Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

vyuziti CPU neustale +-30%

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

vyuziti CPU neustale +-30%

#1 Příspěvek od Dominik38 »

Dobry den, tento problem mam poslednich par dnu a nevim, jak ho odstranit. Ve spravci uloh systemu jsem si vsiml predevsim procesu netsh.exe (je zde asi 5x) a skace chaoticky mezi radky. Zasilam obsah logu, diky.

Logfile of random's system information tool 1.08 (written by random/random)
Run by kluci at 2010-12-01 21:20:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (13%) free of 10 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:09, on 1.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\RSIT.exe
C:\Program Files\trend micro\kluci.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [{49D53E8D-1A29-45E7-9F1D-81EFC5743711}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{49D53E8D-1A29-45E7-9F1D-81EFC5743711}\5f3c.dll",DllGetClassObject secret 31352
O4 - HKCU\..\Run: [{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}\4303.dll",DllGetClassObject secret 10075
O4 - HKCU\..\Run: [{2A656475-C4CC-431B-959F-BD1947BC160E}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{2A656475-C4CC-431B-959F-BD1947BC160E}\2328.dll",DllGetClassObject secret 25500
O4 - HKCU\..\Run: [{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}\262.dll",DllGetClassObject secret 34421
O4 - HKCU\..\Run: [{1BE1534B-AA3C-4744-981C-085C4E76C5D9}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{1BE1534B-AA3C-4744-981C-085C4E76C5D9}\2f7a.dll",DllGetClassObject secret 23023
O4 - HKCU\..\Run: [{1610D028-89C3-49DC-8DCA-9A7D89D75C07}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{1610D028-89C3-49DC-8DCA-9A7D89D75C07}\47d.dll",DllGetClassObject secret 30307
O4 - HKCU\..\Run: [{A2A08C4C-9C50-4332-8418-9F330BB4B42E}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{A2A08C4C-9C50-4332-8418-9F330BB4B42E}\6f7f.dll",DllGetClassObject secret 18278
O4 - HKCU\..\Run: [{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}\4ee9.dll",DllGetClassObject secret 22025
O4 - HKCU\..\Run: [{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}\438a.dll",DllGetClassObject secret 29227
O4 - HKCU\..\Run: [{F7184FF0-2554-4FEB-B114-10AD5F0A1997}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{F7184FF0-2554-4FEB-B114-10AD5F0A1997}\4cf0.dll",DllGetClassObject secret 23720
O4 - HKCU\..\Run: [{1420E951-4FCB-43DA-BFC6-83AF94F7B082}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{1420E951-4FCB-43DA-BFC6-83AF94F7B082}\365d.dll",DllGetClassObject secret 12753
O4 - HKCU\..\Run: [{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}\62f1.dll",DllGetClassObject secret 32147
O4 - HKCU\..\Run: [{40888652-63F8-460A-93B7-877F1AA14E79}] rundll32 "C:\DOCUME~1\kluci\LOCALS~1\Temp\{40888652-63F8-460A-93B7-877F1AA14E79}\254b.dll",DllGetClassObject secret 27190
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mapiprov32.dll winmgr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate1ca066023a505c8) (gupdate1ca066023a505c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 12417 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1757981266-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1757981266-725345543-1003.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-21 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-05-31 269752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{EEE6C35B-6118-11DC-9C72-001320C79847}
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2010-10-18 3908192]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-06-17 33628160]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-21 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"{49D53E8D-1A29-45E7-9F1D-81EFC5743711}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{49D53E8D-1A29-45E7-9F1D-81EFC5743711}\5f3c.dll,DllGetClassObject secret 31352 []
"{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}\4303.dll,DllGetClassObject secret 10075 []
"{2A656475-C4CC-431B-959F-BD1947BC160E}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{2A656475-C4CC-431B-959F-BD1947BC160E}\2328.dll,DllGetClassObject secret 25500 []
"{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}\262.dll,DllGetClassObject secret 34421 []
"{1BE1534B-AA3C-4744-981C-085C4E76C5D9}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{1BE1534B-AA3C-4744-981C-085C4E76C5D9}\2f7a.dll,DllGetClassObject secret 23023 []
"{1610D028-89C3-49DC-8DCA-9A7D89D75C07}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{1610D028-89C3-49DC-8DCA-9A7D89D75C07}\47d.dll,DllGetClassObject secret 30307 []
"{A2A08C4C-9C50-4332-8418-9F330BB4B42E}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{A2A08C4C-9C50-4332-8418-9F330BB4B42E}\6f7f.dll,DllGetClassObject secret 18278 []
"{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}\4ee9.dll,DllGetClassObject secret 22025 []
"{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}\438a.dll,DllGetClassObject secret 29227 []
"{F7184FF0-2554-4FEB-B114-10AD5F0A1997}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{F7184FF0-2554-4FEB-B114-10AD5F0A1997}\4cf0.dll,DllGetClassObject secret 23720 []
"{1420E951-4FCB-43DA-BFC6-83AF94F7B082}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{1420E951-4FCB-43DA-BFC6-83AF94F7B082}\365d.dll,DllGetClassObject secret 12753 []
"{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}\62f1.dll,DllGetClassObject secret 32147 []
"{40888652-63F8-460A-93B7-877F1AA14E79}"=rundll32 C:\DOCUME~1\kluci\LOCALS~1\Temp\{40888652-63F8-460A-93B7-877F1AA14E79}\254b.dll,DllGetClassObject secret 27190 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
D:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe [2010-11-30 3416968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="mapiprov32.dll winmgr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program files\QIP\qip.exe"="D:\Program files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Program files\Valve\Steam\SteamApps\criminal24\counter-strike\hl.exe"="D:\Program files\Valve\Steam\SteamApps\criminal24\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program files\TmNationsForever\TmForever.exe"="D:\Program files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Program files\Valve\Steam\Steam.exe"="D:\Program files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program files\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Program files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"E:\Program files\TrackMania Nations ESWC\TmNationsESWC.exe"="E:\Program files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"E:\Program files\QIP\qip.exe"="E:\Program files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"D:\Program files\uTorrent\utorrent.exe"="D:\Program files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program files\iTunes\iTunes.exe"="D:\Program files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Descent 1\DESCENT\d1x-rebirth-gl.exe"="E:\Descent 1\DESCENT\d1x-rebirth-gl.exe:*:Enabled:d1x-rebirth-gl"
"D:\Program files\Quake2\quake2.exe"="D:\Program files\Quake2\quake2.exe:*:Enabled:quake2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\kluci\Local Settings\Temp\{2A656475-C4CC-431B-959F-BD1947BC160E}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{2A656475-C4CC-431B-959F-BD1947BC160E}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{6D36B3AB-1D1C-4ABF-AA7B-96F41AD64601}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{1610D028-89C3-49DC-8DCA-9A7D89D75C07}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{1610D028-89C3-49DC-8DCA-9A7D89D75C07}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{D1368152-87D7-4D4E-9FA4-250C77E4B0E8}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{C2DB6EA8-400C-42E6-BD97-AF035FAF9643}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{F7184FF0-2554-4FEB-B114-10AD5F0A1997}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{F7184FF0-2554-4FEB-B114-10AD5F0A1997}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{10FA9446-1E52-48EC-8EBF-1ADADB4BE47C}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{1420E951-4FCB-43DA-BFC6-83AF94F7B082}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{1420E951-4FCB-43DA-BFC6-83AF94F7B082}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{2FE741AF-353F-4A56-A8F6-1746BDFB5A3B}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{49D53E8D-1A29-45E7-9F1D-81EFC5743711}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{49D53E8D-1A29-45E7-9F1D-81EFC5743711}\bin\javaw.exe:*:Enabled:xp2p"
"C:\Documents and Settings\kluci\Local Settings\Temp\{40888652-63F8-460A-93B7-877F1AA14E79}\bin\javaw.exe"="C:\Documents and Settings\kluci\Local Settings\Temp\{40888652-63F8-460A-93B7-877F1AA14E79}\bin\javaw.exe:*:Enabled:xp2p"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-01 21:17:33 ----D---- C:\rsit
2010-12-01 21:17:33 ----D---- C:\Program Files\trend micro
2010-11-30 01:25:19 ----D---- C:\WINDOWS\system32\SimFiles
2010-11-26 17:54:35 ----D---- C:\Program Files\ConduitEngine
2010-11-26 17:54:35 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-11-26 17:52:49 ----SH---- C:\WINDOWS\system32\mapiprov32.dll
2010-11-26 17:52:47 ----SH---- C:\WINDOWS\system32\winmgr.dll
2010-11-26 17:41:50 ----D---- C:\Documents and Settings\kluci\Data aplikací\MP3Rocket
2010-11-23 23:40:35 ----A---- C:\WINDOWS\wincheater.ini
2010-11-14 12:24:14 ----D---- C:\Documents and Settings\kluci\Data aplikací\dvdcss

======List of files/folders modified in the last 1 months======

2010-12-01 21:18:00 ----D---- C:\WINDOWS\Prefetch
2010-12-01 21:17:33 ----RD---- C:\Program Files
2010-12-01 21:11:30 ----SD---- C:\WINDOWS\Tasks
2010-12-01 21:02:14 ----D---- C:\WINDOWS\Temp
2010-12-01 20:31:39 ----D---- C:\WINDOWS\system32
2010-12-01 20:31:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-01 12:49:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-01 12:23:23 ----D---- C:\WINDOWS
2010-12-01 12:01:26 ----D---- C:\WINDOWS\Minidump
2010-11-30 07:00:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-30 00:08:15 ----D---- C:\WINDOWS\system32\drivers
2010-11-29 23:54:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-29 23:53:46 ----D---- C:\Config.Msi
2010-11-29 21:16:45 ----SHD---- C:\WINDOWS\Installer
2010-11-29 21:16:41 ----D---- C:\Program Files\Common Files\Adobe
2010-11-26 17:54:34 ----D---- C:\Program Files\myBabylon_English
2010-11-26 17:51:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-15 12:38:01 ----D---- C:\Documents and Settings\kluci\Data aplikací\Media Player Classic
2010-11-11 22:59:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-11-11 22:59:36 ----D---- C:\Documents and Settings\kluci\Data aplikací\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-08 717296]
R1 a2injectiondriver;a2injectiondriver; \??\D:\Program files\a-squared Anti-Malware\a2dix86.sys []
R1 a2util;a-squared Malware-IDS utility driver; \??\D:\Program files\a-squared Anti-Malware\a2util32.sys []
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-10-06 82380]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R3 a2acc;a2acc; \??\D:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2accx86.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-28 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-06-02 1374464]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aw0m6xi2;aw0m6xi2; C:\WINDOWS\system32\drivers\aw0m6xi2.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
S3 MapMem;MapMem; \??\J:\mapmem.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; D:\Program Files\a-squared Anti-Malware\a2service.exe [2010-11-30 2806000]
R2 a2free;a-squared Free Service; D:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 gupdate1ca066023a505c8;Služba Google Update (gupdate1ca066023a505c8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#2 Příspěvek od stell »

Zdravim
:arrow: treba odinstalovat toolbary
Ask Toolbar
Toolbar: DAEMON Tools Toolbar
:arrow: Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart
:arrow: Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
:arrow: PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#3 Příspěvek od Dominik38 »

tak jsem vse provedl, po restartu po aplikaci TFC mi vyskocilo presne 15 chybovych oken, zkusil jsem to restartovat jeste jednou a to samy..
Behem doby, co byl spusteny combofix mi 3x vyskocilo okno "V aplikaci REGT.cfxxe doslo k problemu a je treba ji zavrit..". Nevim, do jake miry to ovlivnilo, ci neovlivnilo vysledek..
Tady je ten log:

ComboFix 10-12-02.05 - kluci 03.12.2010 13:58:57.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1337 [GMT 1:00]
Spuštěný z: c:\documents and settings\kluci\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\kluci\LOCALS~1\Temp\{FAD323D6-C80E-4807-9C9F-C860E40AE182}\373b.dll
c:\documents and settings\kluci\Dokumenty\cc_20101203_135607.reg
c:\program files\Mozilla Firefox\searchplugins\qipsearch.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-03 do 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-01 20:17 . 2010-12-01 20:20 -------- d-----w- c:\program files\trend micro
2010-12-01 20:17 . 2010-12-01 20:17 -------- d-----w- C:\rsit
2010-11-30 00:25 . 2010-11-30 00:25 -------- d-----w- c:\windows\system32\SimFiles
2010-11-29 17:09 . 2010-11-29 17:09 -------- d-----w- c:\documents and settings\kluci\LimeWire
2010-11-26 16:52 . 2010-11-26 16:52 470528 --sh--w- c:\windows\system32\mapiprov32.dll
2010-11-26 16:52 . 2010-11-26 16:52 55296 --sh--w- c:\windows\system32\winmgr.dll
2010-11-26 16:44 . 2010-11-26 16:52 -------- d-----w- c:\documents and settings\kluci\Incomplete
2010-11-26 16:44 . 2010-11-26 16:51 -------- d-----w- c:\documents and settings\kluci\Shared
2010-11-26 16:41 . 2010-11-26 17:02 -------- d-----w- c:\documents and settings\kluci\Data aplikací\MP3Rocket
2010-11-14 11:24 . 2010-11-14 11:24 -------- d-----w- c:\documents and settings\kluci\Data aplikací\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-07-17 13:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-17 13:13 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-17 13:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-17 13:13 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-08-28 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-08-28 15:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-08-28 15:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-17 13:13 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-08-28 15:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-17 33628160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-21 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2010-11-29 23:09 3416968 ----a-w- d:\program files\a-squared Anti-Malware\a2guard.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\TmNationsForever\\TmForever.exe"=
"d:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"e:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program files\\iTunes\\iTunes.exe"=
"e:\\Descent 1\\DESCENT\\d1x-rebirth-gl.exe"=
"d:\\Program files\\Quake2\\quake2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.10.2008 22:46 717296]
R1 a2injectiondriver;a2injectiondriver;d:\program files\a-squared Anti-Malware\a2dix86.sys [30.11.2010 0:09 41928]
R1 a2util;a-squared Malware-IDS utility driver;d:\program files\a-squared Anti-Malware\a2util32.sys [30.11.2010 0:09 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.7.2010 14:13 165584]
R2 a2AntiMalware;a-squared Anti-Malware Service;d:\program files\a-squared Anti-Malware\a2service.exe [6.1.2010 11:43 2806000]
R2 a2free;a-squared Free Service;d:\program files\a-squared Free\a2service.exe [13.3.2009 13:30 425080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.7.2010 14:13 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [16.7.2010 10:27 20328]
R3 a2acc;a2acc;d:\program files\a-squared Anti-Malware\a2accx86.sys [30.11.2010 0:09 72808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [22.7.2010 16:58 1374464]
S2 gupdate1ca066023a505c8;Služba Google Update (gupdate1ca066023a505c8);c:\program files\Google\Update\GoogleUpdate.exe [16.7.2009 22:55 133104]
S3 MapMem;MapMem;\??\j:\mapmem.sys --> j:\mapmem.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mydtzone.com/startpage
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=8182
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\program files\real player\Netscape6\nppl3260.dll
FF - plugin: d:\program files\real player\Netscape6\nprjplug.dll
FF - plugin: d:\program files\real player\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Veetle\Player\npvlc.dll
FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 14:04
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,b2,f6,64,1f,ae,b9,2a,74,5c,c0,d1,d8,7a,11,81,e5,b7,59,34,01,
3b,56,9d,86,a0,eb,a4,b4,e2,39,1a,0b,26,bf,3f,39,6b,89,3f,97,d9,6f,d8,7d,82,\
"rkeysecu"=hex:69,26,e0,4f,df,8a,a7,64,9c,97,ee,86,9b,b1,9b,c9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-03 14:06:59
ComboFix-quarantined-files.txt 2010-12-03 13:06

Před spuštěním: 1 920 299 008
Po spuštění: 1 877 884 928

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 12B44A8754A7E9FA8BFEB7B6D9481D52

Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#4 Příspěvek od stell »

je to ok.
otestuj na www.virustotal.com
c:\windows\system32\mapiprov32.dll
c:\windows\system32\winmgr.dll

linky vloz sem
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek


Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#6 Příspěvek od stell »

noo, dame to prec, pravdepodobne su to smejdy, nakolko ani google nepozna.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\system32\mapiprov32.dll
c:\windows\system32\winmgr.dll
 DDS::
uStart Page = hxxp://www.mydtzone.com/startpage
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=8182
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#7 Příspěvek od Dominik38 »

opet mi tam vyskakoval ten problem s REGT.cfxxe a restartovalo se pc, pak to vytvorilo ten log. Uz tam ale po restartu nenaskocilo to mracno chyb, jako minule...

ComboFix 10-12-02.06 - kluci 03.12.2010 16:34:45.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1294 [GMT 1:00]
Spuštěný z: c:\documents and settings\kluci\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kluci\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

FILE ::
"c:\windows\system32\mapiprov32.dll"
"c:\windows\system32\winmgr.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kluci\Dokumenty\cc_20101203_163026.reg
c:\windows\system32\mapiprov32.dll
c:\windows\system32\winmgr.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-03 do 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-01 20:17 . 2010-12-01 20:20 -------- d-----w- c:\program files\trend micro
2010-12-01 20:17 . 2010-12-01 20:17 -------- d-----w- C:\rsit
2010-11-30 00:25 . 2010-11-30 00:25 -------- d-----w- c:\windows\system32\SimFiles
2010-11-29 17:09 . 2010-11-29 17:09 -------- d-----w- c:\documents and settings\kluci\LimeWire
2010-11-26 16:44 . 2010-11-26 16:52 -------- d-----w- c:\documents and settings\kluci\Incomplete
2010-11-26 16:44 . 2010-11-26 16:51 -------- d-----w- c:\documents and settings\kluci\Shared
2010-11-26 16:41 . 2010-11-26 17:02 -------- d-----w- c:\documents and settings\kluci\Data aplikací\MP3Rocket
2010-11-14 11:24 . 2010-11-14 11:24 -------- d-----w- c:\documents and settings\kluci\Data aplikací\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-07-17 13:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-17 13:13 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-17 13:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-17 13:13 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-08-28 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-08-28 15:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-08-28 15:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-17 13:13 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-08-28 15:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-03_13.05.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-03 15:40 . 2010-12-03 15:40 16384 c:\windows\temp\Perflib_Perfdata_5f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-17 33628160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-21 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2010-11-29 23:09 3416968 ----a-w- d:\program files\a-squared Anti-Malware\a2guard.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\TmNationsForever\\TmForever.exe"=
"d:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"e:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program files\\iTunes\\iTunes.exe"=
"e:\\Descent 1\\DESCENT\\d1x-rebirth-gl.exe"=
"d:\\Program files\\Quake2\\quake2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.10.2008 22:46 717296]
R1 a2injectiondriver;a2injectiondriver;d:\program files\a-squared Anti-Malware\a2dix86.sys [30.11.2010 0:09 41928]
R1 a2util;a-squared Malware-IDS utility driver;d:\program files\a-squared Anti-Malware\a2util32.sys [30.11.2010 0:09 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.7.2010 14:13 165584]
R2 a2AntiMalware;a-squared Anti-Malware Service;d:\program files\a-squared Anti-Malware\a2service.exe [6.1.2010 11:43 2806000]
R2 a2free;a-squared Free Service;d:\program files\a-squared Free\a2service.exe [13.3.2009 13:30 425080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.7.2010 14:13 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [16.7.2010 10:27 20328]
R3 a2acc;a2acc;d:\program files\a-squared Anti-Malware\a2accx86.sys [30.11.2010 0:09 72808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [22.7.2010 16:58 1374464]
S2 gupdate1ca066023a505c8;Služba Google Update (gupdate1ca066023a505c8);c:\program files\Google\Update\GoogleUpdate.exe [16.7.2009 22:55 133104]
S3 MapMem;MapMem;\??\j:\mapmem.sys --> j:\mapmem.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\program files\real player\Netscape6\nppl3260.dll
FF - plugin: d:\program files\real player\Netscape6\nprjplug.dll
FF - plugin: d:\program files\real player\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Veetle\Player\npvlc.dll
FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 16:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,b2,f6,64,1f,ae,b9,2a,74,5c,c0,d1,d8,7a,11,81,e5,b7,59,34,01,
3b,56,9d,86,a0,eb,a4,b4,e2,39,1a,0b,26,bf,3f,39,6b,89,3f,97,d9,6f,d8,7d,82,\
"rkeysecu"=hex:69,26,e0,4f,df,8a,a7,64,9c,97,ee,86,9b,b1,9b,c9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-03 16:43:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-03 15:43
ComboFix2.txt 2010-12-03 13:06

Před spuštěním: 1 850 662 912
Po spuštění: 1 836 011 520

- - End Of File - - FCF3484164FF5CA66190618218A72010

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#8 Příspěvek od Dominik38 »

btw ten netsh.exe uz je fuc:)

Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#9 Příspěvek od stell »

precisti CCleanerom
No ako je na tom PC??
nakolko combofix hlasi
detected NTDLL code modification:
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#10 Příspěvek od Dominik38 »

Puvodni problem, kvuli kteremu jsem se ozval se vytratil, nicmene ok to zrejme neni. Chtel jsem zapnout combofix, abych mohl odpovedet na posledni otazku, ale pote, co vypnu anvir, firewall... tak combofix nejde spustit a nejen combofix, nejde spustit prakticky nic, ani restart, nakonec jsem musel dat tezkej reset. Zkusil jsem to znovu a zase

Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#11 Příspěvek od stell »

stiahni na plochu a spust;
http://www.raktor.net/exeHelper/exeHelper.scr

log vloz sem

Pravy klik na ikonu combofixu-premenuj na uninstall a spust
combofix sa odinstaluje.

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#12 Příspěvek od Dominik38 »

stell píše:stiahni na plochu a spust;
http://www.raktor.net/exeHelper/exeHelper.scr
mam predtim vypnout antivir? Blokuje nejake chovani programu

Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:

Re: vyuziti CPU neustale +-30%

#13 Příspěvek od stell »

nemusis, to ti prebehne prikazovy riadok a otvori sa log, vloz sem, a pokracuj podla navodu.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!

Obrázek

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#14 Příspěvek od Dominik38 »

exeHelper by Raktor
Build 20100414
Run at 11:04:30 on 12/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
exeHelper by Raktor
Build 20100414
Run at 19:18:47 on 12/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
exeHelper by Raktor
Build 20100414
Run at 19:19:54 on 12/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Dominik38
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 01 pro 2010 21:24

Re: vyuziti CPU neustale +-30%

#15 Příspěvek od Dominik38 »

