VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

přehřívání, CPU 90%

https://forum.viry.cz:443/viewtopic.php?t=137258

Stránka 1 z 1

přehřívání, CPU 90%

Napsal: 04 dub 2014 19:26
od tamtam
Dobrý den, prosím o pomoc s odhalením šmejda. Počítač se přehřívá, vytáčí se procesor na 90 procent.. Zajímavé je, že po spuštění správce úloh to přestane.
prohnala jsem to recovery CD kaspersky, a následně CCleaner, bohužel to nepomohlo.

vkládám log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by xxXxx (administrator) on XXXXX-PC on 04-04-2014 20:20:26
Running from C:\Users\xxXxx\Desktop
Microsoft Windows 7 Professional (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\system32\dfrg\svc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Windows\system32\dfrg\mst.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Windows\system32\dfrg\cpu\cpu.exe
(forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2010-09-07] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {132e1e5c-978a-11e1-aced-d8d3851ff0ba} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {132e1e65-978a-11e1-aced-d8d3851ff0ba} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {139018bb-9a19-11e1-a8b7-806e6f6e6963} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {922eb88b-92a5-11e1-b31a-70f3952619da} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3580055339-1825815983-379706753-1000\...\MountPoints2: {aa2ef416-31dd-11e3-b9a5-70f3952619da} - E:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB& ... earchTerms}
SearchScopes: HKCU - {C2E29A17-DCE1-49E2-A795-98705252B3B0} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default
FF user.js: detected! => C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\user.js
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://www.basicscan.com/?tmp=nemo_results_rem ... &keywords=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-31]
FF Extension: Red Cats (blue flavor) - C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2012-05-01]
FF Extension: BasicScan - C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} [2014-04-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-02]
FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-23]
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-23]
FF HKCU\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF Extension: SpecialSavings - C:\Users\xxXxx\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-02-23]

========================== Services (Whitelisted) =================

S2 .EsetTrialReset; C:\Windows\system32\regedt32.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
R2 updater; C:\Users\xxXxx\AppData\Roaming\Updater\updater.dll [1564672 2014-03-28] ()
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1799472 2010-02-23] (Validity Sensors, Inc.)
R2 winnetdns; C:\Windows\system32\dfrg\svc.exe [53760 2014-03-26] ()

==================== Drivers (Whitelisted) ====================

S3 adusbmdm6501; C:\Windows\System32\DRIVERS\adusbmdm65.sys [65408 2005-05-02] (AnyDATA Corporation)
S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [97920 2006-12-20] (QUALCOMM Incorporated)
S3 adusbser6501; C:\Windows\System32\DRIVERS\adusbser65.sys [65408 2005-05-02] (AnyDATA Corporation)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [31232 2010-09-07] (Alcor Micro, Corp.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-10-10] (Disc Soft Ltd)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [8758272 2010-06-21] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2013-10-10] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 20:20 - 2014-04-04 20:20 - 00010587 _____ () C:\Users\xxXxx\Desktop\FRST.txt
2014-04-04 20:20 - 2014-04-04 20:20 - 00000000 ____D () C:\FRST
2014-04-04 20:18 - 2014-04-04 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe
2014-04-04 20:17 - 2014-04-04 20:17 - 01145856 _____ (Farbar) C:\Users\xxXxx\Desktop\FRST.exe
2014-04-04 16:37 - 2014-04-04 18:05 - 00000336 _____ () C:\Windows\setupact.log
2014-04-04 16:37 - 2014-04-04 16:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:36 - 2014-04-04 16:36 - 00001054 _____ () C:\Windows\PFRO.log
2014-04-04 12:10 - 2014-04-04 12:10 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 12:10 - 2014-04-04 12:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 12:04 - 2014-04-04 19:52 - 00000000 ____D () C:\Program Files\trend micro
2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\rsit
2014-04-03 21:23 - 2014-04-03 20:35 - 349113578 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.avi
2014-04-03 19:32 - 2014-04-03 19:32 - 00060326 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.srt
2014-04-03 19:32 - 2014-04-03 19:32 - 00058960 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.srt
2014-04-03 19:31 - 2014-04-03 20:01 - 255983716 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.mp4
2014-04-02 09:39 - 2014-04-02 09:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 05:14 - 2014-03-31 05:14 - 00010496 _____ () C:\Users\xxXxx\Documents\Sešit1.xlsx
2014-03-31 02:27 - 2014-03-31 02:27 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:26 - 2014-03-31 02:27 - 00000000 ____D () C:\Windows\system32\dfrg
2014-03-26 00:56 - 2014-04-04 18:26 - 00000000 ____D () C:\Users\xxXxx\Desktop\teze
2014-03-25 14:10 - 2014-03-25 08:41 - 00026463 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.the.end.of.the.aisle.web-dl.x264.aac-p2p.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.xvid-afg.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.x264-killers.cz.srt
2014-03-25 14:10 - 2014-03-25 08:36 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e20.720p.hdtv.x264-remarkable.cz.srt
2014-03-25 13:23 - 2014-03-25 13:45 - 156189239 _____ () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother.S09E22.The.End.of.the.Aisle.WEB-DL.x264.AAC-P2P.mp4
2014-03-25 13:22 - 2014-03-25 13:22 - 00047323 _____ () C:\Users\xxXxx\Downloads\titulky_himym_9x22_jingspiral.zip
2014-03-24 16:16 - 2014-03-24 16:16 - 00072497 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.srt
2014-03-24 16:13 - 2014-03-24 16:50 - 217180956 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.mp4
2014-03-24 16:10 - 2014-03-24 16:10 - 00014684 _____ () C:\Users\xxXxx\Downloads\673E76E08E68AE81B104639A785ACF89BDF32E19.torrent
2014-03-19 19:19 - 2014-03-20 13:30 - 00000000 ____D () C:\Users\xxXxx\Desktop\včely

==================== One Month Modified Files and Folders =======

2014-04-04 20:20 - 2014-04-04 20:20 - 00010587 _____ () C:\Users\xxXxx\Desktop\FRST.txt
2014-04-04 20:20 - 2014-04-04 20:20 - 00000000 ____D () C:\FRST
2014-04-04 20:18 - 2014-04-04 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\xxXxx\Desktop\FRSTLauncher.exe
2014-04-04 20:17 - 2014-04-04 20:17 - 01145856 _____ (Farbar) C:\Users\xxXxx\Desktop\FRST.exe
2014-04-04 19:52 - 2014-04-04 12:04 - 00000000 ____D () C:\Program Files\trend micro
2014-04-04 18:26 - 2014-03-26 00:56 - 00000000 ____D () C:\Users\xxXxx\Desktop\teze
2014-04-04 18:14 - 2012-05-01 21:35 - 00000000 ____D () C:\Users\xxXxx\Downloads\užitečné programy
2014-04-04 18:12 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:12 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:10 - 2012-04-30 11:24 - 01623272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 18:08 - 2012-04-30 11:18 - 01686113 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 18:05 - 2014-04-04 16:37 - 00000336 _____ () C:\Windows\setupact.log
2014-04-04 18:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 16:44 - 2012-04-30 11:49 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-04-04 16:37 - 2014-04-04 16:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 16:37 - 2012-10-16 18:12 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 16:36 - 2014-04-04 16:36 - 00001054 _____ () C:\Windows\PFRO.log
2014-04-04 12:13 - 2013-02-22 21:18 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\uTorrent
2014-04-04 12:13 - 2012-05-01 11:47 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\DAEMON Tools Lite
2014-04-04 12:12 - 2012-04-30 12:13 - 00000000 ____D () C:\Windows\Panther
2014-04-04 12:10 - 2014-04-04 12:10 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 12:10 - 2014-04-04 12:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\rsit
2014-04-04 08:26 - 2014-01-11 12:01 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-04-03 20:35 - 2014-04-03 21:23 - 349113578 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.avi
2014-04-03 20:01 - 2014-04-03 19:31 - 255983716 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.mp4
2014-04-03 19:32 - 2014-04-03 19:32 - 00060326 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E18.HDTV.x264-LOL.srt
2014-04-03 19:32 - 2014-04-03 19:32 - 00058960 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E19.HDTV.x264-LOL.srt
2014-04-02 09:40 - 2014-04-02 09:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 21:26 - 2013-01-04 22:22 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\vlc
2014-03-31 05:14 - 2014-03-31 05:14 - 00010496 _____ () C:\Users\xxXxx\Documents\Sešit1.xlsx
2014-03-31 02:27 - 2014-03-31 02:27 - 00000000 ____D () C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:27 - 2014-03-31 02:26 - 00000000 ____D () C:\Windows\system32\dfrg
2014-03-26 10:25 - 2012-06-17 12:28 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:25 - 2012-06-17 12:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 01:04 - 2012-05-01 21:55 - 00000000 ____D () C:\Users\xxXxx\la escuela
2014-03-25 13:45 - 2014-03-25 13:23 - 156189239 _____ () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother.S09E22.The.End.of.the.Aisle.WEB-DL.x264.AAC-P2P.mp4
2014-03-25 13:22 - 2014-03-25 13:22 - 00047323 _____ () C:\Users\xxXxx\Downloads\titulky_himym_9x22_jingspiral.zip
2014-03-25 08:41 - 2014-03-25 14:10 - 00026463 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.the.end.of.the.aisle.web-dl.x264.aac-p2p.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.xvid-afg.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e22.hdtv.x264-killers.cz.srt
2014-03-25 08:36 - 2014-03-25 14:10 - 00026467 _____ () C:\Users\xxXxx\Downloads\how.i.met.your.mother.s09e20.720p.hdtv.x264-remarkable.cz.srt
2014-03-24 22:07 - 2012-04-30 11:49 - 00000993 _____ () C:\Users\xxXxx\Desktop\KMPlayer.lnk
2014-03-24 17:11 - 2013-09-11 09:25 - 00000000 ____D () C:\Users\xxXxx\Downloads\bones
2014-03-24 16:50 - 2014-03-24 16:13 - 217180956 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.mp4
2014-03-24 16:16 - 2014-03-24 16:16 - 00072497 _____ () C:\Users\xxXxx\Downloads\NCIS.S11E17.HDTV.x264-LOL.srt
2014-03-24 16:10 - 2014-03-24 16:10 - 00014684 _____ () C:\Users\xxXxx\Downloads\673E76E08E68AE81B104639A785ACF89BDF32E19.torrent
2014-03-22 10:33 - 2014-03-01 23:42 - 00000000 ____D () C:\Users\xxXxx\Downloads\vozik
2014-03-20 13:30 - 2014-03-19 19:19 - 00000000 ____D () C:\Users\xxXxx\Desktop\včely
2014-03-19 20:27 - 2012-04-30 11:19 - 00000000 ____D () C:\Users\xxXxx
2014-03-19 20:26 - 2012-05-01 21:37 - 00000000 ____D () C:\Users\xxXxx\Downloads\filmy
2014-03-19 20:24 - 2012-10-24 20:18 - 00000000 ____D () C:\Users\xxXxx\Downloads\How.I.Met.Your.Mother
2014-03-19 20:24 - 2012-05-01 21:58 - 00000000 ____D () C:\Users\xxXxx\Downloads\instalace
2014-03-19 00:02 - 2013-08-14 19:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 00:01 - 2012-04-30 12:13 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 12:17 - 2013-06-27 22:26 - 00000000 ____D () C:\Users\xxXxx\Downloads\Ncis
2014-03-14 14:04 - 2012-05-01 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:52 - 2012-04-30 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:52 - 2012-04-30 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 10:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\xxXxx\AppData\Local\Temp\bi_cleaner.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 17:13




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:307.66 GB) NTFS
Drive e: (ZT2-MM) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

Available physical RAM: 1344.6 MB
Total physical RAM: 2485.86 MB
Percentage of memory in use: 45%

==================== MBR and Partition Table ==================

SAS Power and Sample Size 3.1 (HKLM\...\6ac75c7530cfebfc1fddd4df53dc3f56) (Version: - )
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4F4E2E05)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\xxXxx\Desktop" je 2188 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================


a Hijackthis:

Logfile of random's system information tool 1.08 (written by random/random)
Run by xxXxx at 2014-04-04 19:52:05
Microsoft Windows 7 Professional
System drive C: has 315 GB (66%) free of 477 GB
Total RAM: 2486 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:22, on 4.4.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\dfrg\mst.exe
C:\Windows\system32\conhost.exe
C:\Users\6060\Downloads\užitečné programy\RSIT.exe
C:\Program Files\trend micro\6060.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Windows Network Discovery Service (winnetdns) - Unknown owner - C:\Windows\system32\dfrg\svc.exe

--
End of file - 6060 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-27 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-21 136216]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-21 170008]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-21 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2299176]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2011-01-25 536668]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2010-09-07 237568]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-06-02 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2014-04-04 12:10:25 ----D---- C:\Program Files\CCleaner
2014-04-04 12:04:01 ----D---- C:\rsit
2014-04-04 12:04:01 ----D---- C:\Program Files\trend micro
2014-04-02 09:39:49 ----D---- C:\Program Files\Mozilla Firefox
2014-03-31 02:27:12 ----D---- C:\Users\xxXxx\AppData\Roaming\Updater
2014-03-31 02:26:58 ----D---- C:\Windows\system32\dfrg

======List of files/folders modified in the last 1 months======

2014-04-04 19:49:36 ----D---- C:\Windows\Prefetch
2014-04-04 18:10:49 ----D---- C:\Windows\System32
2014-04-04 18:10:49 ----D---- C:\Windows\inf
2014-04-04 18:10:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-04 18:10:41 ----D---- C:\Windows\Temp
2014-04-04 18:07:44 ----A---- C:\Windows\system32\log.txt
2014-04-04 18:03:02 ----D---- C:\Windows\system32\config
2014-04-04 16:44:17 ----D---- C:\Program Files\The KMPlayer
2014-04-04 16:37:04 ----D---- C:\Windows
2014-04-04 12:13:56 ----D---- C:\Users\xxXxx\AppData\Roaming\DAEMON Tools Lite
2014-04-04 12:13:55 ----D---- C:\Users\xxXxx\AppData\Roaming\uTorrent
2014-04-04 12:12:45 ----D---- C:\Windows\Panther
2014-04-04 12:12:45 ----D---- C:\Windows\ModemLogs
2014-04-04 12:12:44 ----D---- C:\Windows\Logs
2014-04-04 12:12:44 ----D---- C:\Windows\debug
2014-04-04 12:10:31 ----D---- C:\Windows\system32\Tasks
2014-04-04 12:10:25 ----RD---- C:\Program Files
2014-04-04 09:39:47 ----D---- C:\Windows\winsxs
2014-04-04 09:29:46 ----SHD---- C:\Windows\Installer
2014-04-04 09:29:30 ----SHD---- C:\System Volume Information
2014-04-04 09:24:13 ----D---- C:\Temp
2014-04-04 08:26:54 ----AD---- C:\Kaspersky Rescue Disk 10.0
2014-04-01 14:37:43 ----SD---- C:\Users\xxXxx\AppData\Roaming\Microsoft
2014-03-31 21:26:19 ----D---- C:\Users\xxXxx\AppData\Roaming\vlc
2014-03-27 09:18:41 ----D---- C:\Windows\system32\catroot2
2014-03-26 10:26:29 ----D---- C:\Windows\system32\catroot
2014-03-26 10:25:38 ----D---- C:\Windows\system32\drivers
2014-03-26 10:25:37 ----D---- C:\Program Files\Microsoft Security Client
2014-03-19 00:02:43 ----D---- C:\Windows\system32\MRT
2014-03-19 00:01:06 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 14:04:17 ----D---- C:\ProgramData\Microsoft Help
2014-03-12 18:52:14 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-27 435736]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-21 5586432]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-21 210432]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-06-20 2957312]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10322; C:\Windows\system32\DRIVERS\stwrt.sys [2011-01-25 435200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 299312]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-10-10 715248]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\Windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\Windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393216]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102912]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-06-02 8758272]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-07-25 64512]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2011-07-20 35328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-21 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-05-03 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10122; C:\Program Files\IDT\WDM\STacSV.exe [2011-01-25 274514]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R2 updater;Update Service; C:\Users\xxXxx\AppData\Roaming\Updater\updater.dll [2014-03-28 1564672]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 1799472]
R2 winnetdns;Windows Network Discovery Service; C:\Windows\system32\dfrg\svc.exe [2014-03-26 53760]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-02-04 797240]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\system32\regedt32.exe [2009-07-14 9216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Re: přehřívání, CPU 90%

Napsal: 04 dub 2014 20:04
od vyosek
Zdravim :)

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 09:09
od tamtam
děkuji.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by xxXxx on so 05.04.2014 at 10:12:03,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\xxXxx\AppData\Roaming\specialsavings"
Successfully deleted: [Folder] "C:\Program Files\basicscan"
Successfully deleted: [Folder] "C:\Program Files\file scout"



~~~ FireFox

Successfully deleted: [File] C:\Users\xxXxx\AppData\Roaming\mozilla\firefox\profiles\200i5xwk.default\user.js
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\statuswinks@statuswinks
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\statuswinks@statuswinks
Emptied folder: C:\Users\xxXxx\AppData\Roaming\mozilla\firefox\profiles\200i5xwk.default\minidumps [736 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05.04.2014 at 10:14:41,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 09:13
od tamtam
# AdwCleaner v3.023 - Report created 05/04/2014 at 10:17:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : xxXxx - XXXXX-PC
# Running from : C:\Users\xxXxx\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\xxXxx\AppData\Local\RavenBleuSA
Folder Deleted : C:\Users\xxXxx\AppData\Roaming\StatusWinks
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0ED70A6-9526-4D6D-AB69-B3D2FF7676DA}
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\prefs.js ]

Line Deleted : user_pref("extensions.basicscan.init", true);
Line Deleted : user_pref("keyword.URL", "hxxp://www.basicscan.com/?tmp=nemo_results_rem ... &keywords=");

*************************

AdwCleaner[R0].txt - [1806 octets] - [05/04/2014 10:16:11]
AdwCleaner[S0].txt - [1761 octets] - [05/04/2014 10:17:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1821 octets] ##########

edit: na chvíli to vypadalo dobře, ale už to zase nabíhá do vysokých hodnot.. :/

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:02
od vyosek
:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:10
od tamtam
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/05/2014 11:15:02 AM in x86 mode.
Windows Version: Windows 7 Professional

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\dfrg\svc.exe (PID: 436) [WD-HEUR]
* C:\Windows\system32\dfrg\mst.exe (PID: 5964) [WD-HEUR]
* C:\Windows\system32\dfrg\cpu\cpu.exe (PID: 3344) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/05/2014 11:15:37 AM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:23
od vyosek
Pokracujte ComboFixem

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:26
od tamtam
ComboFix 14-04-05.01 - xxXxx 05.04.2014 11:23:21.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2486.1407 [GMT 2:00]
Spuštěný z: c:\users\xxXxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\507dfbba53ded630bed518a046deec21_c
c:\users\xxXxx\AppData\Local\Temp\sfamcc00003.dll
c:\users\xxXxx\AppData\Local\Temp\sfamcc00005.dll
c:\users\xxXxx\AppData\Local\Temp\sfareca00003.dll
c:\users\xxXxx\AppData\Local\Temp\sfareca00005.dll
c:\users\xxXxx\Favorites\bookmarks-2013-12-17.json
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-05 do 2014-04-05 )))))))))))))))))))))))))))))))
.
.
2014-04-05 09:27 . 2014-04-05 09:28 -------- d-----w- c:\users\xxXxx\AppData\Local\temp
2014-04-05 08:16 . 2014-04-05 08:17 -------- d-----w- C:\AdwCleaner
2014-04-05 08:12 . 2014-04-05 08:12 -------- d-----w- c:\windows\ERUNT
2014-04-05 07:47 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\mpengine.dll
2014-04-04 19:43 . 2014-04-05 08:46 -------- d-----w- c:\program files\SpeedFan
2014-04-04 18:44 . 2014-04-04 18:44 22688 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-04-04 18:43 . 2014-04-04 18:44 -------- d-----w- c:\program files\HWiNFO32
2014-04-04 18:20 . 2014-04-04 18:35 -------- d-----w- C:\FRST
2014-04-04 10:10 . 2014-04-04 10:10 -------- d-----w- c:\program files\CCleaner
2014-04-04 10:04 . 2014-04-04 17:52 -------- d-----w- c:\program files\trend micro
2014-04-04 10:04 . 2014-04-04 10:04 -------- d-----w- C:\rsit
2014-04-04 07:21 . 2014-02-21 07:22 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066D22C6-BDF4-46FB-922B-2A5529D44189}\gapaengine.dll
2014-04-04 07:21 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-31 00:27 . 2014-03-31 00:27 -------- d-----w- c:\users\xxXxx\AppData\Roaming\Updater
2014-03-31 00:26 . 2014-03-31 00:27 -------- d-----w- c:\windows\system32\dfrg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-04-30 09:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-04-30 09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 08:52 . 2012-03-20 18:44 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:22 . 2012-07-08 07:14 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-25 00:19 . 2014-01-25 00:19 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2012-04-30 09:37 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-24 536668]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-10-10 715248]
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-07-14 9216]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-04-04 22688]
S1 MpKsl3a5e88d6;MpKsl3a5e88d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\MpKsl3a5e88d6.sys [2014-04-05 39464]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-21 176128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]
S2 winnetdns;Windows Network Discovery Service;c:\windows\system32\dfrg\svc.exe [2014-03-26 53760]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 16:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2013-02-23 13:10; statuswinks@StatusWinks; c:\users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-05 11:31:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-05 09:31
.
Před spuštěním: Volných bajtů: 330 225 836 032
Po spuštění: Volných bajtů: 329 622 192 128
.
- - End Of File - - 9FE6E7D46818603B69855D72A0965BAA
A36C5E4F47E84449FF07ED3517B43A31

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:31
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
C:\Windows\system32\dfrg

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

Driver::
.EsetTrialReset
winnetdns

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:49
od tamtam
ComboFix 14-04-05.01 - xxXxx 05.04.2014 11:44:01.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2486.1458 [GMT 2:00]
Spuštěný z: c:\users\xxXxx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\xxXxx\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dfrg
c:\windows\system32\dfrg\cpu\cpu.exe
c:\windows\system32\dfrg\cpu\libcurl-4.dll
c:\windows\system32\dfrg\cpu\pthreadGC2.dll
c:\windows\system32\dfrg\mst.exe
c:\windows\system32\dfrg\stub.exe
c:\windows\system32\dfrg\svc.exe
c:\windows\tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.EsetTrialReset
-------\Service_winnetdns
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-05 do 2014-04-05 )))))))))))))))))))))))))))))))
.
.
2014-04-05 09:48 . 2014-04-05 09:49 -------- d-----w- c:\users\xxXxx\AppData\Local\temp
2014-04-05 09:48 . 2014-04-05 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-05 08:16 . 2014-04-05 08:17 -------- d-----w- C:\AdwCleaner
2014-04-05 08:12 . 2014-04-05 08:12 -------- d-----w- c:\windows\ERUNT
2014-04-04 19:43 . 2014-04-05 09:34 -------- d-----w- c:\program files\SpeedFan
2014-04-04 18:44 . 2014-04-04 18:44 22688 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-04-04 18:43 . 2014-04-04 18:44 -------- d-----w- c:\program files\HWiNFO32
2014-04-04 18:20 . 2014-04-04 18:35 -------- d-----w- C:\FRST
2014-04-04 10:10 . 2014-04-04 10:10 -------- d-----w- c:\program files\CCleaner
2014-04-04 10:04 . 2014-04-04 17:52 -------- d-----w- c:\program files\trend micro
2014-04-04 10:04 . 2014-04-04 10:04 -------- d-----w- C:\rsit
2014-04-04 07:21 . 2014-02-21 07:22 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066D22C6-BDF4-46FB-922B-2A5529D44189}\gapaengine.dll
2014-04-04 07:21 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-31 00:27 . 2014-03-31 00:27 -------- d-----w- c:\users\xxXxx\AppData\Roaming\Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:52 . 2012-04-30 09:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 16:52 . 2012-04-30 09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 08:52 . 2012-03-20 18:44 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-21 07:22 . 2012-07-08 07:14 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-25 00:19 . 2014-01-25 00:19 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32 . 2012-04-30 09:37 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-24 536668]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-10-10 715248]
R1 MpKsl3a5e88d6;MpKsl3a5e88d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B33F18-BAD3-4932-BE55-B713A4FA08B0}\MpKsl3a5e88d6.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-09-07 31232]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-10 243128]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-04-04 22688]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-21 176128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 1799472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-06-21 8758272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xxXxx\AppData\Roaming\Mozilla\Firefox\Profiles\200i5xwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2013-02-23 13:10; statuswinks@StatusWinks; c:\users\xxXxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-05 11:52:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-05 09:52
ComboFix2.txt 2014-04-05 09:31
.
Před spuštěním: Volných bajtů: 329 704 591 360
Po spuštění: Volných bajtů: 329 651 494 912
.
- - End Of File - - D55A9206993B44622F4E251C39589573
A36C5E4F47E84449FF07ED3517B43A31


zatim to vypadá líp, cpu už nelítá do závratných výšin. někdy to ale trvalo delší dobu, než se to projevilo..

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:57
od vyosek
Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 10:59
od tamtam
super děkuji mockrát :) :thumbsup:

Re: přehřívání, CPU 90%

Napsal: 05 dub 2014 11:02
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz