VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vyťaženie CPU 100%

https://forum.viry.cz:443/viewtopic.php?t=126420

Stránka 2 z 2

Re: Vyťaženie CPU 100%

Napsal: 09 pro 2012 22:44
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Vyťaženie CPU 100%

Napsal: 10 pro 2012 00:45
od lukycrust
trvalo to neskutočne dlho,ale tu je to...

ComboFix log:

ComboFix 12-12-07.01 - HP Elitebook . 12. 2012 23:04:09.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3957.2205 [GMT 1:00]
Running from: c:\users\HP Elitebook\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP Elitebook\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\update
c:\windows\SysWow64\update\diablo121016.cl
c:\windows\SysWow64\update\diakgcn121016.cl
c:\windows\SysWow64\update\igfxupdate.exe
c:\windows\SysWow64\update\libcurl-4.dll
c:\windows\SysWow64\update\libeay32.dll
c:\windows\SysWow64\update\libidn-11.dll
c:\windows\SysWow64\update\libusb-1.0.dll
c:\windows\SysWow64\update\phatk121016.cl
c:\windows\SysWow64\update\poclbm121016.cl
c:\windows\SysWow64\update\poclbm121016NVS 5100Mv1w256l4.bin
c:\windows\SysWow64\update\pthreadGC2.dll
c:\windows\SysWow64\update\scrypt121016.cl
c:\windows\SysWow64\update\ssleay32.dll
c:\windows\SysWow64\update\zlib1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 23:06 . 2012-12-09 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-09 18:28 . 2012-12-09 22:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5644740B-11C9-4D51-B4F7-361D6153A6CF}\offreg.dll
2012-12-09 16:22 . 2012-12-09 19:13 -------- d-----w- c:\program files (x86)\trend micro
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\programdata\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-09 13:37 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 23:35 . 2012-12-07 12:37 269824 ----a-w- c:\windows\SysWow64\igfxupdate.exe
2012-12-07 18:09 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5644740B-11C9-4D51-B4F7-361D6153A6CF}\mpengine.dll
2012-12-06 23:35 . 2012-12-07 12:37 410112 ----a-w- c:\windows\system32\taskhost.rs
2012-12-06 23:35 . 2012-12-07 12:37 307712 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-12-06 23:35 . 2012-12-07 12:37 269824 ----a-w- c:\windows\system32\SearchEngine.rs
2012-12-05 10:49 . 2012-12-05 10:49 -------- d-----w- c:\programdata\Orbit
2012-12-04 22:07 . 2012-12-04 22:07 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-12-04 22:06 . 2012-12-04 22:06 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-04 20:42 . 2012-12-08 20:28 -------- d-----w- c:\program files (x86)\EVGA Precision X
2012-11-27 09:52 . 2012-11-27 09:52 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\MW3 FoV Changer
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\SCE
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- C:\Crash
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\Sony Online Entertainment
2012-11-22 15:55 . 2012-11-22 15:55 -------- d-----w- c:\users\HP Elitebook\AppData\Local\ESET
2012-11-22 15:53 . 2012-11-22 15:53 -------- d-----w- c:\program files\ESET
2012-11-21 12:51 . 2012-11-21 12:51 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Theta
2012-11-16 02:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 02:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 02:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 02:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 02:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 02:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 02:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 02:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 02:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 02:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 02:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-05 14:16 . 2012-06-28 14:05 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-05 14:16 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-05 10:50 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-04 22:08 . 2012-03-07 14:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-04 22:08 . 2012-03-07 14:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-16 02:03 . 2012-03-02 06:41 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 16:04 . 2012-06-05 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-30 22:50 . 2012-03-01 22:26 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:42 . 2012-10-30 19:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-30 19:42 . 2012-06-28 18:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-30 19:42 . 2012-06-28 18:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-27 21:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 08:26 . 2012-06-13 06:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 08:26 . 2012-06-13 06:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-09-19 17:06 . 2012-03-07 14:47 19131904 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-09-14 19:19 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-05 968592]
"Steam"="e:\steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 cpuz130;cpuz130;c:\users\HPELIT~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-09 362040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-11-11 704512]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 44576]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 SearchIndexer;Search Indexer;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-05 293552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-06-29 15176]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PROCEXP152
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 08:26]
.
2012-12-08 c:\windows\Tasks\HPCeeScheduleForHP Elitebook.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-14 6325424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - e:\hry\Ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-10 00:42:44
ComboFix-quarantined-files.txt 2012-12-09 23:42
.
Pre-Run: 15 268 773 888 bytes free
Post-Run: 15 055 482 880 bytes free
.
- - End Of File - - FCA1D26FD8B7A4C3138BD299E7958EAE

Re: Vyťaženie CPU 100%

Napsal: 10 pro 2012 23:03
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\system32\taskhost.rs

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 09:25
od lukycrust
problém stále pretrváva..je to v poriadku ak ComboFix,zase vykonával kontrolu???

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 17:24
od Rudy
lukycrust píše:..je to v poriadku ak ComboFix,zase vykonával kontrolu???
Jistě. Mazal ale jen to, co měl ve skriptu. Rád bych viděl log z posledního skenu.

Dále zkuste toto:
1/ spusťte Správce úloh (Task manager) a nechte spuštěný - kombinace Ctrl+Alt+Delete nebo Ctrl+Shift+Esc
2/ najděte v adresářích "C:\Windows\SysWOW64\igfxupdate.exe" - "C:\Windows\SysWOW64\update\igfxupdate.exe"
"C:\Windows\system32\igfxupdate.exe" - smažte ho
3/ Start -> Spustit - napište services.msc -> Enter
4/ najděte službu Search Indexer -> klik pravým -> na roletce kde je "Automatic" změň na "Disable" ("Zakázáno")
5/ restartujte
6/ Start -> Spustit - napište cmd -> klik pravým - spustit jako Administrátor (Run as an Administrator)
7/ do černého okna napište sc delete SearchIndexer -> Enter

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 17:50
od lukycrust
Log z posledného scanu:

ComboFix 12-12-07.01 - HP Elitebook . 12. 2012 1:20.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3957.2052 [GMT 1:00]
Running from: c:\users\HP Elitebook\Desktop\ComboFix.exe
Command switches used :: c:\users\HP Elitebook\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\system32\taskhost.rs"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP Elitebook\AppData\Local\Temp\7E57.tmp
c:\users\HP Elitebook\AppData\Local\Temp\FA0C.tmp
c:\users\HPELIT~1\AppData\Local\Temp\7E57.tmp
c:\users\HPELIT~1\AppData\Local\Temp\FA0C.tmp
c:\windows\system32\taskhost.rs
.
.
((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 01:14 . 2012-12-11 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-10 02:53 . 2012-12-10 02:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5644740B-11C9-4D51-B4F7-361D6153A6CF}\offreg.dll
2012-12-09 16:22 . 2012-12-09 19:13 -------- d-----w- c:\program files (x86)\trend micro
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\programdata\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-09 13:37 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 23:35 . 2012-12-07 12:37 269824 ----a-w- c:\windows\SysWow64\igfxupdate.exe
2012-12-07 18:09 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5644740B-11C9-4D51-B4F7-361D6153A6CF}\mpengine.dll
2012-12-06 23:35 . 2012-12-07 12:37 307712 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-12-06 23:35 . 2012-12-07 12:37 269824 ----a-w- c:\windows\system32\SearchEngine.rs
2012-12-05 10:49 . 2012-12-05 10:49 -------- d-----w- c:\programdata\Orbit
2012-12-04 22:07 . 2012-12-04 22:07 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-12-04 22:06 . 2012-12-04 22:06 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-04 20:42 . 2012-12-08 20:28 -------- d-----w- c:\program files (x86)\EVGA Precision X
2012-11-27 09:52 . 2012-11-27 09:52 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\MW3 FoV Changer
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\SCE
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- C:\Crash
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\Sony Online Entertainment
2012-11-22 15:55 . 2012-11-22 15:55 -------- d-----w- c:\users\HP Elitebook\AppData\Local\ESET
2012-11-22 15:53 . 2012-11-22 15:53 -------- d-----w- c:\program files\ESET
2012-11-21 12:51 . 2012-11-21 12:51 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Theta
2012-11-16 02:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 02:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 02:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 02:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 02:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 02:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 02:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 02:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 02:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 02:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 02:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-05 14:16 . 2012-06-28 14:05 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-05 14:16 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-05 10:50 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-04 22:08 . 2012-03-07 14:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-04 22:08 . 2012-03-07 14:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-16 02:03 . 2012-03-02 06:41 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 16:04 . 2012-06-05 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-30 22:50 . 2012-03-01 22:26 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:42 . 2012-10-30 19:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-30 19:42 . 2012-06-28 18:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-30 19:42 . 2012-06-28 18:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-27 21:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 08:26 . 2012-06-13 06:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 08:26 . 2012-06-13 06:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-09-19 17:06 . 2012-03-07 14:47 19131904 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-09-14 19:19 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-10 969104]
"Steam"="e:\steam\steam.exe" [2012-12-04 1354736]
"<NO NAME>"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 cpuz130;cpuz130;c:\users\HPELIT~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-09 362040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-11-11 704512]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 44576]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 SearchIndexer;Search Indexer;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-05 293552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-06-29 15176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 08:26]
.
2012-12-08 c:\windows\Tasks\HPCeeScheduleForHP Elitebook.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-14 6325424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - e:\hry\Ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\EVGA Precision X\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
.
**************************************************************************
.
Completion time: 2012-12-11 02:39:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-11 01:39
ComboFix2.txt 2012-12-09 23:42
.
Pre-Run: 15 179 968 512 bytes free
Post-Run: 14 989 422 592 bytes free
.
- - End Of File - - CA9442259E278043FA332FF1686D680C

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 17:56
od Rudy
Ještě jednou spusťte CF tímto skriptem:
File::
c:\windows\system32\SearchEngine.rs

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 18:14
od lukycrust
už sa spáva PC v poriadku :thumbsup:

log z CF,ak je potreba:

ComboFix 12-12-07.01 - HP Elitebook . 12. 2012 18:05:24.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3957.2254 [GMT 1:00]
Running from: c:\users\HP Elitebook\Desktop\ComboFix.exe
Command switches used :: c:\users\HP Elitebook\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\SearchEngine.rs"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SearchEngine.rs
.
.
((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-11 06:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6423E3B-F835-4738-AD66-013B38F0E835}\mpengine.dll
2012-12-09 16:22 . 2012-12-09 19:13 -------- d-----w- c:\program files (x86)\trend micro
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\programdata\Malwarebytes
2012-12-09 13:37 . 2012-12-09 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-09 13:37 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-06 23:35 . 2012-12-07 12:37 307712 ----a-w- c:\windows\system32\SearchIndexer.dll
2012-12-05 10:49 . 2012-12-05 10:49 -------- d-----w- c:\programdata\Orbit
2012-12-04 22:07 . 2012-12-04 22:07 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-12-04 22:06 . 2012-12-04 22:06 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-04 20:42 . 2012-12-08 20:28 -------- d-----w- c:\program files (x86)\EVGA Precision X
2012-11-27 09:52 . 2012-11-27 09:52 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\MW3 FoV Changer
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\SCE
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- C:\Crash
2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\HP Elitebook\AppData\Local\Sony Online Entertainment
2012-11-22 15:55 . 2012-11-22 15:55 -------- d-----w- c:\users\HP Elitebook\AppData\Local\ESET
2012-11-22 15:53 . 2012-11-22 15:53 -------- d-----w- c:\program files\ESET
2012-11-21 12:51 . 2012-11-21 12:51 -------- d-----w- c:\users\HP Elitebook\AppData\Roaming\Theta
2012-11-16 02:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 02:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 02:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 02:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 02:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 02:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 02:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 02:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 02:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 02:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 02:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-05 14:16 . 2012-06-28 14:05 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-05 14:16 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-05 10:50 . 2012-06-05 18:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-04 22:08 . 2012-03-07 14:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-04 22:08 . 2012-03-07 14:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-16 02:03 . 2012-03-02 06:41 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 16:04 . 2012-06-05 18:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-30 22:50 . 2012-03-01 22:26 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 19:42 . 2012-10-30 19:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-30 19:42 . 2012-06-28 18:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-30 19:42 . 2012-06-28 18:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-27 21:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 08:26 . 2012-06-13 06:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 08:26 . 2012-06-13 06:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-09-19 17:06 . 2012-03-07 14:47 19131904 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-09-14 19:19 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-10 969104]
"Steam"="e:\steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 cpuz130;cpuz130;c:\users\HPELIT~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-09 362040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-11-11 704512]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 44576]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [2009-03-03 89600]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-14 1329304]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-05 293552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-06-29 15176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 08:26]
.
2012-12-08 c:\windows\Tasks\HPCeeScheduleForHP Elitebook.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-14 6325424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - e:\hry\Ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-11 18:12:24
ComboFix-quarantined-files.txt 2012-12-11 17:12
ComboFix2.txt 2012-12-11 01:39
ComboFix3.txt 2012-12-09 23:42
.
Pre-Run: 14 852 395 008 bytes free
Post-Run: 14 776 512 512 bytes free
.
- - End Of File - - EF7644409712017519BE79F424BAB10D

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 19:23
od Rudy
Log již vypadá čistý. Nastala nějaká změna?

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 19:30
od lukycrust
áno,už to vyzerá byť úplne v poriadku,CPU sa už nevyťažuje na 100%,ale chova sa normálne...

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 19:40
od Rudy
OK. To jsem rád. :)

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 19:46
od lukycrust
tak ti patrí moje veľké ďakujem za tvoju pomoc a za tvoj čas vynaložený s pomocou pri mojom probléme..je skvelé,že sa nájdu ľudia,ktorý si nájdu čas s pomocou iným..ešte raz jedno veľké DÍK...a hlavne nech sa darí :thumbsup: :D

Re: Vyťaženie CPU 100%

Napsal: 11 pro 2012 19:51
od Rudy
Já a celý team děkujeme za přání a vy nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz