16:50 . 2013-01-17 16:50 -------- d-----w- C:\rsit
2013-01-15 21:43 . 2013-01-15 21:43 -------- d-----w- c:\users\John\AppData\Local\.inapptracking
2013-01-15 21:02 . 2013-01-15 21:43 -------- d-----w- c:\program files\Sonic Generations
2013-01-10 01:59 . 2013-01-10 01:59 -------- d-----w- c:\users\John\AppData\Roaming\SYSTEMAX Software Development
2013-01-10 01:59 . 2013-01-10 01:59 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2013-01-05 23:55 . 2013-01-05 23:55 -------- d-----w- c:\program files\VstPlugins
2012-12-22 13:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 13:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:14 . 2012-08-06 11:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:14 . 2012-07-03 21:42 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:36 . 2012-12-12 11:50 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29 . 2012-12-12 11:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-12 11:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-12 11:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-12 11:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-12 11:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-12 11:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-12 11:50 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-12 11:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-09 07:11 . 2012-12-12 11:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-08 18:00 . 2012-12-08 01:12 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DFDB6AE-D6AA-4C5A-8FDA-F4CB08FD5A65}\mpengine.dll
2012-11-02 10:18 . 2012-12-12 11:50 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 11:50 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-23 05:04 . 2012-12-10 02:48 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F581DF3-4A55-4000-912B-9730A6BF175D}\gapaengine.dll
2011-10-09 13:37 . 2011-10-09 13:37 36868 ----a-w- c:\program files\uninst-Particular.exe
2013-01-19 03:40 . 2013-01-19 03:38 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{133232D2-DAE3-4B6F-AAC2-17CD87495682}]
2012-09-28 12:56 301456 ----a-w- c:\program files\iSkysoft\iTube Studio\SVRIEPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-24 319792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Camera Monitor HD.lnk]
backup=c:\windows\pss\Camera Monitor HD.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2012-05-03 18:07 217256 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2008-06-24 14:11 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyDownloads]
2011-10-10 13:05 845848 ----a-w- c:\program files\Easy Downloads\easydownloads.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-02 07:45 133104 ----atw- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 11:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
2012-05-20 22:25 86016 ----a-w- c:\program files\QuickTime\Plugins\DeleteMe1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 11:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 16:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-24 20:05 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 81381181
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 17:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mh9k277a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=
FF - ExtSQL: 2012-12-20 01:21; {9193F654-D886-4fef-8894-A97EF6623104}; c:\program files\iSkysoft\iTube Studio\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2009-08-11 03:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-blekkotb_031 - c:\program files\blekkotb_031\uninstall.exe
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\CToolbar.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 21:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x00350030
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*]
@Allowed: (Read) (RestrictedCode)
"Port"="-1"
"Sync"="0"
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*Ů*4*: ]
@Allowed: (Read) (RestrictedCode)
"Port"="-1"
"Sync"="0"
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ed,0c,b5,22,f2,46,ba,d9,25,9e,29,bf,ce,af,92,b0,5d,04,ab,41,e0,88,23,
3d,a8,03,d4,2a,50,de,e3,db,00,b2,0b,ea,5b,35,27,12,b5,95,a7,ae,59,41,5e,35,\
"??"=hex:8d,7a,9d,23,ae,e5,2b,44,27,26,a2,71,2e,ab,88,a7
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\SecuROM\License information*]
"datasecu"=hex:21,85,5a,14,aa,8f,ee,03,0c,ff,a5,9e,4d,9e,5f,d0,f3,10,97,3c,1d,
74,c7,9a,f7,72,1e,9a,9c,a2,3b,25,7b,92,7a,4e,74,f9,17,1c,9a,e5,d8,a1,2a,03,\
"rkeysecu"=hex:57,57,02,ed,96,cd,3f,95,be,33,b2,8f,1e,6d,3f,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2013-01-19 21:02:50
ComboFix-quarantined-files.txt 2013-01-19 20:02
.
Pre-Run: 9 946 165 248 bytes free
Post-Run: 10 001 436 672 bytes free
.
- - End Of File - - 8B3AB679D691F90C3134D8E272CC6351

#22 Příspěvek od **Rudy** » 19 led 2013 22:55

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Firefox::
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mh9k277a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=
FF - ExtSQL: 2012-12-20 01:21; {9193F654-D886-4fef-8894-A97EF6623104}; c:\program files\iSkysoft\iTube Studio\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2009-08-11 03:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);

Regnull::
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*]
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*Ů*4*: ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Device Parameters\MODES]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Device Parameters\MODES]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Device Parameters\MODES]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

John Polak · #23 Příspěvek od **John Polak** » 20 led 2013 00:13

Bohužial zostalo všetko pri starom, CPU je stále na 50%. Prikladám log, ktorý po akcií Combofix vytvoril:

ComboFix 13-01-17.04 - John . 01. 2013 23:44:05.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1894 [GMT 1:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 22:57 . 2013-01-19 22:57 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-01-19 22:57 . 2013-01-19 22:57 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-01-19 22:57 . 2013-01-19 22:57 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-01-19 22:57 . 2013-01-19 22:57 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-01-19 22:57 . 2013-01-19 22:57 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\Mcx1.JOHNPAVILION\AppData\Local\temp
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\Mcx1.JOHNPAVILION.000\AppData\Local\temp
2013-01-19 22:55 . 2013-01-19 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 22:41 . 2013-01-19 22:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B95EA7-F394-47F7-AED3-B346061335ED}\MpKsle1a5c9ca.sys
2013-01-19 20:28 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B95EA7-F394-47F7-AED3-B346061335ED}\mpengine.dll
2013-01-18 19:53 . 2013-01-18 19:53 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-18 15:33 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 16:50 . 2013-01-17 16:50 -------- d-----w- C:\rsit
2013-01-15 21:43 . 2013-01-15 21:43 -------- d-----w- c:\users\John\AppData\Local\.inapptracking
2013-01-15 21:02 . 2013-01-15 21:43 -------- d-----w- c:\program files\Sonic Generations
2013-01-10 01:59 . 2013-01-10 01:59 -------- d-----w- c:\users\John\AppData\Roaming\SYSTEMAX Software Development
2013-01-10 01:59 . 2013-01-10 01:59 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2013-01-05 23:55 . 2013-01-05 23:55 -------- d-----w- c:\program files\VstPlugins
2012-12-22 13:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 13:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:14 . 2012-08-06 11:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:14 . 2012-07-03 21:42 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:36 . 2012-12-12 11:50 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29 . 2012-12-12 11:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-12 11:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-12 11:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-12 11:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-12 11:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-12 11:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-12 11:50 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-12 11:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-09 07:11 . 2012-12-12 11:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-08 18:00 . 2012-12-08 01:12 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DFDB6AE-D6AA-4C5A-8FDA-F4CB08FD5A65}\mpengine.dll
2012-11-02 10:18 . 2012-12-12 11:50 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 11:50 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-23 05:04 . 2012-12-10 02:48 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F581DF3-4A55-4000-912B-9730A6BF175D}\gapaengine.dll
2011-10-09 13:37 . 2011-10-09 13:37 36868 ----a-w- c:\program files\uninst-Particular.exe
2013-01-19 03:40 . 2013-01-19 03:38 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{133232D2-DAE3-4B6F-AAC2-17CD87495682}]
2012-09-28 12:56 301456 ----a-w- c:\program files\iSkysoft\iTube Studio\SVRIEPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-24 319792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Camera Monitor HD.lnk]
backup=c:\windows\pss\Camera Monitor HD.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2012-05-03 18:07 217256 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2008-06-24 14:11 81920 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyDownloads]
2011-10-10 13:05 845848 ----a-w- c:\program files\Easy Downloads\easydownloads.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-02 07:45 133104 ----atw- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 11:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
2012-05-20 22:25 86016 ----a-w- c:\program files\QuickTime\Plugins\DeleteMe1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 11:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 16:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-24 20:05 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 17:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mh9k277a.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.sk/
FF - ExtSQL: 2012-12-20 01:21; {9193F654-D886-4fef-8894-A97EF6623104}; c:\program files\iSkysoft\iTube Studio\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2009-08-11 03:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 23:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*]
@Allowed: (Read) (RestrictedCode)
"Port"="-1"
"Sync"="0"
.
[HKEY_USERS\S-1-5-21-659378477-1455029623-1264168397-1000\Software\Image-Line\FL Studio 10\Devices\MIDI output\"!n*Ů*4*: ]
@Allowed: (Read) (RestrictedCode)
"Port"="-1"
"Sync"="0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,69,00,6e,00,66,00,
3a,00,47,00,65,00,6e,00,65,00,72,00,69,00,63,00,2e,00,4e,00,54,00,78,00,38,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,30,00,2e,00,36,00,30,00,30,00,31,00,2e,00,31,00,38,00,
30,00,30,00,30,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,4e,00,6f,00,6e,00,
2d,00,50,00,6e,00,50,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,69,00,6e,00,66,00,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4e,00,6f,00,6e,00,50,00,6e,00,50,00,4d,00,6f,00,6e,00,69,00,74,00,
6f,00,72,00,2e,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,5c,00,64,00,65,00,66,00,
61,00,75,00,6c,00,74,00,5f,00,6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,00,ff,0d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,32,00,37,00,2e,00,69,00,6e,00,66,00,3a,00,48,00,
50,00,3a,00,77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID1048832\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,32,00,37,00,2e,00,69,00,6e,00,66,00,3a,00,48,00,
50,00,3a,00,77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,c0,e1,a4,db,14,c7,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:32,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,20,00,77,00,32,00,30,00,30,00,37,00,20,00,57,00,69,00,
64,00,65,00,20,00,4c,00,43,00,44,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,32,00,37,00,2e,00,69,00,6e,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,00,
74,00,61,00,6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,5c,00,68,00,77,00,70,00,
32,00,36,00,61,00,36,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID16777472\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,00,ff,0d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,32,00,37,00,2e,00,69,00,6e,00,66,00,3a,00,48,00,
50,00,3a,00,77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,c0,e1,a4,db,14,c7,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:32,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,20,00,77,00,32,00,30,00,30,00,37,00,20,00,57,00,69,00,
64,00,65,00,20,00,4c,00,43,00,44,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6f,00,65,00,6d,00,32,00,37,00,2e,00,69,00,6e,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:77,00,32,00,30,00,30,00,37,00,5f,00,41,00,2e,00,49,00,6e,00,73,00,
74,00,61,00,6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,5c,00,68,00,77,00,70,00,
32,00,36,00,61,00,36,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:48,00,50,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A6\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,00,ff,0d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,69,00,6e,00,66,00,
3a,00,47,00,65,00,6e,00,65,00,72,00,69,00,63,00,2e,00,4e,00,54,00,78,00,38,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
@DACL=(02 0000)
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,30,00,2e,00,36,00,30,00,30,00,31,00,2e,00,31,00,38,00,
30,00,30,00,30,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,50,00,6e,00,50,00,
20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:6d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,69,00,6e,00,66,00,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:50,00,6e,00,50,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,
49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:2a,00,70,00,6e,00,70,00,30,00,39,00,66,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
@DACL=(02 0000)
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM04FA\5&2589760d&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000E\00000000]
@DACL=(02 0000)
"Type"=hex:07,00,00,00
"Data"=hex:00,20,ff,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1228)
c:\program files\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DCPFLICS\DCPFLICS.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Completion time: 2013-01-20 00:03:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 23:03
ComboFix2.txt 2013-01-19 20:02
.
Pre-Run: 10 047 475 712 bytes free
Post-Run: 10 018 160 640 bytes free
.
- - End Of File - - C0912BEC16DA2FF3327763856D663732

#24 Příspěvek od **Rudy** » 20 led 2013 11:18

Log je již OK. explorer.exe není průzkumník, ale zobrazení plochy. nechápu, co tam máte, aby byla takováto zátěž. Podívejte se do Users\John\ a klikněte na adresář Desktop pravým myšítkem>vlestnosti a zjistěte velikost adresáře.

John Polak · #25 Příspěvek od **John Polak** » 20 led 2013 19:29

Veľkosť priečinku Pracovná plocha je 16GB. Takmer všetko to sú zložky zo súbormy, zbytok sú niekoľko KB-ové odkazy na programi. Skúsil som všetky tie zložky so súbormi vložiť do jednej a tú potom presunúť do priečinka Dokumenty. Pre istotu som ešte reštartoval systém, ale s procesorom to ani nepohlo. Keď som presúval tie zložky, natrafil som na dve, ktoré mi už dlhšie robili problém. V tom zmysle, že vždy keď ich otvorým, explorer.exe okamžite stúpne na 100%. Úplne som na ne zabudol, takže možno to bude práve nimi. Sú to zložky programu GameBooster, ktorý slúži na dočasné zvýšenie výkonu počítača. Do týchto zložiek sa potom ukladajú videá a screenshoty. Konkrétne ja tam mám niake videá, ktorých som sa už niekoľkokrát pokúšal zbaviť. Lenže vždy keď sa to pokúsim odstrániť, či už zložku alebo súbor (video) samotný, objavý sa klasické okno že sa súbory odstraňujú a ďalej sa nič nedeje. Jediné čo sa dá potom robiť je ukončiť proces explorer.exe a znova ho zapnúť.

GameBooster som už teraz odinštaloval. zložky by som chcel odstrániť pomocou programu ComboFix, neviem ale či stačí napísať do scritpu len toto:

KillAll::

C:\Users\John\Desktop\Game Booster
C:\Users\John\Desktop\FPS

Reboot::

#26 Příspěvek od **Rudy** » 20 led 2013 19:43

16GB na ploše je nepřiměřeně mnoho. Data někam přesuňte a na plochu umístěte pouze zástupce.

John Polak · #27 Příspěvek od **John Polak** » 20 led 2013 20:16

,,Skúsil som všetky tie zložky so súbormi vložiť do jednej a tú potom presunúť do priečinka Dokumenty. Pre istotu som ešte reštartoval systém, ale s procesorom to ani nepohlo". Skúsil by som odstrániť spomínané zložky programu GameBooster pomocou skriptu. Neviem ale, či ho stačí napísať tak, ako som ho napísal vyššie.

#28 Příspěvek od **Rudy** » 20 led 2013 21:11

Stáhněte a spusťte ProcessExplorer: http://www.stahuj.centrum.cz/utility_a_ ... -explorer/ . Je to sofidtikovanější správce úloh. Možná zobrazí podrobnosti o těch procesech. Pokud vám něco vytěžuje CPU, musí to být někde vidět.

John Polak · #29 Příspěvek od **John Polak** » 20 led 2013 21:51

Po spustení programu je vydieť, že najviac procesor vyťažuje proces s názvom System Idle Process (20%) a explorer.exe (50%). Procesor je teraz vyťažený asi na 85%.
Predpokladám, že System Idle Process bude asi firefox. Podľa správcu úloh zaťažuje CPU na 20, takže by to mal byť on. Keď som klikol na proces explorer.exe, v záložke Threads mi program ukazuje niekoľko procesov, z toho jeden ntdll.dll!RtlSizeHeap+0x64e vyťažuje CPU na 50%.

Neviem či to na niečo bude ale radšej to napíšem.
Informácie zo stĺpcov: TID:2416 / CPU:45 / Cycles Delta: 1 950 000 000 / Start Adress: ntdll.dll!RtlSizeHeap+0x64e

Keď som klikol na ntdll.dll!RtlSizeHeap+0x64 objavilo sa okno Stack for thread 2416, kde bolo vypísane toto:

ntdll.dll!KiFastSystemCallRet
MSVCR80.dll!putch+0x243
MSVCR80.dll!read+0xc0
MSVCR80.dll!filbuf+0x78
MSVCR80.dll!fread_s+0x75
MSVCR80.dll!fread+0x17
DirectShowDemuxFilter.dll!DllUnregisterServer+0x552a4
DirectShowDemuxFilter.dll!DllUnregisterServer+0x52efc

Neviem či je táto informácia dôležitá, ale radšej som to napísal.

#30 Příspěvek od **Rudy** » 20 led 2013 21:58

System Idle Process je de facto rezerva syst.prostředků (nečinné procesy). Virový problém to na 99% není. Zkuste vypnout náhledy videí a obrázků.

VIRY.CZ

Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%

Re: Explorer.exe vyťažuje CPU na 50%