Dobrý den, mám problém s ntb HP Compaq 2710p, po aktualizaci QuickLaunch Buttons (speciální ovládací prvky na klávesnici) mi procesor běží skoro stále na 100%, i když ve Správci úloh žádné procesy využívající znatelně CPU neběží.
Můj log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by constantine at 2010-08-15 21:26:10
Microsoft Windows 7 Professional
System drive D: has 2 GB (8%) free of 21 GB
Total RAM: 2023 MB (15% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:32:24, on 15.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Windows\system32\taskhost.exe
D:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
D:\Windows\SYSTEM32\WISPTIS.EXE
D:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\ActivIdentity\ActivClient\acevents.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
D:\Windows\WindowsMobile\wmdc.exe
D:\Windows\System32\igfxtray.exe
D:\Windows\System32\hkcmd.exe
D:\Windows\System32\igfxpers.exe
D:\Windows\system32\igfxsrvc.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Bluetooth Software\BTTray.exe
D:\Windows\system32\wuauclt.exe
C:\Program Files\QIP Infium\infium.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
D:\Windows\System32\mobsync.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Bluetooth Software\BtStackServer.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\taskmgr.exe
D:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
D:\Program Files\Windows Media Player\wmplayer.exe
C:\Downloads\RSIT.exe
D:\Program Files\trend micro\constantine.exe
D:\Windows\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - D:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [acevents] "D:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe D:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IgfxTray] D:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\Windows\system32\guard32.dll D:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - D:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - D:\Windows\system32\AEADISRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - D:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - D:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - D:\Windows\System32\MrobeService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServiceISD - Wacom Technology, Corp. - D:\Program Files\Tablet\ISD\ISD_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - D:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11072 bytes
======Scheduled tasks folder======
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-02 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - D:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28 98576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=D:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-20 1800464]
"Broadcom Wireless Manager UI"=D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2009-11-26 4367360]
"QlbCtrl.exe"=D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-24 349240]
"SoundMAXPnP"=D:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"acevents"=D:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
""= []
"accrdsub"=D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"PTHOSTTR"=D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-08-07 354360]
"CognizanceTS"=D:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-07-28 24848]
"Windows Mobile Device Center"=D:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IgfxTray"=D:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=D:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=D:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-29 1545512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
D:\Windows\FixCamera.exe [2007-02-12 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Users\constantine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
D:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
D:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-04-12 2937528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
D:\Users\constantine\AppData\Roaming\QipGuard\QipGuard.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2009-11-09 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder]
C:\Program Files\Vtelevizi.cz reminder\VtvReminder.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager]
iexplorer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
D:\Windows\ZSSnp211.exe [2006-07-14 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^m-trip Launcher.lnk]
C:\PROGRA~1\m-trip\Bin\M-TRIP~1.EXE [2005-06-16 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Users^constantine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
D:\Users\constantine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\Windows\system32\guard32.dll D:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe"="D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe:*:Enabled:Windows Update Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*
.txt - open - D:\Windows\NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2010-08-15 21:27:05 ----D---- D:\Program Files\trend micro
2010-08-15 21:26:10 ----D---- D:\rsit
2010-08-14 21:16:05 ----A---- D:\Windows\SStylerPro.ini
2010-08-10 15:21:07 ----D---- D:\Users\constantine\AppData\Roaming\BitComet
2010-08-09 13:35:13 ----D---- D:\Program Files\HP USB Docking Video
2010-08-09 13:32:12 ----A---- D:\Windows\system32\drivers\dlkmd.sys
2010-08-09 13:32:10 ----A---- D:\Windows\system32\drivers\dlkmdldr.sys
2010-08-09 13:28:19 ----A---- D:\Windows\system32\dlumd9.dll
2010-08-09 13:28:19 ----A---- D:\Windows\system32\dlumd10.dll
2010-08-09 13:15:05 ----D---- D:\Users\constantine\AppData\Roaming\WTablet
2010-08-09 11:38:27 ----A---- D:\Windows\system32\Wintab32.dll
2010-08-09 11:38:26 ----A---- D:\Windows\system32\ISD_Tablet.dll
2010-08-09 11:37:56 ----A---- D:\Windows\system32\drivers\wacommousefilter.sys
2010-08-09 11:37:42 ----A---- D:\Windows\system32\drivers\wacomvhid.sys
2010-08-09 11:36:27 ----A---- D:\Windows\system32\drivers\wisdpen.sys
2010-08-09 11:36:19 ----D---- D:\Program Files\Tablet
2010-08-09 11:01:29 ----D---- D:\Program Files\Synaptics
2010-08-09 10:49:11 ----A---- D:\Windows\system32\drivers\udfs.sys
2010-08-09 10:48:08 ----A---- D:\Windows\system32\drivers\usbhub.sys
2010-08-01 14:38:07 ----D---- D:\Program Files\HP QuickLaunch
2010-07-30 13:27:44 ----A---- D:\Windows\system32\drivers\nocashio.sys
2010-07-30 12:10:22 ----D---- D:\Users\constantine\AppData\Roaming\VBA-M
======List of files/folders modified in the last 1 months======
2010-08-15 21:31:29 ----D---- D:\Windows\Temp
2010-08-15 21:27:05 ----RD---- D:\Program Files
2010-08-15 21:26:27 ----D---- D:\Users\constantine\AppData\Roaming\Skype
2010-08-15 21:16:06 ----D---- D:\Windows\system32\drivers
2010-08-15 20:29:51 ----D---- D:\Windows\system32\config
2010-08-15 20:19:52 ----D---- D:\Users\constantine\AppData\Roaming\skypePM
2010-08-15 20:14:29 ----D---- D:\ProgramData\hpqLog
2010-08-14 23:35:43 ----D---- D:\Users\constantine\AppData\Roaming\vlc
2010-08-14 22:38:35 ----D---- D:\Users\constantine\AppData\Roaming\Adobe
2010-08-14 22:38:35 ----D---- D:\ProgramData\Adobe
2010-08-14 22:01:36 ----D---- D:\Windows
2010-08-14 20:31:17 ----D---- D:\Windows\Prefetch
2010-08-14 20:22:26 ----SHD---- D:\System Volume Information
2010-08-11 09:37:49 ----D---- D:\inetpub
2010-08-10 15:28:31 ----D---- D:\ProgramData\boost_interprocess
2010-08-09 21:29:14 ----D---- D:\Windows\system32\NDF
2010-08-09 16:05:33 ----D---- D:\Windows\system32\catroot
2010-08-09 15:33:28 ----SHD---- D:\Windows\Installer
2010-08-09 15:33:09 ----SHD---- D:\Config.Msi
2010-08-09 14:10:51 ----D---- D:\Program Files\Hewlett-Packard
2010-08-09 14:10:30 ----D---- D:\Windows\System32
2010-08-09 13:53:44 ----D---- D:\Program Files\Common Files\ActivIdentity
2010-08-09 13:33:34 ----D---- D:\Windows\system32\DriverStore
2010-08-09 13:33:33 ----D---- D:\Windows\inf
2010-08-09 13:32:30 ----D---- D:\Program Files\DisplayLink Core Software
2010-08-09 11:30:28 ----RSD---- D:\Windows\assembly
2010-08-09 11:01:20 ----D---- D:\Windows\system32\catroot2
2010-08-09 10:55:11 ----D---- D:\Windows\winsxs
2010-08-09 10:47:29 ----D---- D:\Windows\SoftwareDistribution
2010-08-08 18:35:21 ----D---- D:\Windows\pss
2010-08-08 18:05:16 ----D---- D:\Windows\Logs
2010-08-01 14:55:13 ----D---- D:\Windows\system32\wdi
2010-07-31 22:20:39 ----A---- D:\Windows\system32\PerfStringBackup.INI
2010-07-21 09:59:59 ----D---- D:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 dlkmdldr;dlkmdldr; D:\Windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
R0 pciide;pciide; D:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SafeBoot;SafeBoot; D:\Windows\system32\drivers\SafeBoot.sys [2009-07-29 109216]
R0 SbAlg;SbAlg; D:\Windows\system32\drivers\SbAlg.sys [2009-07-29 51408]
R0 SbFsLock;SbFsLock; D:\Windows\system32\drivers\SbFsLock.sys [2009-07-29 12960]
R0 sptd;sptd; D:\Windows\System32\Drivers\sptd.sys [2010-01-03 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; D:\Windows\System32\DRIVERS\cmdguard.sys [2009-11-27 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; D:\Windows\System32\DRIVERS\cmdhlp.sys [2009-11-20 29520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 inspect;COMODO Internet Security Firewall Driver; D:\Windows\system32\DRIVERS\inspect.sys [2009-11-20 74328]
R1 RsvLock;RsvLock; D:\Windows\system32\drivers\RsvLock.sys [2009-07-29 12528]
R2 atksgt;atksgt; D:\Windows\system32\DRIVERS\atksgt.sys [2010-08-08 281760]
R2 lirsgt;lirsgt; D:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-08 25888]
R2 mdmxsdk;mdmxsdk; D:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NPF;NetGroup Packet Filter Driver; D:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 XAudio;XAudio; D:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; D:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; D:\Windows\System32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
R3 BthEnum;Bluetooth Request Block Driver; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 dlkmd;dlkmd; D:\Windows\system32\drivers\dlkmd.sys [2009-11-20 165488]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\Windows\system32\DRIVERS\e1e6232.sys [2009-06-05 219352]
R3 HBtnKey;HBtnKey; D:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; D:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 HSF_DPV;HSF_DPV; D:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; D:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; D:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; D:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rimmptsk;rimmptsk; D:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 sdbus;sdbus; D:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SynTP;Synaptics TouchPad Driver; D:\Windows\system32\DRIVERS\SynTP.sys [2009-07-29 213680]
R3 TPM;TPM; D:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 wacommousefilter;Wacom Mouse Filter Driver; D:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; D:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-21 14120]
R3 winachsf;winachsf; D:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WISDPen;Wacom Penabled MiniDriver; D:\Windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]
S2 Parvdm;Parvdm; D:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; D:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; D:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); D:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; D:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 EagleNT;EagleNT; \??\D:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys [2010-02-07 25280]
S3 nocashio;nocashio; D:\Windows\system32\drivers\nocashio.sys [2010-07-30 4096]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; D:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; D:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; D:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; D:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; D:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; D:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; D:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WINUSB;Ovladač WinUsb; D:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ac.sharedstore;ActivIdentity Shared Store Service; D:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AEADIFilters;Andrea ADI Filters Service; D:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ASBroker;Logon Session Broker; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ASChannel;Local Communication Channel; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ATService;AuthenTec Fingerprint Service; D:\Program Files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-20 723632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DisplayLinkService;DisplayLinkManager; D:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 4715880]
R2 HP ProtectTools Service;HP ProtectTools Service; D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
R2 HpFkCryptService;Drive Encryption Service; D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
R2 MrobeService;MrobeService; D:\Windows\System32\MrobeService.exe [2005-06-14 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TabletServiceISD;TabletServiceISD; D:\Program Files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 XAudioService;XAudioService; D:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
R3 Com4QLBEx;Com4QLBEx; D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Google Update Service (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; D:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Využití CPU 100%, žádné procesy neběží
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Využití CPU 100%, žádné procesy neběží
Naposledy upravil(a) constantine.johny dne 16 srp 2010 08:42, celkem upraveno 1 x.
Re: Využití CPU 100%, žádné procesy neběží
Zdravim, pekne rano preji a vitam Vas u nas na foru 
Odstrante prosim log z code spatne se to lusti a setrite tim i radcum oci
I dalsi logy co budou nedavejte do code
Uvolnete misto na disku, pro chod W7 to chce alespon 4 giga 
Odstrante prosim log z code spatne se to lusti a setrite tim i radcum oci I dalsi logy co budou nedavejte do code Uvolnete misto na disku, pro chod W7 to chce alespon 4 giga "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
Děkuji za přivítání 
Log jsem upravil, aby nebyl v code.
Disk jsem vyčistil, nyní má 5,40 GB volného místa, nicméně procesor občas nadále vyletí na 60 - 100%, i když žádné procesy, které by ho znatelně zatěžovaly, neběží.
Log jsem upravil, aby nebyl v code.
Disk jsem vyčistil, nyní má 5,40 GB volného místa, nicméně procesor občas nadále vyletí na 60 - 100%, i když žádné procesy, které by ho znatelně zatěžovaly, neběží.
Re: Využití CPU 100%, žádné procesy neběží
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaruPanel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- D:\Windows\system32\dlumd9.dll
D:\Windows\system32\dlumd10.dll
D:\Windows\system32\drivers\dlkmdldr.sys
D:\Windows\system32\drivers\dlkmd.sys - Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
- Kliknete na Otestovat soubor
- Vysledek analyzy sem vlozte (jako odkaz)
Spustte HJT a provedeme fixnuti polozek
- HJT najdete zde D:\Program Files\trend micro\constantine.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe"=- :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s D:\Windows\tasks\GoogleUpdateTaskMachineCore.job D:\Windows\tasks\GoogleUpdateTaskMachineUA.job D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll D:\Program Files\DAEMON Tools Toolbar D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk D:\Users\CONSTA~1\AppData\Local\Temp\ :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [CLEARALLRESTOREPOINTS]- Kliknete na cervene tlacitko MoveIt!
- Sem pote dejte obsah okna Results (pod zelenou carou)
- Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
Tak jsem provedl vše, co jste mi doporučil.
Soubory D:\Windows\system32\dlumd9.dll a D:\Windows\system32\dlumd10.dll mi nejdou ve VirusTotal otestovat, když je odešlu, vrátí mi to hned na úvodní stránku.
Výsledky k zbývajícím souborům jsou zde:
D:\Windows\system32\drivers\dlkmdldr.sys
D:\Windows\system32\drivers\dlkmd.sys
Result z OTM:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe deleted successfully.
========== FILES ==========
File/Folder D:\Windows\system32\*.tmp.dll not found.
File/Folder D:\Windows\system32\SET*.tmp not found.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11CA.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBED4.tmp folder moved successfully.
D:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\f71d8b6b\298f04ec\og_gr076.tmp moved successfully.
D:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt3F9C.tmp moved successfully.
D:\Windows\SoftwareDistribution\Download\de262ebc8a113d9a9f4b9d07b6a0b8d7\BITA043.tmp moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job moved successfully.
D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder D:\Program Files\DAEMON Tools Toolbar not found.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
D:\Users\CONSTA~1\AppData\Local\Temp folder moved successfully.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: constantine
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 19592489 bytes
->Flash cache emptied: 343 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 19.00 mb
OTM by OldTimer - Version 3.1.15.0 log created on 08162010_124632
Files moved on Reboot...
Registry entries deleted on Reboot...
Soubory D:\Windows\system32\dlumd9.dll a D:\Windows\system32\dlumd10.dll mi nejdou ve VirusTotal otestovat, když je odešlu, vrátí mi to hned na úvodní stránku.
Výsledky k zbývajícím souborům jsou zde:
D:\Windows\system32\drivers\dlkmdldr.sys
D:\Windows\system32\drivers\dlkmd.sys
Result z OTM:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe deleted successfully.
========== FILES ==========
File/Folder D:\Windows\system32\*.tmp.dll not found.
File/Folder D:\Windows\system32\SET*.tmp not found.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11CA.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBED4.tmp folder moved successfully.
D:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\f71d8b6b\298f04ec\og_gr076.tmp moved successfully.
D:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt3F9C.tmp moved successfully.
D:\Windows\SoftwareDistribution\Download\de262ebc8a113d9a9f4b9d07b6a0b8d7\BITA043.tmp moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job moved successfully.
D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder D:\Program Files\DAEMON Tools Toolbar not found.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
D:\Users\CONSTA~1\AppData\Local\Temp folder moved successfully.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: constantine
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 19592489 bytes
->Flash cache emptied: 343 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 19.00 mb
OTM by OldTimer - Version 3.1.15.0 log created on 08162010_124632
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: Využití CPU 100%, žádné procesy neběží
Zlepsil se stav PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
Procesor teď běží na 20-30%, občas na chvilku vyskočí na 100, ale po cca 5 sekundách se zase ustálí.
Akorát mi větrák stále běží naplno, přes program SpeedFan jsem teď zjistil, že teplota CPU je 70°C.
Akorát mi větrák stále běží naplno, přes program SpeedFan jsem teď zjistil, že teplota CPU je 70°C.
Re: Využití CPU 100%, žádné procesy neběží
Otevrit bednu a podivat se jestli neni vetrak zapraseny prachem - pokud ano tak vycistit KOMPRESOREM - zadny vysavac nebot Vam muze staticka elektrina poslat obvody do kytek...pripadne aspon profouknout nebo vycistit tycinkou do usi napr namocenou v lihu - pozor at nic neohnete, nezlomite...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
tak vyčištěno, teplota se drží kolem 50°C, nicméně procesor je opět zatížený, když posloucham MP3 a jsem na webu, i tak se přehrávání občas seká...
Hlavně mi vrtá hlavou, že ve Správci úloh najednou nevidím žádné procesy od System, ani položku Nečinné procesy.
Hlavně mi vrtá hlavou, že ve Správci úloh najednou nevidím žádné procesy od System, ani položku Nečinné procesy.
Re: Využití CPU 100%, žádné procesy neběží
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
Děkuju za pomoc
I když jsem v Comodo vypnul antivirovou kontrolu i Firewall a následně vypnul i celý program, psalo mi Combofix hlášení, že je rezidenční ochrana stále spuštěná a že bude pokračovat. Snažil sem se í vypnout ještě přes Správce úloh, ale "Přístup byl odepřen".
Log z ComboFix je zde:
ComboFix 10-08-17.03 - constantine 18.08.2010 9:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2023.1102 [GMT 2:00]
Spuštěný z: d:\users\constantine\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\dlumd10.dll
d:\windows\system32\dlumd9.dll
d:\windows\system32\images
d:\windows\system32\images\toolbar\calendar.gif
d:\windows\system32\images\toolbar\crlogo.gif
d:\windows\system32\images\toolbar\export.gif
d:\windows\system32\images\toolbar\export_over.gif
d:\windows\system32\images\toolbar\exportd.gif
d:\windows\system32\images\toolbar\First.gif
d:\windows\system32\images\toolbar\first_over.gif
d:\windows\system32\images\toolbar\Firstd.gif
d:\windows\system32\images\toolbar\gotopage.gif
d:\windows\system32\images\toolbar\gotopage_over.gif
d:\windows\system32\images\toolbar\gotopaged.gif
d:\windows\system32\images\toolbar\grouptree.gif
d:\windows\system32\images\toolbar\grouptree_over.gif
d:\windows\system32\images\toolbar\grouptreed.gif
d:\windows\system32\images\toolbar\grouptreepressed.gif
d:\windows\system32\images\toolbar\Last.gif
d:\windows\system32\images\toolbar\last_over.gif
d:\windows\system32\images\toolbar\Lastd.gif
d:\windows\system32\images\toolbar\Next.gif
d:\windows\system32\images\toolbar\next_over.gif
d:\windows\system32\images\toolbar\Nextd.gif
d:\windows\system32\images\toolbar\Prev.gif
d:\windows\system32\images\toolbar\prev_over.gif
d:\windows\system32\images\toolbar\Prevd.gif
d:\windows\system32\images\toolbar\print.gif
d:\windows\system32\images\toolbar\print_over.gif
d:\windows\system32\images\toolbar\printd.gif
d:\windows\system32\images\toolbar\Refresh.gif
d:\windows\system32\images\toolbar\refresh_over.gif
d:\windows\system32\images\toolbar\refreshd.gif
d:\windows\system32\images\toolbar\Search.gif
d:\windows\system32\images\toolbar\search_over.gif
d:\windows\system32\images\toolbar\searchd.gif
d:\windows\system32\images\toolbar\up.gif
d:\windows\system32\images\toolbar\up_over.gif
d:\windows\system32\images\toolbar\upd.gif
d:\windows\system32\images\tree\begindots.gif
d:\windows\system32\images\tree\beginminus.gif
d:\windows\system32\images\tree\beginplus.gif
d:\windows\system32\images\tree\blank.gif
d:\windows\system32\images\tree\blankdots.gif
d:\windows\system32\images\tree\dots.gif
d:\windows\system32\images\tree\lastdots.gif
d:\windows\system32\images\tree\lastminus.gif
d:\windows\system32\images\tree\lastplus.gif
d:\windows\system32\images\tree\Magnify.gif
d:\windows\system32\images\tree\minus.gif
d:\windows\system32\images\tree\minusbox.gif
d:\windows\system32\images\tree\plus.gif
d:\windows\system32\images\tree\plusbox.gif
d:\windows\system32\images\tree\singleminus.gif
d:\windows\system32\images\tree\singleplus.gif
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Default\AppData\Local\temp
2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Classic .NET AppPool\AppData\Local\temp
2010-08-16 14:06 . 2010-08-16 14:06 -------- d-----w- d:\users\constantine\AppData\Local\BuildAGadget Content
2010-08-15 19:27 . 2010-08-16 10:45 -------- d-----w- d:\program files\trend micro
2010-08-10 13:21 . 2010-08-10 13:21 -------- d-----w- d:\users\constantine\AppData\Roaming\BitComet
2010-08-09 11:35 . 2010-08-09 11:35 -------- d-----w- d:\program files\HP USB Docking Video
2010-08-09 11:32 . 2009-11-20 01:47 165488 ----a-w- d:\windows\system32\drivers\dlkmd.sys
2010-08-09 11:32 . 2009-11-20 01:47 13936 ----a-w- d:\windows\system32\drivers\dlkmdldr.sys
2010-08-09 11:15 . 2010-08-09 11:15 -------- d-----w- d:\users\constantine\AppData\Roaming\WTablet
2010-08-09 09:38 . 2010-07-26 08:02 495616 ----a-w- d:\windows\system32\Wintab32.dll
2010-08-09 09:38 . 2010-07-26 08:05 656240 ----a-w- d:\windows\system32\ISD_Tablet.dll
2010-08-09 09:37 . 2007-02-16 09:12 11312 ----a-w- d:\windows\system32\drivers\wacommousefilter.sys
2010-08-09 09:37 . 2009-09-21 14:29 14120 ----a-w- d:\windows\system32\drivers\wacomvhid.sys
2010-08-09 09:36 . 2010-06-14 10:08 35696 ----a-w- d:\windows\system32\drivers\wisdpen.sys
2010-08-09 09:36 . 2010-08-17 16:14 -------- d-----w- d:\program files\Tablet
2010-08-09 09:01 . 2010-08-09 09:01 -------- d-----w- d:\program files\Synaptics
2010-08-09 08:49 . 2009-10-07 02:30 246784 ----a-w- d:\windows\system32\drivers\udfs.sys
2010-08-09 08:48 . 2009-09-05 03:00 258560 ----a-w- d:\windows\system32\drivers\usbhub.sys
2010-08-01 12:38 . 2010-08-01 12:38 -------- d-----w- d:\program files\HP QuickLaunch
2010-07-30 11:27 . 2010-07-30 11:27 4096 ----a-w- d:\windows\system32\drivers\nocashio.sys
2010-07-30 10:10 . 2010-07-30 10:10 -------- d-----w- d:\users\constantine\AppData\Roaming\VBA-M
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 08:12 . 2009-11-16 16:15 681822 ----a-w- d:\windows\system32\perfh005.dat
2010-08-18 08:12 . 2009-11-16 16:15 143490 ----a-w- d:\windows\system32\perfc005.dat
2010-08-18 08:06 . 2009-12-03 18:45 -------- d-----w- d:\programdata\hpqLog
2010-08-17 16:21 . 2009-11-09 17:49 -------- d-----w- d:\users\constantine\AppData\Roaming\Skype
2010-08-17 14:08 . 2009-11-09 17:50 -------- d-----w- d:\users\constantine\AppData\Roaming\skypePM
2010-08-16 12:28 . 2009-11-09 18:10 88592 ----a-w- d:\users\constantine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 09:51 . 2010-01-19 16:09 -------- d-----w- d:\users\constantine\AppData\Roaming\Media Player Classic
2010-08-15 20:10 . 2010-06-16 07:10 -------- d-----w- d:\users\constantine\AppData\Roaming\vlc
2010-08-10 13:28 . 2010-04-16 11:30 -------- d-----w- d:\programdata\boost_interprocess
2010-08-09 12:10 . 2009-11-26 20:12 -------- d-----w- d:\program files\Hewlett-Packard
2010-08-09 11:53 . 2009-12-03 18:49 -------- d-----w- d:\program files\Common Files\ActivIdentity
2010-08-09 11:32 . 2009-11-26 23:05 -------- d-----w- d:\program files\DisplayLink Core Software
2010-08-09 09:02 . 2010-08-09 09:02 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-08-09 08:47 . 2010-08-09 08:47 0 --sha-r- d:\windows\system32\drivers\103C_HP_bNB_2710p_Y5336AN_0U_Q2CE84505WX_EU_4A_I30C8_SHP_V74.3A_68MOU F.13_T080820_WU48-0_L405_M2024_J80_7Intel_86FD_91.20_#100809_N80861049;80864229_(RU539EA#AKB)_XMOBILE_CN10_Z_2F.13_G80862A02;80862A03.MRK
2010-08-08 16:37 . 2010-05-29 11:15 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2010-08-08 16:37 . 2010-05-29 11:14 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2010-08-01 12:42 . 2010-08-01 12:42 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-07-13 08:44 . 2009-11-09 18:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-06-25 09:07 . 2010-02-17 17:04 -------- d-----w- d:\program files\Google
2010-06-24 11:01 . 2010-06-24 11:01 -------- d-----w- d:\users\constantine\AppData\Roaming\WB Games
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- d:\windows\system32\GPhotos.scr
2010-05-26 21:41 . 2009-07-13 23:40 249856 ----a-w- d:\windows\system32\uxtheme.dll
2010-05-26 21:41 . 2009-07-13 23:39 2755072 ----a-w- d:\windows\system32\themeui.dll
2010-05-26 21:41 . 2009-07-13 23:39 37376 ----a-w- d:\windows\system32\themeservice.dll
2010-05-21 12:14 . 2009-11-09 18:00 221568 ------w- d:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2010-05-14 . D51AFCE752AFB83C01AE7B5A194BA8E2 . 2614272 . . [6.1.7600.16385] . . d:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-20 1800464]
"Broadcom Wireless Manager UI"="d:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2009-11-26 4367360]
"QlbCtrl.exe"="d:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 349240]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="d:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="d:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="d:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="d:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\System32\guard32.dll d:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^m-trip Launcher.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\m-trip Launcher.lnk
backup=d:\windows\pss\m-trip Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^Users^constantine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=d:\users\constantine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=d:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 12:50 20480 ----a-w- d:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2006-07-14 14:24 49152 ----a-w- d:\windows\ZSSnp211.exe
R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 ALSysIO;ALSysIO;c:\temp\ALSysIO.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;d:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;d:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;d:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys [2010-01-03 691696]
S0 dlkmdldr;dlkmdldr;d:\windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\DRIVERS\cmdguard.sys [2009-11-27 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-20 29520]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;d:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;d:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 DisplayLinkService;DisplayLinkManager;d:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 4715880]
S2 HP ProtectTools Service;HP ProtectTools Service;d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
S2 HpFkCryptService;Drive Encryption Service;d:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServiceISD;TabletServiceISD;d:\program files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;d:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
S3 Com4QLBEx;Com4QLBEx;d:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 dlkmd;dlkmd;d:\windows\system32\drivers\dlkmd.sys [2009-11-20 165488]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;d:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 WISDPen;Wacom Penabled MiniDriver;d:\windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Tomb Raider - The Lost Artifact - d:\program files\Core Design\Tomb Raider - The Lost Artifact\Uninst.isu
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3804)
d:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Bluetooth Software\btmmhook.dll
c:\program files\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\COMODO\COMODO Internet Security\cmdagent.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
d:\windows\system32\AEADISRV.EXE
d:\windows\System32\MrobeService.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\system32\DRIVERS\xaudio.exe
d:\windows\system32\taskhost.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\Common Files\microsoft shared\ink\TabTip.exe
d:\program files\DisplayLink Core Software\DisplayLinkUI.exe
d:\program files\Tablet\ISD\ISD_TabletUser.exe
d:\program files\Tablet\CalibrationAssistant.exe
d:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
d:\windows\system32\conhost.exe
d:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
d:\windows\servicing\TrustedInstaller.exe
d:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
d:\windows\system32\igfxext.exe
d:\windows\system32\igfxsrvc.exe
d:\program files\Synaptics\SynTP\SynTPHelper.exe
d:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
d:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bluetooth Software\BtStackServer.exe
d:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Celkový čas: 2010-08-18 10:18:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 08:18
Před spuštěním: 4 028 559 360
Po spuštění: 3 720 515 584
- - End Of File - - 6D040AF25EFCBC2C6F24EB8868879614
I když jsem v Comodo vypnul antivirovou kontrolu i Firewall a následně vypnul i celý program, psalo mi Combofix hlášení, že je rezidenční ochrana stále spuštěná a že bude pokračovat. Snažil sem se í vypnout ještě přes Správce úloh, ale "Přístup byl odepřen".
Log z ComboFix je zde:
ComboFix 10-08-17.03 - constantine 18.08.2010 9:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2023.1102 [GMT 2:00]
Spuštěný z: d:\users\constantine\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\dlumd10.dll
d:\windows\system32\dlumd9.dll
d:\windows\system32\images
d:\windows\system32\images\toolbar\calendar.gif
d:\windows\system32\images\toolbar\crlogo.gif
d:\windows\system32\images\toolbar\export.gif
d:\windows\system32\images\toolbar\export_over.gif
d:\windows\system32\images\toolbar\exportd.gif
d:\windows\system32\images\toolbar\First.gif
d:\windows\system32\images\toolbar\first_over.gif
d:\windows\system32\images\toolbar\Firstd.gif
d:\windows\system32\images\toolbar\gotopage.gif
d:\windows\system32\images\toolbar\gotopage_over.gif
d:\windows\system32\images\toolbar\gotopaged.gif
d:\windows\system32\images\toolbar\grouptree.gif
d:\windows\system32\images\toolbar\grouptree_over.gif
d:\windows\system32\images\toolbar\grouptreed.gif
d:\windows\system32\images\toolbar\grouptreepressed.gif
d:\windows\system32\images\toolbar\Last.gif
d:\windows\system32\images\toolbar\last_over.gif
d:\windows\system32\images\toolbar\Lastd.gif
d:\windows\system32\images\toolbar\Next.gif
d:\windows\system32\images\toolbar\next_over.gif
d:\windows\system32\images\toolbar\Nextd.gif
d:\windows\system32\images\toolbar\Prev.gif
d:\windows\system32\images\toolbar\prev_over.gif
d:\windows\system32\images\toolbar\Prevd.gif
d:\windows\system32\images\toolbar\print.gif
d:\windows\system32\images\toolbar\print_over.gif
d:\windows\system32\images\toolbar\printd.gif
d:\windows\system32\images\toolbar\Refresh.gif
d:\windows\system32\images\toolbar\refresh_over.gif
d:\windows\system32\images\toolbar\refreshd.gif
d:\windows\system32\images\toolbar\Search.gif
d:\windows\system32\images\toolbar\search_over.gif
d:\windows\system32\images\toolbar\searchd.gif
d:\windows\system32\images\toolbar\up.gif
d:\windows\system32\images\toolbar\up_over.gif
d:\windows\system32\images\toolbar\upd.gif
d:\windows\system32\images\tree\begindots.gif
d:\windows\system32\images\tree\beginminus.gif
d:\windows\system32\images\tree\beginplus.gif
d:\windows\system32\images\tree\blank.gif
d:\windows\system32\images\tree\blankdots.gif
d:\windows\system32\images\tree\dots.gif
d:\windows\system32\images\tree\lastdots.gif
d:\windows\system32\images\tree\lastminus.gif
d:\windows\system32\images\tree\lastplus.gif
d:\windows\system32\images\tree\Magnify.gif
d:\windows\system32\images\tree\minus.gif
d:\windows\system32\images\tree\minusbox.gif
d:\windows\system32\images\tree\plus.gif
d:\windows\system32\images\tree\plusbox.gif
d:\windows\system32\images\tree\singleminus.gif
d:\windows\system32\images\tree\singleplus.gif
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Default\AppData\Local\temp
2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Classic .NET AppPool\AppData\Local\temp
2010-08-16 14:06 . 2010-08-16 14:06 -------- d-----w- d:\users\constantine\AppData\Local\BuildAGadget Content
2010-08-15 19:27 . 2010-08-16 10:45 -------- d-----w- d:\program files\trend micro
2010-08-10 13:21 . 2010-08-10 13:21 -------- d-----w- d:\users\constantine\AppData\Roaming\BitComet
2010-08-09 11:35 . 2010-08-09 11:35 -------- d-----w- d:\program files\HP USB Docking Video
2010-08-09 11:32 . 2009-11-20 01:47 165488 ----a-w- d:\windows\system32\drivers\dlkmd.sys
2010-08-09 11:32 . 2009-11-20 01:47 13936 ----a-w- d:\windows\system32\drivers\dlkmdldr.sys
2010-08-09 11:15 . 2010-08-09 11:15 -------- d-----w- d:\users\constantine\AppData\Roaming\WTablet
2010-08-09 09:38 . 2010-07-26 08:02 495616 ----a-w- d:\windows\system32\Wintab32.dll
2010-08-09 09:38 . 2010-07-26 08:05 656240 ----a-w- d:\windows\system32\ISD_Tablet.dll
2010-08-09 09:37 . 2007-02-16 09:12 11312 ----a-w- d:\windows\system32\drivers\wacommousefilter.sys
2010-08-09 09:37 . 2009-09-21 14:29 14120 ----a-w- d:\windows\system32\drivers\wacomvhid.sys
2010-08-09 09:36 . 2010-06-14 10:08 35696 ----a-w- d:\windows\system32\drivers\wisdpen.sys
2010-08-09 09:36 . 2010-08-17 16:14 -------- d-----w- d:\program files\Tablet
2010-08-09 09:01 . 2010-08-09 09:01 -------- d-----w- d:\program files\Synaptics
2010-08-09 08:49 . 2009-10-07 02:30 246784 ----a-w- d:\windows\system32\drivers\udfs.sys
2010-08-09 08:48 . 2009-09-05 03:00 258560 ----a-w- d:\windows\system32\drivers\usbhub.sys
2010-08-01 12:38 . 2010-08-01 12:38 -------- d-----w- d:\program files\HP QuickLaunch
2010-07-30 11:27 . 2010-07-30 11:27 4096 ----a-w- d:\windows\system32\drivers\nocashio.sys
2010-07-30 10:10 . 2010-07-30 10:10 -------- d-----w- d:\users\constantine\AppData\Roaming\VBA-M
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 08:12 . 2009-11-16 16:15 681822 ----a-w- d:\windows\system32\perfh005.dat
2010-08-18 08:12 . 2009-11-16 16:15 143490 ----a-w- d:\windows\system32\perfc005.dat
2010-08-18 08:06 . 2009-12-03 18:45 -------- d-----w- d:\programdata\hpqLog
2010-08-17 16:21 . 2009-11-09 17:49 -------- d-----w- d:\users\constantine\AppData\Roaming\Skype
2010-08-17 14:08 . 2009-11-09 17:50 -------- d-----w- d:\users\constantine\AppData\Roaming\skypePM
2010-08-16 12:28 . 2009-11-09 18:10 88592 ----a-w- d:\users\constantine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 09:51 . 2010-01-19 16:09 -------- d-----w- d:\users\constantine\AppData\Roaming\Media Player Classic
2010-08-15 20:10 . 2010-06-16 07:10 -------- d-----w- d:\users\constantine\AppData\Roaming\vlc
2010-08-10 13:28 . 2010-04-16 11:30 -------- d-----w- d:\programdata\boost_interprocess
2010-08-09 12:10 . 2009-11-26 20:12 -------- d-----w- d:\program files\Hewlett-Packard
2010-08-09 11:53 . 2009-12-03 18:49 -------- d-----w- d:\program files\Common Files\ActivIdentity
2010-08-09 11:32 . 2009-11-26 23:05 -------- d-----w- d:\program files\DisplayLink Core Software
2010-08-09 09:02 . 2010-08-09 09:02 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-08-09 08:47 . 2010-08-09 08:47 0 --sha-r- d:\windows\system32\drivers\103C_HP_bNB_2710p_Y5336AN_0U_Q2CE84505WX_EU_4A_I30C8_SHP_V74.3A_68MOU F.13_T080820_WU48-0_L405_M2024_J80_7Intel_86FD_91.20_#100809_N80861049;80864229_(RU539EA#AKB)_XMOBILE_CN10_Z_2F.13_G80862A02;80862A03.MRK
2010-08-08 16:37 . 2010-05-29 11:15 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2010-08-08 16:37 . 2010-05-29 11:14 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2010-08-01 12:42 . 2010-08-01 12:42 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-07-13 08:44 . 2009-11-09 18:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-06-25 09:07 . 2010-02-17 17:04 -------- d-----w- d:\program files\Google
2010-06-24 11:01 . 2010-06-24 11:01 -------- d-----w- d:\users\constantine\AppData\Roaming\WB Games
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- d:\windows\system32\GPhotos.scr
2010-05-26 21:41 . 2009-07-13 23:40 249856 ----a-w- d:\windows\system32\uxtheme.dll
2010-05-26 21:41 . 2009-07-13 23:39 2755072 ----a-w- d:\windows\system32\themeui.dll
2010-05-26 21:41 . 2009-07-13 23:39 37376 ----a-w- d:\windows\system32\themeservice.dll
2010-05-21 12:14 . 2009-11-09 18:00 221568 ------w- d:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2010-05-14 . D51AFCE752AFB83C01AE7B5A194BA8E2 . 2614272 . . [6.1.7600.16385] . . d:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-20 1800464]
"Broadcom Wireless Manager UI"="d:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2009-11-26 4367360]
"QlbCtrl.exe"="d:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 349240]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="d:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="d:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="d:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="d:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\System32\guard32.dll d:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^m-trip Launcher.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\m-trip Launcher.lnk
backup=d:\windows\pss\m-trip Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^Users^constantine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=d:\users\constantine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=d:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 12:50 20480 ----a-w- d:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2006-07-14 14:24 49152 ----a-w- d:\windows\ZSSnp211.exe
R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 ALSysIO;ALSysIO;c:\temp\ALSysIO.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;d:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;d:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;d:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys [2010-01-03 691696]
S0 dlkmdldr;dlkmdldr;d:\windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\DRIVERS\cmdguard.sys [2009-11-27 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-20 29520]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;d:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;d:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 DisplayLinkService;DisplayLinkManager;d:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 4715880]
S2 HP ProtectTools Service;HP ProtectTools Service;d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
S2 HpFkCryptService;Drive Encryption Service;d:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServiceISD;TabletServiceISD;d:\program files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;d:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
S3 Com4QLBEx;Com4QLBEx;d:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 dlkmd;dlkmd;d:\windows\system32\drivers\dlkmd.sys [2009-11-20 165488]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;d:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 WISDPen;Wacom Penabled MiniDriver;d:\windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Tomb Raider - The Lost Artifact - d:\program files\Core Design\Tomb Raider - The Lost Artifact\Uninst.isu
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3804)
d:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Bluetooth Software\btmmhook.dll
c:\program files\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\COMODO\COMODO Internet Security\cmdagent.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
d:\windows\system32\AEADISRV.EXE
d:\windows\System32\MrobeService.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\system32\DRIVERS\xaudio.exe
d:\windows\system32\taskhost.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\Common Files\microsoft shared\ink\TabTip.exe
d:\program files\DisplayLink Core Software\DisplayLinkUI.exe
d:\program files\Tablet\ISD\ISD_TabletUser.exe
d:\program files\Tablet\CalibrationAssistant.exe
d:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
d:\windows\system32\conhost.exe
d:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
d:\windows\servicing\TrustedInstaller.exe
d:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
d:\windows\system32\igfxext.exe
d:\windows\system32\igfxsrvc.exe
d:\program files\Synaptics\SynTP\SynTPHelper.exe
d:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
d:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bluetooth Software\BtStackServer.exe
d:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Celkový čas: 2010-08-18 10:18:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 08:18
Před spuštěním: 4 028 559 360
Po spuštění: 3 720 515 584
- - End Of File - - 6D040AF25EFCBC2C6F24EB8868879614
Re: Využití CPU 100%, žádné procesy neběží
Neda se nic delat...dle log z CF byla vypnuta pouze antispywareva ochrana, ale co uz...nic nevycitam
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- d:\windows\explorer.exe
d:\windows\system32\drivers\dlkmd.sys
d:\windows\system32\drivers\lirsgt.sys
d:\windows\system32\drivers\atksgt.sys - Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
- Kliknete na Otestovat soubor
- Vysledek analyzy sem vlozte (jako odkaz)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
constantine.johny
- Návštěvník
- Příspěvky: 7
- Registrován: 15 srp 2010 20:20
Re: Využití CPU 100%, žádné procesy neběží
Zlepsil se PC po aplikaci ComboFixu
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?