VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Využití CPU 100%, žádné procesy neběží

https://forum.viry.cz:443/viewtopic.php?t=103727

Stránka 1 z 1

Využití CPU 100%, žádné procesy neběží

Napsal: 15 srp 2010 20:49
od constantine.johny
Dobrý den, mám problém s ntb HP Compaq 2710p, po aktualizaci QuickLaunch Buttons (speciální ovládací prvky na klávesnici) mi procesor běží skoro stále na 100%, i když ve Správci úloh žádné procesy využívající znatelně CPU neběží.

Můj log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by constantine at 2010-08-15 21:26:10
Microsoft Windows 7 Professional
System drive D: has 2 GB (8%) free of 21 GB
Total RAM: 2023 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:32:24, on 15.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
D:\Windows\SYSTEM32\WISPTIS.EXE
D:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\ActivIdentity\ActivClient\acevents.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
D:\Windows\WindowsMobile\wmdc.exe
D:\Windows\System32\igfxtray.exe
D:\Windows\System32\hkcmd.exe
D:\Windows\System32\igfxpers.exe
D:\Windows\system32\igfxsrvc.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Bluetooth Software\BTTray.exe
D:\Windows\system32\wuauclt.exe
C:\Program Files\QIP Infium\infium.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
D:\Windows\System32\mobsync.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Bluetooth Software\BtStackServer.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\constantine\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\taskmgr.exe
D:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
D:\Program Files\Windows Media Player\wmplayer.exe
C:\Downloads\RSIT.exe
D:\Program Files\trend micro\constantine.exe
D:\Windows\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - D:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [acevents] "D:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe D:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IgfxTray] D:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\Windows\system32\guard32.dll D:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - D:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - D:\Windows\system32\AEADISRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - D:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - D:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - D:\Windows\System32\MrobeService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServiceISD - Wacom Technology, Corp. - D:\Program Files\Tablet\ISD\ISD_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - D:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11072 bytes

======Scheduled tasks folder======

D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-02 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - D:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28 98576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=D:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-20 1800464]
"Broadcom Wireless Manager UI"=D:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2009-11-26 4367360]
"QlbCtrl.exe"=D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-24 349240]
"SoundMAXPnP"=D:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"acevents"=D:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
""= []
"accrdsub"=D:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"PTHOSTTR"=D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-08-07 354360]
"CognizanceTS"=D:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-07-28 24848]
"Windows Mobile Device Center"=D:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IgfxTray"=D:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=D:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=D:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-29 1545512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
D:\Windows\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Users\constantine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
D:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
D:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-04-12 2937528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
D:\Users\constantine\AppData\Roaming\QipGuard\QipGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2009-11-09 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder]
C:\Program Files\Vtelevizi.cz reminder\VtvReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager]
iexplorer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
D:\Windows\ZSSnp211.exe [2006-07-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^m-trip Launcher.lnk]
C:\PROGRA~1\m-trip\Bin\M-TRIP~1.EXE [2005-06-16 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Users^constantine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
D:\Users\constantine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\Windows\system32\guard32.dll D:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe"="D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe:*:Enabled:Windows Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*
.txt - open - D:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-08-15 21:27:05 ----D---- D:\Program Files\trend micro
2010-08-15 21:26:10 ----D---- D:\rsit
2010-08-14 21:16:05 ----A---- D:\Windows\SStylerPro.ini
2010-08-10 15:21:07 ----D---- D:\Users\constantine\AppData\Roaming\BitComet
2010-08-09 13:35:13 ----D---- D:\Program Files\HP USB Docking Video
2010-08-09 13:32:12 ----A---- D:\Windows\system32\drivers\dlkmd.sys
2010-08-09 13:32:10 ----A---- D:\Windows\system32\drivers\dlkmdldr.sys
2010-08-09 13:28:19 ----A---- D:\Windows\system32\dlumd9.dll
2010-08-09 13:28:19 ----A---- D:\Windows\system32\dlumd10.dll
2010-08-09 13:15:05 ----D---- D:\Users\constantine\AppData\Roaming\WTablet
2010-08-09 11:38:27 ----A---- D:\Windows\system32\Wintab32.dll
2010-08-09 11:38:26 ----A---- D:\Windows\system32\ISD_Tablet.dll
2010-08-09 11:37:56 ----A---- D:\Windows\system32\drivers\wacommousefilter.sys
2010-08-09 11:37:42 ----A---- D:\Windows\system32\drivers\wacomvhid.sys
2010-08-09 11:36:27 ----A---- D:\Windows\system32\drivers\wisdpen.sys
2010-08-09 11:36:19 ----D---- D:\Program Files\Tablet
2010-08-09 11:01:29 ----D---- D:\Program Files\Synaptics
2010-08-09 10:49:11 ----A---- D:\Windows\system32\drivers\udfs.sys
2010-08-09 10:48:08 ----A---- D:\Windows\system32\drivers\usbhub.sys
2010-08-01 14:38:07 ----D---- D:\Program Files\HP QuickLaunch
2010-07-30 13:27:44 ----A---- D:\Windows\system32\drivers\nocashio.sys
2010-07-30 12:10:22 ----D---- D:\Users\constantine\AppData\Roaming\VBA-M

======List of files/folders modified in the last 1 months======

2010-08-15 21:31:29 ----D---- D:\Windows\Temp
2010-08-15 21:27:05 ----RD---- D:\Program Files
2010-08-15 21:26:27 ----D---- D:\Users\constantine\AppData\Roaming\Skype
2010-08-15 21:16:06 ----D---- D:\Windows\system32\drivers
2010-08-15 20:29:51 ----D---- D:\Windows\system32\config
2010-08-15 20:19:52 ----D---- D:\Users\constantine\AppData\Roaming\skypePM
2010-08-15 20:14:29 ----D---- D:\ProgramData\hpqLog
2010-08-14 23:35:43 ----D---- D:\Users\constantine\AppData\Roaming\vlc
2010-08-14 22:38:35 ----D---- D:\Users\constantine\AppData\Roaming\Adobe
2010-08-14 22:38:35 ----D---- D:\ProgramData\Adobe
2010-08-14 22:01:36 ----D---- D:\Windows
2010-08-14 20:31:17 ----D---- D:\Windows\Prefetch
2010-08-14 20:22:26 ----SHD---- D:\System Volume Information
2010-08-11 09:37:49 ----D---- D:\inetpub
2010-08-10 15:28:31 ----D---- D:\ProgramData\boost_interprocess
2010-08-09 21:29:14 ----D---- D:\Windows\system32\NDF
2010-08-09 16:05:33 ----D---- D:\Windows\system32\catroot
2010-08-09 15:33:28 ----SHD---- D:\Windows\Installer
2010-08-09 15:33:09 ----SHD---- D:\Config.Msi
2010-08-09 14:10:51 ----D---- D:\Program Files\Hewlett-Packard
2010-08-09 14:10:30 ----D---- D:\Windows\System32
2010-08-09 13:53:44 ----D---- D:\Program Files\Common Files\ActivIdentity
2010-08-09 13:33:34 ----D---- D:\Windows\system32\DriverStore
2010-08-09 13:33:33 ----D---- D:\Windows\inf
2010-08-09 13:32:30 ----D---- D:\Program Files\DisplayLink Core Software
2010-08-09 11:30:28 ----RSD---- D:\Windows\assembly
2010-08-09 11:01:20 ----D---- D:\Windows\system32\catroot2
2010-08-09 10:55:11 ----D---- D:\Windows\winsxs
2010-08-09 10:47:29 ----D---- D:\Windows\SoftwareDistribution
2010-08-08 18:35:21 ----D---- D:\Windows\pss
2010-08-08 18:05:16 ----D---- D:\Windows\Logs
2010-08-01 14:55:13 ----D---- D:\Windows\system32\wdi
2010-07-31 22:20:39 ----A---- D:\Windows\system32\PerfStringBackup.INI
2010-07-21 09:59:59 ----D---- D:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 dlkmdldr;dlkmdldr; D:\Windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
R0 pciide;pciide; D:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SafeBoot;SafeBoot; D:\Windows\system32\drivers\SafeBoot.sys [2009-07-29 109216]
R0 SbAlg;SbAlg; D:\Windows\system32\drivers\SbAlg.sys [2009-07-29 51408]
R0 SbFsLock;SbFsLock; D:\Windows\system32\drivers\SbFsLock.sys [2009-07-29 12960]
R0 sptd;sptd; D:\Windows\System32\Drivers\sptd.sys [2010-01-03 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; D:\Windows\System32\DRIVERS\cmdguard.sys [2009-11-27 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; D:\Windows\System32\DRIVERS\cmdhlp.sys [2009-11-20 29520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 inspect;COMODO Internet Security Firewall Driver; D:\Windows\system32\DRIVERS\inspect.sys [2009-11-20 74328]
R1 RsvLock;RsvLock; D:\Windows\system32\drivers\RsvLock.sys [2009-07-29 12528]
R2 atksgt;atksgt; D:\Windows\system32\DRIVERS\atksgt.sys [2010-08-08 281760]
R2 lirsgt;lirsgt; D:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-08 25888]
R2 mdmxsdk;mdmxsdk; D:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NPF;NetGroup Packet Filter Driver; D:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 XAudio;XAudio; D:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; D:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; D:\Windows\System32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
R3 BthEnum;Bluetooth Request Block Driver; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 dlkmd;dlkmd; D:\Windows\system32\drivers\dlkmd.sys [2009-11-20 165488]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\Windows\system32\DRIVERS\e1e6232.sys [2009-06-05 219352]
R3 HBtnKey;HBtnKey; D:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; D:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 HSF_DPV;HSF_DPV; D:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; D:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; D:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; D:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rimmptsk;rimmptsk; D:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 sdbus;sdbus; D:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SynTP;Synaptics TouchPad Driver; D:\Windows\system32\DRIVERS\SynTP.sys [2009-07-29 213680]
R3 TPM;TPM; D:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 wacommousefilter;Wacom Mouse Filter Driver; D:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; D:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-21 14120]
R3 winachsf;winachsf; D:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WISDPen;Wacom Penabled MiniDriver; D:\Windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]
S2 Parvdm;Parvdm; D:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; D:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; D:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); D:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; D:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 EagleNT;EagleNT; \??\D:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys [2010-02-07 25280]
S3 nocashio;nocashio; D:\Windows\system32\drivers\nocashio.sys [2010-07-30 4096]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; D:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; D:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; D:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; D:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; D:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; D:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; D:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WINUSB;Ovladač WinUsb; D:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; D:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AEADIFilters;Andrea ADI Filters Service; D:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ASBroker;Logon Session Broker; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ASChannel;Local Communication Channel; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ATService;AuthenTec Fingerprint Service; D:\Program Files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-20 723632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DisplayLinkService;DisplayLinkManager; D:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 4715880]
R2 HP ProtectTools Service;HP ProtectTools Service; D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
R2 HpFkCryptService;Drive Encryption Service; D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
R2 MrobeService;MrobeService; D:\Windows\System32\MrobeService.exe [2005-06-14 65536]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TabletServiceISD;TabletServiceISD; D:\Program Files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; D:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 XAudioService;XAudioService; D:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
R3 Com4QLBEx;Com4QLBEx; D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Google Update Service (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; D:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]

-----------------EOF-----------------

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 07:54
od vyosek
Zdravim, pekne rano preji a vitam Vas u nas na foru Obrázek

:arrow: Odstrante prosim log z code spatne se to lusti a setrite tim i radcum oci
:arrow: I dalsi logy co budou nedavejte do code

:arrow: Uvolnete misto na disku, pro chod W7 to chce alespon 4 giga :wink:

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 10:44
od constantine.johny
Děkuji za přivítání :)

Log jsem upravil, aby nebyl v code.
Disk jsem vyčistil, nyní má 5,40 GB volného místa, nicméně procesor občas nadále vyletí na 60 - 100%, i když žádné procesy, které by ho znatelně zatěžovaly, neběží.

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 11:01
od vyosek
:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • D:\Windows\system32\dlumd9.dll
    D:\Windows\system32\dlumd10.dll
    D:\Windows\system32\drivers\dlkmdldr.sys
    D:\Windows\system32\drivers\dlkmd.sys
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
  • Kliknete na Otestovat soubor
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Spustte HJT a provedeme fixnuti polozek
  • HJT najdete zde D:\Program Files\trend micro\constantine.exe
  • Otevre se Vam okno, kliknete na Do a system scan only
  • V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
  • Kliknete na Fix checked (vlevo dole)
  • HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo Obrázek
:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe"=-


:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job
D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
D:\Program Files\DAEMON Tools Toolbar
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
D:\Users\CONSTA~1\AppData\Local\Temp\

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
  • Kliknete na cervene tlacitko MoveIt!
  • Sem pote dejte obsah okna Results (pod zelenou carou)
  • Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 12:13
od constantine.johny
Tak jsem provedl vše, co jste mi doporučil.

Soubory D:\Windows\system32\dlumd9.dll a D:\Windows\system32\dlumd10.dll mi nejdou ve VirusTotal otestovat, když je odešlu, vrátí mi to hned na úvodní stránku.
Výsledky k zbývajícím souborům jsou zde:

D:\Windows\system32\drivers\dlkmdldr.sys
D:\Windows\system32\drivers\dlkmd.sys


Result z OTM:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vtelevizi.cz Reminder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Manager\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Users\CONSTA~1\AppData\Local\Temp\reptile.exe deleted successfully.
========== FILES ==========
File/Folder D:\Windows\system32\*.tmp.dll not found.
File/Folder D:\Windows\system32\SET*.tmp not found.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11CA.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
D:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBED4.tmp folder moved successfully.
D:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\f71d8b6b\298f04ec\og_gr076.tmp moved successfully.
D:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt3F9C.tmp moved successfully.
D:\Windows\SoftwareDistribution\Download\de262ebc8a113d9a9f4b9d07b6a0b8d7\BITA043.tmp moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001Core.job moved successfully.
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3310252784-3285271416-950861615-1001UA.job moved successfully.
D:\Users\constantine\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
File/Folder D:\Program Files\DAEMON Tools Toolbar not found.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
D:\Users\CONSTA~1\AppData\Local\Temp folder moved successfully.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: constantine
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 19592489 bytes
->Flash cache emptied: 343 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb




OTM by OldTimer - Version 3.1.15.0 log created on 08162010_124632

Files moved on Reboot...

Registry entries deleted on Reboot...

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 12:21
od vyosek
Zlepsil se stav PC :???:

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 12:26
od constantine.johny
Procesor teď běží na 20-30%, občas na chvilku vyskočí na 100, ale po cca 5 sekundách se zase ustálí.

Akorát mi větrák stále běží naplno, přes program SpeedFan jsem teď zjistil, že teplota CPU je 70°C.

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 16 srp 2010 12:28
od vyosek
Otevrit bednu a podivat se jestli neni vetrak zapraseny prachem - pokud ano tak vycistit KOMPRESOREM - zadny vysavac nebot Vam muze staticka elektrina poslat obvody do kytek...pripadne aspon profouknout nebo vycistit tycinkou do usi napr namocenou v lihu - pozor at nic neohnete, nezlomite...

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 17 srp 2010 17:24
od constantine.johny
tak vyčištěno, teplota se drží kolem 50°C, nicméně procesor je opět zatížený, když posloucham MP3 a jsem na webu, i tak se přehrávání občas seká...
Hlavně mi vrtá hlavou, že ve Správci úloh najednou nevidím žádné procesy od System, ani položku Nečinné procesy.

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 18 srp 2010 00:20
od vyosek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 18 srp 2010 09:34
od constantine.johny
Děkuju za pomoc :)

I když jsem v Comodo vypnul antivirovou kontrolu i Firewall a následně vypnul i celý program, psalo mi Combofix hlášení, že je rezidenční ochrana stále spuštěná a že bude pokračovat. Snažil sem se í vypnout ještě přes Správce úloh, ale "Přístup byl odepřen".

Log z ComboFix je zde:


ComboFix 10-08-17.03 - constantine 18.08.2010 9:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2023.1102 [GMT 2:00]
Spuštěný z: d:\users\constantine\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\dlumd10.dll
d:\windows\system32\dlumd9.dll
d:\windows\system32\images
d:\windows\system32\images\toolbar\calendar.gif
d:\windows\system32\images\toolbar\crlogo.gif
d:\windows\system32\images\toolbar\export.gif
d:\windows\system32\images\toolbar\export_over.gif
d:\windows\system32\images\toolbar\exportd.gif
d:\windows\system32\images\toolbar\First.gif
d:\windows\system32\images\toolbar\first_over.gif
d:\windows\system32\images\toolbar\Firstd.gif
d:\windows\system32\images\toolbar\gotopage.gif
d:\windows\system32\images\toolbar\gotopage_over.gif
d:\windows\system32\images\toolbar\gotopaged.gif
d:\windows\system32\images\toolbar\grouptree.gif
d:\windows\system32\images\toolbar\grouptree_over.gif
d:\windows\system32\images\toolbar\grouptreed.gif
d:\windows\system32\images\toolbar\grouptreepressed.gif
d:\windows\system32\images\toolbar\Last.gif
d:\windows\system32\images\toolbar\last_over.gif
d:\windows\system32\images\toolbar\Lastd.gif
d:\windows\system32\images\toolbar\Next.gif
d:\windows\system32\images\toolbar\next_over.gif
d:\windows\system32\images\toolbar\Nextd.gif
d:\windows\system32\images\toolbar\Prev.gif
d:\windows\system32\images\toolbar\prev_over.gif
d:\windows\system32\images\toolbar\Prevd.gif
d:\windows\system32\images\toolbar\print.gif
d:\windows\system32\images\toolbar\print_over.gif
d:\windows\system32\images\toolbar\printd.gif
d:\windows\system32\images\toolbar\Refresh.gif
d:\windows\system32\images\toolbar\refresh_over.gif
d:\windows\system32\images\toolbar\refreshd.gif
d:\windows\system32\images\toolbar\Search.gif
d:\windows\system32\images\toolbar\search_over.gif
d:\windows\system32\images\toolbar\searchd.gif
d:\windows\system32\images\toolbar\up.gif
d:\windows\system32\images\toolbar\up_over.gif
d:\windows\system32\images\toolbar\upd.gif
d:\windows\system32\images\tree\begindots.gif
d:\windows\system32\images\tree\beginminus.gif
d:\windows\system32\images\tree\beginplus.gif
d:\windows\system32\images\tree\blank.gif
d:\windows\system32\images\tree\blankdots.gif
d:\windows\system32\images\tree\dots.gif
d:\windows\system32\images\tree\lastdots.gif
d:\windows\system32\images\tree\lastminus.gif
d:\windows\system32\images\tree\lastplus.gif
d:\windows\system32\images\tree\Magnify.gif
d:\windows\system32\images\tree\minus.gif
d:\windows\system32\images\tree\minusbox.gif
d:\windows\system32\images\tree\plus.gif
d:\windows\system32\images\tree\plusbox.gif
d:\windows\system32\images\tree\singleminus.gif
d:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Default\AppData\Local\temp
2010-08-18 08:01 . 2010-08-18 08:01 -------- d-----w- d:\users\Classic .NET AppPool\AppData\Local\temp
2010-08-16 14:06 . 2010-08-16 14:06 -------- d-----w- d:\users\constantine\AppData\Local\BuildAGadget Content
2010-08-15 19:27 . 2010-08-16 10:45 -------- d-----w- d:\program files\trend micro
2010-08-10 13:21 . 2010-08-10 13:21 -------- d-----w- d:\users\constantine\AppData\Roaming\BitComet
2010-08-09 11:35 . 2010-08-09 11:35 -------- d-----w- d:\program files\HP USB Docking Video
2010-08-09 11:32 . 2009-11-20 01:47 165488 ----a-w- d:\windows\system32\drivers\dlkmd.sys
2010-08-09 11:32 . 2009-11-20 01:47 13936 ----a-w- d:\windows\system32\drivers\dlkmdldr.sys
2010-08-09 11:15 . 2010-08-09 11:15 -------- d-----w- d:\users\constantine\AppData\Roaming\WTablet
2010-08-09 09:38 . 2010-07-26 08:02 495616 ----a-w- d:\windows\system32\Wintab32.dll
2010-08-09 09:38 . 2010-07-26 08:05 656240 ----a-w- d:\windows\system32\ISD_Tablet.dll
2010-08-09 09:37 . 2007-02-16 09:12 11312 ----a-w- d:\windows\system32\drivers\wacommousefilter.sys
2010-08-09 09:37 . 2009-09-21 14:29 14120 ----a-w- d:\windows\system32\drivers\wacomvhid.sys
2010-08-09 09:36 . 2010-06-14 10:08 35696 ----a-w- d:\windows\system32\drivers\wisdpen.sys
2010-08-09 09:36 . 2010-08-17 16:14 -------- d-----w- d:\program files\Tablet
2010-08-09 09:01 . 2010-08-09 09:01 -------- d-----w- d:\program files\Synaptics
2010-08-09 08:49 . 2009-10-07 02:30 246784 ----a-w- d:\windows\system32\drivers\udfs.sys
2010-08-09 08:48 . 2009-09-05 03:00 258560 ----a-w- d:\windows\system32\drivers\usbhub.sys
2010-08-01 12:38 . 2010-08-01 12:38 -------- d-----w- d:\program files\HP QuickLaunch
2010-07-30 11:27 . 2010-07-30 11:27 4096 ----a-w- d:\windows\system32\drivers\nocashio.sys
2010-07-30 10:10 . 2010-07-30 10:10 -------- d-----w- d:\users\constantine\AppData\Roaming\VBA-M

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 08:12 . 2009-11-16 16:15 681822 ----a-w- d:\windows\system32\perfh005.dat
2010-08-18 08:12 . 2009-11-16 16:15 143490 ----a-w- d:\windows\system32\perfc005.dat
2010-08-18 08:06 . 2009-12-03 18:45 -------- d-----w- d:\programdata\hpqLog
2010-08-17 16:21 . 2009-11-09 17:49 -------- d-----w- d:\users\constantine\AppData\Roaming\Skype
2010-08-17 14:08 . 2009-11-09 17:50 -------- d-----w- d:\users\constantine\AppData\Roaming\skypePM
2010-08-16 12:28 . 2009-11-09 18:10 88592 ----a-w- d:\users\constantine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 09:51 . 2010-01-19 16:09 -------- d-----w- d:\users\constantine\AppData\Roaming\Media Player Classic
2010-08-15 20:10 . 2010-06-16 07:10 -------- d-----w- d:\users\constantine\AppData\Roaming\vlc
2010-08-10 13:28 . 2010-04-16 11:30 -------- d-----w- d:\programdata\boost_interprocess
2010-08-09 12:10 . 2009-11-26 20:12 -------- d-----w- d:\program files\Hewlett-Packard
2010-08-09 11:53 . 2009-12-03 18:49 -------- d-----w- d:\program files\Common Files\ActivIdentity
2010-08-09 11:32 . 2009-11-26 23:05 -------- d-----w- d:\program files\DisplayLink Core Software
2010-08-09 09:02 . 2010-08-09 09:02 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-08-09 08:47 . 2010-08-09 08:47 0 --sha-r- d:\windows\system32\drivers\103C_HP_bNB_2710p_Y5336AN_0U_Q2CE84505WX_EU_4A_I30C8_SHP_V74.3A_68MOU F.13_T080820_WU48-0_L405_M2024_J80_7Intel_86FD_91.20_#100809_N80861049;80864229_(RU539EA#AKB)_XMOBILE_CN10_Z_2F.13_G80862A02;80862A03.MRK
2010-08-08 16:37 . 2010-05-29 11:15 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2010-08-08 16:37 . 2010-05-29 11:14 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2010-08-01 12:42 . 2010-08-01 12:42 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-07-13 08:44 . 2009-11-09 18:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-06-25 09:07 . 2010-02-17 17:04 -------- d-----w- d:\program files\Google
2010-06-24 11:01 . 2010-06-24 11:01 -------- d-----w- d:\users\constantine\AppData\Roaming\WB Games
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- d:\windows\system32\GPhotos.scr
2010-05-26 21:41 . 2009-07-13 23:40 249856 ----a-w- d:\windows\system32\uxtheme.dll
2010-05-26 21:41 . 2009-07-13 23:39 2755072 ----a-w- d:\windows\system32\themeui.dll
2010-05-26 21:41 . 2009-07-13 23:39 37376 ----a-w- d:\windows\system32\themeservice.dll
2010-05-21 12:14 . 2009-11-09 18:00 221568 ------w- d:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-14 . D51AFCE752AFB83C01AE7B5A194BA8E2 . 2614272 . . [6.1.7600.16385] . . d:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-20 1800464]
"Broadcom Wireless Manager UI"="d:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2009-11-26 4367360]
"QlbCtrl.exe"="d:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 349240]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="d:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="d:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="d:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="d:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]

d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Bluetooth Software\BTTray.exe [2009-7-30 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\System32\guard32.dll d:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^m-trip Launcher.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\m-trip Launcher.lnk
backup=d:\windows\pss\m-trip Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\D:^Users^constantine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=d:\users\constantine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=d:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 12:50 20480 ----a-w- d:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2006-07-14 14:24 49152 ----a-w- d:\windows\ZSSnp211.exe

R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 ALSysIO;ALSysIO;c:\temp\ALSysIO.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;d:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;d:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;d:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys [2010-01-03 691696]
S0 dlkmdldr;dlkmdldr;d:\windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\DRIVERS\cmdguard.sys [2009-11-27 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-20 29520]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;d:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;d:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;d:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 DisplayLinkService;DisplayLinkManager;d:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 4715880]
S2 HP ProtectTools Service;HP ProtectTools Service;d:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
S2 HpFkCryptService;Drive Encryption Service;d:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServiceISD;TabletServiceISD;d:\program files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;d:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
S3 Com4QLBEx;Com4QLBEx;d:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 dlkmd;dlkmd;d:\windows\system32\drivers\dlkmd.sys [2009-11-20 165488]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;d:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 WISDPen;Wacom Penabled MiniDriver;d:\windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Tomb Raider - The Lost Artifact - d:\program files\Core Design\Tomb Raider - The Lost Artifact\Uninst.isu


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3804)
d:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Bluetooth Software\btmmhook.dll
c:\program files\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\COMODO\COMODO Internet Security\cmdagent.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
d:\windows\system32\AEADISRV.EXE
d:\windows\System32\MrobeService.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\system32\DRIVERS\xaudio.exe
d:\windows\system32\taskhost.exe
d:\windows\SYSTEM32\WISPTIS.EXE
d:\program files\Common Files\microsoft shared\ink\TabTip.exe
d:\program files\DisplayLink Core Software\DisplayLinkUI.exe
d:\program files\Tablet\ISD\ISD_TabletUser.exe
d:\program files\Tablet\CalibrationAssistant.exe
d:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
d:\windows\system32\conhost.exe
d:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
d:\windows\servicing\TrustedInstaller.exe
d:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
d:\windows\system32\igfxext.exe
d:\windows\system32\igfxsrvc.exe
d:\program files\Synaptics\SynTP\SynTPHelper.exe
d:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
d:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bluetooth Software\BtStackServer.exe
d:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Celkový čas: 2010-08-18 10:18:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 08:18

Před spuštěním: 4 028 559 360
Po spuštění: 3 720 515 584

- - End Of File - - 6D040AF25EFCBC2C6F24EB8868879614

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 18 srp 2010 09:44
od vyosek
Neda se nic delat...dle log z CF byla vypnuta pouze antispywareva ochrana, ale co uz...nic nevycitam :wink:

:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • d:\windows\explorer.exe
    d:\windows\system32\drivers\dlkmd.sys
    d:\windows\system32\drivers\lirsgt.sys
    d:\windows\system32\drivers\atksgt.sys
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
  • Kliknete na Otestovat soubor
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 18 srp 2010 10:00
od constantine.johny
Výsledky z VirusTotal:

- d:\windows\explorer.exe

- d:\windows\system32\drivers\dlkmd.sys

- d:\windows\system32\drivers\lirsgt.sys

- d:\windows\system32\drivers\atksgt.sys

Re: Využití CPU 100%, žádné procesy neběží

Napsal: 18 srp 2010 10:20
od vyosek
Zlepsil se PC po aplikaci ComboFixu :???:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz