Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

system idle process zatazuje moc CPU

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

system idle process zatazuje moc CPU

#1 Příspěvek od mirko213 »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Miro at 2010-04-10 20:49:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (22%) free of 20 GB
Total RAM: 3583 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:05, on 10. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\Miro\Desktop\RSIT.exe
C:\Program Files\trend micro\Miro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2405280
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://registration.ubi.com/redirect.htm
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miro\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miro\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Miro\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4EF189C-DBB9-4D63-A5FD-A13C6E32E87A}: NameServer = 188.123.97.2,188.123.106.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9a95edcc9492e) (gupdate1c9a95edcc9492e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10046 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Miro\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-06-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-05-14 29831168]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-11-15 921600]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-12-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\HRY\FEAR\FEAR.exe"="E:\HRY\FEAR\FEAR.exe:*:Enabled:FEAR"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\HRY\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\HRY\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\HRY\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\HRY\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"E:\HRY\FlatOut 2\flatout2.exe"="E:\HRY\FlatOut 2\flatout2.exe:*:Enabled:flatout2"
"E:\HRY\Left4Dead\hl2.exe"="E:\HRY\Left4Dead\hl2.exe:*:Enabled:hl2"
"E:\HRY\Left4dead\left4dead.exe"="E:\HRY\Left4dead\left4dead.exe:*:Enabled:left4dead"
"E:\HRY\FIFA 09\FIFA09.exe"="E:\HRY\FIFA 09\FIFA09.exe:*:Enabled:FIFA09"
"E:\HRY\NHL09\nhl2009.exe"="E:\HRY\NHL09\nhl2009.exe:*:Enabled:nhl2009"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\HRY\CS\CS1.6\hl.exe"="E:\HRY\CS\CS1.6\hl.exe:*:Enabled:Half-Life Launcher"
"E:\HRY\CS\CS1.6\hlds.exe"="E:\HRY\CS\CS1.6\hlds.exe:*:Enabled:HLDS Launcher"
"E:\HRY\Tom Clancy's H.A.W.X\HAWX.exe"="E:\HRY\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:HAWX"
"E:\HRY\Assassin's Creed\AssassinsCreed_Dx9.exe"="E:\HRY\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\HRY\Assassin's Creed\AssassinsCreed_Dx10.exe"="E:\HRY\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\HRY\Assassin's Creed\AssassinsCreed_Launcher.exe"="E:\HRY\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\HRY\Counter-Strike Source\hl2.exe"="E:\HRY\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"E:\HRY\Call of Duty 6 - Modern Warfare 2\iw4mp.exe"="E:\HRY\Call of Duty 6 - Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"E:\HRY\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\HRY\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\HRY\GRID\GRID.exe"="E:\HRY\GRID\GRID.exe:*:Enabled:GRID Executable"
"E:\HRY\DiRT2\dirt2_game.exe"="E:\HRY\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"E:\HRY\Left 4 Dead 2\left4dead2.exe"="E:\HRY\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\HRY\Crysis\Bin32\Crysis.exe"="E:\HRY\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\HRY\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\HRY\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam 732897"
"E:\HRY\Need for Speed Carbon\NFSC.exe"="E:\HRY\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-10 20:49:40 ----D---- C:\rsit
2010-04-10 20:49:40 ----D---- C:\Program Files\trend micro
2010-04-07 14:21:43 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-06 17:40:13 ----D---- C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-06 17:40:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-06 17:38:44 ----D---- C:\Documents and Settings\Miro\Application Data\Prison Break
2010-04-03 18:45:28 ----D---- C:\Program Files\Softonic-Eng7
2010-03-30 16:07:08 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-29 12:32:21 ----D---- C:\Documents and Settings\Miro\Application Data\National Instruments
2010-03-29 12:32:20 ----D---- C:\Program Files\Common Files\Bcgsoft
2010-03-29 12:30:02 ----D---- C:\Program Files\HI-TECH Software
2010-03-29 12:27:57 ----D---- C:\Documents and Settings\All Users\Application Data\National Instruments
2010-03-29 12:27:40 ----D---- C:\WINDOWS\system32\cvirte
2010-03-29 12:27:40 ----D---- C:\Program Files\Common Files\Merge Modules
2010-03-29 12:27:31 ----D---- C:\Program Files\National Instruments
2010-03-26 14:48:44 ----D---- C:\Program Files\Common Files\Skype
2010-03-22 17:10:15 ----D---- C:\Program Files\Sprint-Layout50 (Demo)
2010-03-19 18:09:05 ----D---- C:\WINDOWS\Album
2010-03-19 18:09:02 ----D---- C:\Program Files\KYE
2010-03-18 14:39:43 ----D---- C:\Documents and Settings\Miro\Application Data\com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1
2010-03-18 14:39:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-03-17 19:32:39 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-03-17 19:32:27 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

======List of files/folders modified in the last 1 months======

2010-04-10 20:49:43 ----D---- C:\WINDOWS\Prefetch
2010-04-10 20:49:40 ----RD---- C:\Program Files
2010-04-10 20:31:07 ----D---- C:\WINDOWS\Temp
2010-04-10 20:28:43 ----D---- C:\Documents and Settings\Miro\Application Data\Skype
2010-04-10 20:07:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 20:06:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-10 20:01:56 ----D---- C:\Documents and Settings\Miro\Application Data\skypePM
2010-04-10 14:32:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-10 10:02:42 ----SHD---- C:\WINDOWS\Installer
2010-04-10 10:02:29 ----D---- C:\Program Files\Google
2010-04-10 09:51:46 ----D---- C:\Documents and Settings\Miro\Application Data\ICQ
2010-04-09 23:13:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-09 14:57:40 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-08 21:54:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 14:16:57 ----D---- C:\WINDOWS
2010-04-07 14:21:47 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-06 19:34:33 ----SD---- C:\WINDOWS\Tasks
2010-04-06 19:33:52 ----SHD---- C:\System Volume Information
2010-04-06 19:33:52 ----D---- C:\WINDOWS\system32\Restore
2010-04-06 17:40:06 ----D---- C:\Program Files\Common Files
2010-04-06 17:39:59 ----D---- C:\WINDOWS\WinSxS
2010-04-06 17:39:44 ----HD---- C:\WINDOWS\inf
2010-04-06 17:39:19 ----RSD---- C:\WINDOWS\assembly
2010-04-06 17:38:59 ----D---- C:\WINDOWS\system32\DirectX
2010-04-06 17:35:20 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 16:09:58 ----D---- C:\Program Files\ATI
2010-04-06 16:09:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-06 16:09:45 ----D---- C:\WINDOWS\system32
2010-04-06 16:09:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-06 15:58:07 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-04-06 15:57:58 ----A---- C:\WINDOWS\system32\pbsvc.exe
2010-04-02 21:51:38 ----D---- C:\Documents and Settings\Miro\Application Data\uTorrent
2010-04-02 21:41:59 ----D---- C:\Program Files\uTorrent
2010-04-02 19:26:24 ----D---- C:\Program Files\Mozilla Firefox
2010-03-30 09:07:24 ----D---- C:\Program Files\Steam
2010-03-29 12:28:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-28 08:35:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-23 12:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2010-03-18 23:06:45 ----D---- C:\Documents and Settings\Miro\Application Data\Ubisoft
2010-03-18 23:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-03-18 14:39:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-03-18 14:38:29 ----D---- C:\Documents and Settings\Miro\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-03-18 26844]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-06 281760]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-06 25888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-12-11 4525056]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-08 238080]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 aez66ggh;aez66ggh; C:\WINDOWS\system32\drivers\aez66ggh.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-12-11 602112]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2006-07-25 57344]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2006-02-06 49152]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2005-11-15 495616]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-16 75064]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-06 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 gupdate1c9a95edcc9492e;Google Update Service (gupdate1c9a95edcc9492e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-20 133104]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-06 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




pri zapnutom skype a nejakej hry napr: L4D 2 procesor vytazeny na 100% obydva jadra, strasne lagy skype..... pripajam RSIT log
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#2 Příspěvek od Rudy »

Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#3 Příspěvek od mirko213 »

ComboFix 10-04-10.02 - Miro . 04. 2010 10:28:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3583.3167 [GMT 2:00]
Running from: c:\documents and settings\Miro\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miro\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 19:18 . 2010-04-10 19:18 -------- d-----w- c:\program files\Ask.com
2010-04-10 18:49 . 2010-04-10 18:50 -------- d-----w- C:\rsit
2010-04-10 18:49 . 2010-04-10 18:50 -------- d-----w- c:\program files\trend micro
2010-04-07 12:21 . 2010-04-07 16:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 15:38 . 2010-04-06 15:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Prison Break
2010-04-06 14:09 . 2010-04-06 14:09 10134 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{71CFE572-6C01-96C4-F90E-36C147C98123}\ARPPRODUCTICON.exe
2010-04-03 16:45 . 2010-04-09 20:36 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Softonic-Eng7
2010-04-03 16:45 . 2010-04-04 05:27 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Conduit
2010-04-03 16:45 . 2010-04-03 16:46 -------- d-----w- c:\program files\Softonic-Eng7
2010-03-30 14:07 . 2010-03-30 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\documents and settings\Miro\Application Data\National Instruments
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\program files\Common Files\Bcgsoft
2010-03-29 10:30 . 2010-03-29 10:30 -------- d-----w- c:\program files\HI-TECH Software
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\windows\system32\cvirte
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\National Instruments
2010-03-26 12:48 . 2010-03-26 12:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 15:10 . 2010-03-29 10:40 -------- d-----w- c:\program files\Sprint-Layout50 (Demo)
2010-03-19 21:41 . 2010-03-19 21:41 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\ACDPhotoEditor
2010-03-19 16:09 . 2010-04-02 20:06 -------- d-----w- c:\windows\Album
2010-03-19 16:09 . 2010-03-19 16:09 -------- d-----w- c:\program files\KYE
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\documents and settings\Miro\Application Data\com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1
2010-03-18 12:39 . 2010-03-18 12:38 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-17 17:32 . 2010-03-17 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-17 17:32 . 2010-03-17 17:32 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-17 17:32 . 2010-03-17 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 21:20 . 2009-02-15 14:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Skype
2010-04-10 18:06 . 2009-05-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-10 18:01 . 2009-02-15 14:42 -------- d-----w- c:\documents and settings\Miro\Application Data\skypePM
2010-04-10 08:02 . 2009-03-20 13:22 -------- d-----w- c:\program files\Google
2010-04-10 07:51 . 2009-02-05 20:32 -------- d-----w- c:\documents and settings\Miro\Application Data\ICQ
2010-04-07 12:21 . 2009-02-05 20:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-06 20:13 . 2009-02-26 17:36 912856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-06 15:40 . 2009-02-20 14:22 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-06 15:40 . 2009-02-20 14:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-06 15:35 . 2009-02-06 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 14:09 . 2010-02-05 12:22 -------- d-----w- c:\program files\ATI
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-06 13:57 . 2010-02-04 16:01 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-02 19:51 . 2009-02-08 18:53 -------- d-----w- c:\documents and settings\Miro\Application Data\uTorrent
2010-04-02 19:41 . 2009-02-09 20:09 -------- d-----w- c:\program files\uTorrent
2010-03-30 07:07 . 2009-04-04 14:42 -------- d-----w- c:\program files\Steam
2010-03-29 10:28 . 2009-02-05 19:48 89456 ----a-w- c:\documents and settings\Miro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 10:44 . 2009-02-13 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-03-18 21:06 . 2009-08-14 13:10 -------- d-----w- c:\documents and settings\Miro\Application Data\Ubisoft
2010-03-18 21:06 . 2009-06-14 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-03-04 14:57 . 2010-03-04 14:57 1856000 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-03-01 15:45 . 2009-02-10 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-28 20:38 . 2010-02-28 20:38 85504 ----a-w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab
2010-02-20 11:50 . 2010-02-20 11:13 -------- d-----w- c:\program files\ASUS
2010-02-20 11:12 . 2009-05-28 12:35 -------- d-----w- c:\program files\Realtek
2010-02-19 13:23 . 2009-02-05 20:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 13:12 . 2010-02-19 13:07 10594 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-02-16 17:27 . 2009-02-11 14:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 12:49 . 2010-02-06 12:49 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-06 12:49 . 2010-02-06 12:49 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-05 11:57 . 2010-02-05 11:57 9158 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-02-03 17:32 . 2010-02-03 17:32 50354 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\uninstall.exe
2010-02-03 13:56 . 2009-11-04 12:29 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-02-03 12:56 . 2009-02-16 13:10 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-15 14:57 . 2010-01-15 14:57 53248 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 . 2006-06-07 12:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-5 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam"="c:\program files\steam\steam.exe" -silent
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"au"=c:\program files\Dealio\DealioAU.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\HRY\\FEAR\\FEAR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\HRY\\FlatOut 2\\flatout2.exe"=
"e:\\HRY\\Left4Dead\\hl2.exe"=
"e:\\HRY\\Left4dead\\left4dead.exe"=
"e:\\HRY\\FIFA 09\\FIFA09.exe"=
"e:\\HRY\\NHL09\\nhl2009.exe"=
"e:\\HRY\\CS\\CS1.6\\hl.exe"=
"e:\\HRY\\CS\\CS1.6\\hlds.exe"=
"e:\\HRY\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\HRY\\Counter-Strike Source\\hl2.exe"=
"e:\\HRY\\Call of Duty 6 - Modern Warfare 2\\iw4mp.exe"=
"e:\\HRY\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\HRY\\GRID\\GRID.exe"=
"e:\\HRY\\DiRT2\\dirt2_game.exe"=
"e:\\HRY\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"e:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\HRY\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5. 2. 2009 22:06 691696]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30. 3. 2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5. 2. 2009 22:32 222456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6. 2. 2009 3:50 238080]
S2 gupdate1c9a95edcc9492e;Google Update Service (gupdate1c9a95edcc9492e);c:\program files\Google\Update\GoogleUpdate.exe [20. 3. 2009 15:22 133104]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:22]

2010-04-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://registration.ubi.com/redirect.htm
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Compare Prices with &Dealio - c:\documents and settings\Miro\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {A4EF189C-DBB9-4D63-A5FD-A13C6E32E87A} = 188.123.97.2,188.123.106.66
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\01mc1d0f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://magnetcity.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 10:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwo.sys >>UNKNOWN [0x8AE4D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8102E Family PCI-E Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,02,e3,85,06,ae,5a,8a,51,fb,2d,87,ec,22,6c,ed,fc,c4,e7,23,4b,6a,b0,
c2,51,32,fc,ad,46,df,eb,b2,11,4d,ab,3d,96,fe,30,05,39,70,40,fe,04,44,51,b3,\
"??"=hex:14,b6,ab,ef,ad,02,ca,c9,b5,6a,4c,52,2f,fc,db,19

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,bc,ca,68,fc,e4,4c,26,08,19,2a,2e,23,fd,39,82,cd,87,20,4c,4d,
80,e6,44,2d,51,43,18,90,2e,ec,ef,08,11,64,aa,9b,7d,54,47,5d,4a,24,a8,1e,8a,\
"rkeysecu"=hex:c3,4c,23,79,51,ec,a1,24,26,2e,dc,b4,f6,85,c7,5f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3256)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-11 10:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 08:34

Pre-Run: 6 279 786 496 bytes free
Post-Run: 6 414 934 016 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=BDQOTL

- - End Of File - - 8C99D44C6A01FDA7FAF67FE739FD7C2E
dufam ze som to sprave spravil
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#4 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Collect::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#5 Příspěvek od mirko213 »

ComboFix 10-04-10.02 - Miro . 04. 2010 10:55:53.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3583.3179 [GMT 2:00]
Running from: c:\documents and settings\Miro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miro\Desktop\CFScript.txt
AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


file zipped: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 18:49 . 2010-04-10 18:50 -------- d-----w- C:\rsit
2010-04-10 18:49 . 2010-04-10 18:50 -------- d-----w- c:\program files\trend micro
2010-04-07 12:21 . 2010-04-07 16:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 15:38 . 2010-04-06 15:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Prison Break
2010-04-06 14:09 . 2010-04-06 14:09 10134 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{71CFE572-6C01-96C4-F90E-36C147C98123}\ARPPRODUCTICON.exe
2010-04-03 16:45 . 2010-04-09 20:36 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Softonic-Eng7
2010-04-03 16:45 . 2010-04-04 05:27 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Conduit
2010-04-03 16:45 . 2010-04-03 16:46 -------- d-----w- c:\program files\Softonic-Eng7
2010-03-30 14:07 . 2010-03-30 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\documents and settings\Miro\Application Data\National Instruments
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\program files\Common Files\Bcgsoft
2010-03-29 10:30 . 2010-03-29 10:30 -------- d-----w- c:\program files\HI-TECH Software
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\windows\system32\cvirte
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\National Instruments
2010-03-26 12:48 . 2010-03-26 12:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 15:10 . 2010-03-29 10:40 -------- d-----w- c:\program files\Sprint-Layout50 (Demo)
2010-03-19 21:41 . 2010-03-19 21:41 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\ACDPhotoEditor
2010-03-19 16:09 . 2010-04-02 20:06 -------- d-----w- c:\windows\Album
2010-03-19 16:09 . 2010-03-19 16:09 -------- d-----w- c:\program files\KYE
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\documents and settings\Miro\Application Data\com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1
2010-03-18 12:39 . 2010-03-18 12:38 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-17 17:32 . 2010-03-17 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-17 17:32 . 2010-03-17 17:32 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-17 17:32 . 2010-03-17 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 21:20 . 2009-02-15 14:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Skype
2010-04-10 18:06 . 2009-05-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-10 18:01 . 2009-02-15 14:42 -------- d-----w- c:\documents and settings\Miro\Application Data\skypePM
2010-04-10 08:02 . 2009-03-20 13:22 -------- d-----w- c:\program files\Google
2010-04-10 07:51 . 2009-02-05 20:32 -------- d-----w- c:\documents and settings\Miro\Application Data\ICQ
2010-04-07 12:21 . 2009-02-05 20:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-06 20:13 . 2009-02-26 17:36 912856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-06 15:40 . 2009-02-20 14:22 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-06 15:40 . 2009-02-20 14:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-06 15:35 . 2009-02-06 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 14:09 . 2010-02-05 12:22 -------- d-----w- c:\program files\ATI
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-06 13:57 . 2010-02-04 16:01 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-02 19:51 . 2009-02-08 18:53 -------- d-----w- c:\documents and settings\Miro\Application Data\uTorrent
2010-04-02 19:41 . 2009-02-09 20:09 -------- d-----w- c:\program files\uTorrent
2010-03-30 07:07 . 2009-04-04 14:42 -------- d-----w- c:\program files\Steam
2010-03-29 10:28 . 2009-02-05 19:48 89456 ----a-w- c:\documents and settings\Miro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 10:44 . 2009-02-13 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-03-18 21:06 . 2009-08-14 13:10 -------- d-----w- c:\documents and settings\Miro\Application Data\Ubisoft
2010-03-18 21:06 . 2009-06-14 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-03-04 14:57 . 2010-03-04 14:57 1856000 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-03-01 15:45 . 2009-02-10 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-28 20:38 . 2010-02-28 20:38 85504 ----a-w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab
2010-02-20 11:50 . 2010-02-20 11:13 -------- d-----w- c:\program files\ASUS
2010-02-20 11:12 . 2009-05-28 12:35 -------- d-----w- c:\program files\Realtek
2010-02-19 13:23 . 2009-02-05 20:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 13:12 . 2010-02-19 13:07 10594 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-02-16 17:27 . 2009-02-11 14:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 12:49 . 2010-02-06 12:49 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-06 12:49 . 2010-02-06 12:49 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-05 11:57 . 2010-02-05 11:57 9158 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-02-03 17:32 . 2010-02-03 17:32 50354 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\uninstall.exe
2010-02-03 13:56 . 2009-11-04 12:29 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-02-03 12:56 . 2009-02-16 13:10 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-15 14:57 . 2010-01-15 14:57 53248 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 . 2006-06-07 12:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_08.31.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 08:54 . 2010-04-11 08:54 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-5 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam"="c:\program files\steam\steam.exe" -silent
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"au"=c:\program files\Dealio\DealioAU.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\HRY\\FEAR\\FEAR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\HRY\\FlatOut 2\\flatout2.exe"=
"e:\\HRY\\Left4Dead\\hl2.exe"=
"e:\\HRY\\Left4dead\\left4dead.exe"=
"e:\\HRY\\FIFA 09\\FIFA09.exe"=
"e:\\HRY\\NHL09\\nhl2009.exe"=
"e:\\HRY\\CS\\CS1.6\\hl.exe"=
"e:\\HRY\\CS\\CS1.6\\hlds.exe"=
"e:\\HRY\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\HRY\\Counter-Strike Source\\hl2.exe"=
"e:\\HRY\\Call of Duty 6 - Modern Warfare 2\\iw4mp.exe"=
"e:\\HRY\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\HRY\\GRID\\GRID.exe"=
"e:\\HRY\\DiRT2\\dirt2_game.exe"=
"e:\\HRY\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"e:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\HRY\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30. 3. 2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5. 2. 2009 22:32 222456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6. 2. 2009 3:50 238080]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5. 2. 2009 22:06 691696]
S2 gupdate1c9a95edcc9492e;Google Update Service (gupdate1c9a95edcc9492e);c:\program files\Google\Update\GoogleUpdate.exe [20. 3. 2009 15:22 133104]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://registration.ubi.com/redirect.htm
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Compare Prices with &Dealio - c:\documents and settings\Miro\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {A4EF189C-DBB9-4D63-A5FD-A13C6E32E87A} = 188.123.97.2,188.123.106.66
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\01mc1d0f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://magnetcity.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,02,e3,85,06,ae,5a,8a,51,fb,2d,87,ec,22,6c,ed,fc,c4,e7,23,4b,6a,b0,
c2,51,32,fc,ad,46,df,eb,b2,11,4d,ab,3d,96,fe,30,05,39,70,40,fe,04,44,51,b3,\
"??"=hex:14,b6,ab,ef,ad,02,ca,c9,b5,6a,4c,52,2f,fc,db,19

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,bc,ca,68,fc,e4,4c,26,08,19,2a,2e,23,fd,39,82,cd,87,20,4c,4d,
80,e6,44,2d,51,43,18,90,2e,ec,ef,08,11,64,aa,9b,7d,54,47,5d,4a,24,a8,1e,8a,\
"rkeysecu"=hex:c3,4c,23,79,51,ec,a1,24,26,2e,dc,b4,f6,85,c7,5f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\imon.dll
.
Completion time: 2010-04-11 10:59:27
ComboFix-quarantined-files.txt 2010-04-11 08:59
ComboFix2.txt 2010-04-11 08:34

Pre-Run: 6 445 883 392 bytes free
Post-Run: 6 409 867 264 voľných bajtov

- - End Of File - - EA932A8CCD93BA79B5E43B277AF3B3C2
Upload was successful
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#6 Příspěvek od Rudy »

Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#7 Příspěvek od mirko213 »

no zapol som skype a hru L4D 2 a potom CS Suorce a volal som s kamosom.... lagy neboli ale procesor stale vytazeny na 100% obidva jadra
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#8 Příspěvek od Rudy »

Udělejte sken Ice Sword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#9 Příspěvek od mirko213 »

Process:

System Idle Process
System
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\csrss.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Miro\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spuw.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\L8042mou.Sys
\SystemRoot\system32\DRIVERS\LMouKE.Sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\a5ndctoc.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\monfilt.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\System32\Drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\amon.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
C:\WINDOWS\System32\Drivers\sptd.sys
malo by to byt vsetko...
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#10 Příspěvek od Rudy »

Spusťte CF ještě jednou trímto skriptem:
Driver::
spuw
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#11 Příspěvek od mirko213 »

ComboFix 10-04-10.02 - Miro . 04. 2010 19:40:52.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3583.2886 [GMT 2:00]
Running from: c:\documents and settings\Miro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miro\Desktop\CFScript.txt
AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 10:24 . 2010-04-11 10:24 -------- d-----w- c:\program files\Ubisoft
2010-04-10 18:49 . 2010-04-10 18:50 -------- d-----w- c:\program files\trend micro
2010-04-07 12:21 . 2010-04-07 16:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-06 15:40 . 2010-04-06 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 15:38 . 2010-04-06 15:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Prison Break
2010-04-06 14:09 . 2010-04-06 14:09 10134 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{71CFE572-6C01-96C4-F90E-36C147C98123}\ARPPRODUCTICON.exe
2010-04-03 16:45 . 2010-04-11 09:01 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Softonic-Eng7
2010-04-03 16:45 . 2010-04-04 05:27 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\Conduit
2010-04-03 16:45 . 2010-04-03 16:46 -------- d-----w- c:\program files\Softonic-Eng7
2010-03-30 14:07 . 2010-03-30 14:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\documents and settings\Miro\Application Data\National Instruments
2010-03-29 10:32 . 2010-03-29 10:32 -------- d-----w- c:\program files\Common Files\Bcgsoft
2010-03-29 10:30 . 2010-03-29 10:30 -------- d-----w- c:\program files\HI-TECH Software
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-03-29 10:27 . 2010-03-29 10:27 -------- d-----w- c:\windows\system32\cvirte
2010-03-29 10:27 . 2010-03-29 10:29 -------- d-----w- c:\program files\National Instruments
2010-03-26 12:48 . 2010-03-26 12:48 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 15:10 . 2010-03-29 10:40 -------- d-----w- c:\program files\Sprint-Layout50 (Demo)
2010-03-19 21:41 . 2010-03-19 21:41 -------- d-----w- c:\documents and settings\Miro\Local Settings\Application Data\ACDPhotoEditor
2010-03-19 16:09 . 2010-04-02 20:06 -------- d-----w- c:\windows\Album
2010-03-19 16:09 . 2010-03-19 16:09 -------- d-----w- c:\program files\KYE
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\documents and settings\Miro\Application Data\com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1
2010-03-18 12:39 . 2010-03-18 12:38 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-18 12:39 . 2010-03-18 12:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-17 17:32 . 2010-03-17 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-17 17:32 . 2010-03-17 17:32 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-17 17:32 . 2010-03-17 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:40 . 2009-02-15 14:41 -------- d-----w- c:\documents and settings\Miro\Application Data\Skype
2010-04-11 17:33 . 2009-02-05 20:32 -------- d-----w- c:\documents and settings\Miro\Application Data\ICQ
2010-04-11 16:40 . 2009-02-15 14:42 -------- d-----w- c:\documents and settings\Miro\Application Data\skypePM
2010-04-11 10:46 . 2009-02-06 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 18:06 . 2009-05-28 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-10 08:02 . 2009-03-20 13:22 -------- d-----w- c:\program files\Google
2010-04-07 12:21 . 2009-02-05 20:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-06 20:13 . 2009-02-26 17:36 912856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-06 15:40 . 2009-02-20 14:22 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-06 15:40 . 2009-02-20 14:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-06 14:09 . 2010-02-05 12:22 -------- d-----w- c:\program files\ATI
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 139152 ----a-w- c:\documents and settings\Miro\Application Data\PnkBstrK.sys
2010-04-06 13:58 . 2009-02-11 14:55 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-06 13:57 . 2010-02-04 16:01 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-02 19:51 . 2009-02-08 18:53 -------- d-----w- c:\documents and settings\Miro\Application Data\uTorrent
2010-04-02 19:41 . 2009-02-09 20:09 -------- d-----w- c:\program files\uTorrent
2010-03-30 07:07 . 2009-04-04 14:42 -------- d-----w- c:\program files\Steam
2010-03-29 10:28 . 2009-02-05 19:48 89456 ----a-w- c:\documents and settings\Miro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 10:44 . 2009-02-13 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-03-18 21:06 . 2009-08-14 13:10 -------- d-----w- c:\documents and settings\Miro\Application Data\Ubisoft
2010-03-18 21:06 . 2009-06-14 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-03-04 14:57 . 2010-03-04 14:57 1856000 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-03-01 15:45 . 2009-02-10 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-28 20:38 . 2010-02-28 20:38 85504 ----a-w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-02-28 20:38 . 2010-02-28 20:38 -------- d-----w- c:\documents and settings\Miro\Application Data\SystemRequirementsLab
2010-02-20 11:50 . 2010-02-20 11:13 -------- d-----w- c:\program files\ASUS
2010-02-20 11:12 . 2009-05-28 12:35 -------- d-----w- c:\program files\Realtek
2010-02-19 13:23 . 2009-02-05 20:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 13:12 . 2010-02-19 13:07 10594 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-02-16 17:27 . 2009-02-11 14:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-11 10:42 . 2010-02-11 10:42 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 12:49 . 2010-02-06 12:49 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-06 12:49 . 2010-02-06 12:49 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-05 11:57 . 2010-02-05 11:57 9158 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-02-03 17:32 . 2010-02-03 17:32 50354 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\uninstall.exe
2010-02-03 13:56 . 2009-11-04 12:29 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-02-03 12:56 . 2009-02-16 13:10 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-15 14:57 . 2010-01-15 14:57 53248 ----a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 . 2006-06-07 12:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-5 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam"="c:\program files\steam\steam.exe" -silent
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"au"=c:\program files\Dealio\DealioAU.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\HRY\\FEAR\\FEAR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\HRY\\FlatOut 2\\flatout2.exe"=
"e:\\HRY\\Left4Dead\\hl2.exe"=
"e:\\HRY\\Left4dead\\left4dead.exe"=
"e:\\HRY\\FIFA 09\\FIFA09.exe"=
"e:\\HRY\\NHL09\\nhl2009.exe"=
"e:\\HRY\\CS\\CS1.6\\hl.exe"=
"e:\\HRY\\CS\\CS1.6\\hlds.exe"=
"e:\\HRY\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\HRY\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\HRY\\Counter-Strike Source\\hl2.exe"=
"e:\\HRY\\Call of Duty 6 - Modern Warfare 2\\iw4mp.exe"=
"e:\\HRY\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\HRY\\GRID\\GRID.exe"=
"e:\\HRY\\DiRT2\\dirt2_game.exe"=
"e:\\HRY\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\HRY\\Crysis\\Bin32\\Crysis.exe"=
"e:\\HRY\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\HRY\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\HRY\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"e:\\HRY\\Assassin's Creed II\\AssassinsCreedII.exe"=
"e:\\HRY\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Documents and Settings\\Miro\\Desktop\\Crack_14spider25\\Crack 14spider25\\Srvr\\server.exe"=
"e:\\HRY\\Assassin's Creed II\\Crack_14spider25\\Crack 14spider25\\Srvr\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30. 3. 2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5. 2. 2009 22:32 222456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6. 2. 2009 3:50 238080]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5. 2. 2009 22:06 691696]
S2 gupdate1c9a95edcc9492e;Google Update Service (gupdate1c9a95edcc9492e);c:\program files\Google\Update\GoogleUpdate.exe [20. 3. 2009 15:22 133104]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://registration.ubi.com/redirect.htm
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Compare Prices with &Dealio - c:\documents and settings\Miro\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {A4EF189C-DBB9-4D63-A5FD-A13C6E32E87A} = 188.123.97.2,188.123.106.66
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\01mc1d0f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://magnetcity.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Miro\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 19:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,02,e3,85,06,ae,5a,8a,51,fb,2d,87,ec,22,6c,ed,fc,c4,e7,23,4b,6a,b0,
c2,51,32,fc,ad,46,df,eb,b2,11,4d,ab,3d,96,fe,30,05,39,70,40,fe,04,44,51,b3,\
"??"=hex:14,b6,ab,ef,ad,02,ca,c9,b5,6a,4c,52,2f,fc,db,19

[HKEY_USERS\S-1-5-21-436374069-1993962763-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,bc,ca,68,fc,e4,4c,26,08,19,2a,2e,23,fd,39,82,cd,87,20,4c,4d,
80,e6,44,2d,51,43,18,90,2e,ec,ef,08,11,64,aa,9b,7d,54,47,5d,4a,24,a8,1e,8a,\
"rkeysecu"=hex:c3,4c,23,79,51,ec,a1,24,26,2e,dc,b4,f6,85,c7,5f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2020)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-11 19:42:56
ComboFix-quarantined-files.txt 2010-04-11 17:42
ComboFix2.txt 2010-04-11 17:30
ComboFix3.txt 2010-04-11 09:00

Pre-Run: 6 582 530 048 bytes free
Post-Run: 6 570 561 536 voľných bajtov

- - End Of File - - 5D00FA3E85E8EEF18321E88810C43F3D
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#12 Příspěvek od Rudy »

Log vypadá čistý. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#13 Příspěvek od mirko213 »

nie stale je to take iste :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119405
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: system idle process zatazuje moc CPU

#14 Příspěvek od Rudy »

System idle jsou de facto volné syst. prostředky. PC je zpomalen, nebo jsou nějaké jiné problémy?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mirko213
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 10 dub 2010 19:13

Re: system idle process zatazuje moc CPU

#15 Příspěvek od mirko213 »

nie nemam ziadne ine problemy..iba s tymto... strasne mi vytazuje procesor a neviem z akeho dovodu
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“