ComboFix 10-12-03.03 - kluci 04.12.2010 19:39:22.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1465 [GMT 1:00]
Spuštěný z: c:\documents and settings\kluci\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kluci\Dokumenty\cc_20101203_211123.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-01 20:17 . 2010-12-04 18:35 -------- d-----w- c:\program files\trend micro
2010-11-30 00:25 . 2010-11-30 00:25 -------- d-----w- c:\windows\system32\SimFiles
2010-11-29 17:09 . 2010-11-29 17:09 -------- d-----w- c:\documents and settings\kluci\LimeWire
2010-11-26 16:44 . 2010-11-26 16:52 -------- d-----w- c:\documents and settings\kluci\Incomplete
2010-11-26 16:44 . 2010-11-26 16:51 -------- d-----w- c:\documents and settings\kluci\Shared
2010-11-26 16:41 . 2010-11-26 17:02 -------- d-----w- c:\documents and settings\kluci\Data aplikací\MP3Rocket
2010-11-14 11:24 . 2010-11-14 11:24 -------- d-----w- c:\documents and settings\kluci\Data aplikací\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 15:12 . 2010-07-17 13:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-17 13:13 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-17 13:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-17 13:13 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-08-28 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-08-28 15:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-08-28 15:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-17 13:13 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-08-28 15:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-17 33628160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-21 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2010-11-29 23:09 3416968 ----a-w- d:\program files\a-squared Anti-Malware\a2guard.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\TmNationsForever\\TmForever.exe"=
"d:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"e:\\Program files\\QIP\\qip.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program files\\iTunes\\iTunes.exe"=
"e:\\Descent 1\\DESCENT\\d1x-rebirth-gl.exe"=
"d:\\Program files\\Quake2\\quake2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.10.2008 22:46 717296]
R1 a2injectiondriver;a2injectiondriver;d:\program files\a-squared Anti-Malware\a2dix86.sys [30.11.2010 0:09 41928]
R1 a2util;a-squared Malware-IDS utility driver;d:\program files\a-squared Anti-Malware\a2util32.sys [30.11.2010 0:09 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.7.2010 14:13 165584]
R2 a2AntiMalware;a-squared Anti-Malware Service;d:\program files\a-squared Anti-Malware\a2service.exe [6.1.2010 11:43 2806000]
R2 a2free;a-squared Free Service;d:\program files\a-squared Free\a2service.exe [13.3.2009 13:30 425080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.7.2010 14:13 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [16.7.2010 10:27 20328]
R3 a2acc;a2acc;d:\program files\a-squared Anti-Malware\a2accx86.sys [30.11.2010 0:09 72808]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [22.7.2010 16:58 1374464]
S2 gupdate1ca066023a505c8;Služba Google Update (gupdate1ca066023a505c8);c:\program files\Google\Update\GoogleUpdate.exe [16.7.2009 22:55 133104]
S3 MapMem;MapMem;\??\j:\mapmem.sys --> j:\mapmem.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 21:55]

2010-12-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-12-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1757981266-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\program files\real player\Netscape6\nppl3260.dll
FF - plugin: d:\program files\real player\Netscape6\nprjplug.dll
FF - plugin: d:\program files\real player\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Veetle\Player\npvlc.dll
FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\documents and settings\kluci\Data aplikací\Mozilla\Firefox\Profiles\mhw9ki06.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 19:44
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,b2,f6,64,1f,ae,b9,2a,74,5c,c0,d1,d8,7a,11,81,e5,b7,59,34,01,
3b,56,9d,86,a0,eb,a4,b4,e2,39,1a,0b,26,bf,3f,39,6b,89,3f,97,d9,6f,d8,7d,82,\
"rkeysecu"=hex:69,26,e0,4f,df,8a,a7,64,9c,97,ee,86,9b,b1,9b,c9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-04 19:45:49
ComboFix-quarantined-files.txt 2010-12-04 18:45

Před spuštěním: 2 249 551 872
Po spuštění: 2 207 375 360

- - End Of File - - 21A850ED855621423E15660B5E03161D

Odpovědět