Procesor jede porad na 100%

[tombo]

Dobry vecer. Na notebooku mi jede procesor porad na 95 az 100% a to i kdyz zrovna na nem nic nedelam. Ve spravci uloh vidim, ze cca 80 az 90 % zere proces system. Mam tedy podezreni na viry. Spustil jsem combofix ale nepomohlo to, posilam log:


ComboFix 10-01-18.03 - Tom 19.01.2010 18:04:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.582 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcmwl5.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 16:44 . 2010-01-19 16:48 3828930 ----a-r- C:\ComboFix.exe
2010-01-18 22:23 . 2010-01-18 22:24 -------- d-----w- c:\windows\system32\NtmsData
2010-01-17 21:20 . 2010-01-19 16:45 -------- d-----w- C:\12345

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 16:38 . 2009-01-22 11:15 79086 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 16:38 . 2009-01-22 11:15 430582 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 10:16 . 2009-12-12 10:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 10:16 . 2009-12-12 10:16 -------- d-----w- c:\program files\Java
2009-12-09 19:05 . 2009-12-09 19:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-09 19:05 . 2009-12-09 19:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-09 19:04 . 2009-12-09 19:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-09 19:04 . 2009-12-09 19:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-09 19:04 . 2009-12-09 19:04 -------- d-----w- c:\program files\AVG
2009-12-08 20:10 . 2009-12-08 20:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-06 20:37 . 2009-12-06 20:37 0 ----a-w- c:\windows\nsreg.dat
2009-11-21 16:03 . 2009-01-22 11:15 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 14:39 . 2009-05-03 16:43 8722 ----a-w- c:\windows\hh.dat
2009-10-29 07:45 . 2009-01-22 11:15 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2009-01-22 11:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2009-01-22 11:15 17408 ----a-w- c:\windows\system32\corpol.dll
2009-05-09 10:24 . 2009-05-09 10:20 102 ----a-w- c:\program files\z.bat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-06-19 499712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-02 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-09 19:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TMMonitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tom^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Tom\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 11:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-22 03:36 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-03 20:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-04-30 20:57 10752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2009 20:44 639224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.12.2009 20:04 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.12.2009 20:05 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9.12.2009 20:04 285392]
R2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [3.5.2009 16:13 608768]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 4:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [3.5.2009 21:29 145408]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [29.8.2009 12:51 74912]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [29.8.2009 12:51 32288]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22.1.2009 4:36 24064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 4:24 160256]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [29.8.2009 12:51 41120]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0509&m=aspire_one
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {51C30ECB-0BA3-4E2B-B8B7-9CC84B42DAEB} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Tom\Data aplikací\Mozilla\Firefox\Profiles\qzuo2n9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-IR_SERVER - c:\program files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 18:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8675C1D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7601f28
\Driver\ACPI -> ACPI.sys @ 0xf7405cb8
\Driver\atapi -> atapi.sys @ 0xf72f2b40
\Driver\iaStor -> 0x8675c1d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71b6bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71c3a21
SendHandler -> NDIS.sys @ 0xf71a187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\orcad\license_manager\cdslmd.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\CNAC3RPK.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\M3000\M3000Mnt.exe
c:\docume~1\Tom\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-19 18:24:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-19 17:24

Před spuštěním: Volných bajtů: 68 736 114 688
Po spuštění: Volných bajtů: 70 410 989 568

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - AB24D77FA22E809B335FC4430695D6B8

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[tombo]

Log prilozen vyse...

[Rudy]

OK. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\program files\z.bat

Mbr::

Uložte nha plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[tombo]

Provedeno, zadna zmena, CPU stale 100%

[Rudy]

Který proces vytěžuje systém nejvíc?

[tombo]

Nejvic vytezuje system proces "System"

[Rudy]

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

[tombo]

Test probehl, ale nepomohlo to, zde jsou vysledky:

20.1.2010 20:55:57 Task started
20.1.2010 23:21:11 Task completed

[Rudy]

Pokud AVP nic nenašel, PC bude čisté. Co jste instaloval těsně před tím, než se problém objevil?

[tombo]

Jiz to tak je delsi dobu, takze nevim... vypada to na preinstalovani systemu.

[Rudy]

Ještě zkuste reinstalovat antivir a vypnout aut. aktualizace.

[tombo]

antivir jsem odinstaloval uplne a aktualizace vypnul, nepomohlo

[Rudy]

Zkuste nejdřív opravu systému z instal. media. Pokud by jste nebyl úsoěšný, potom reinstal.