OTL Extras logfile created on: 25.10.2010 18:37:41 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\pavel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 35,25 Gb Free Space | 36,10% Space Free | Partition Type: NTFS
Drive D: | 88,65 Gb Total Space | 84,76 Gb Free Space | 95,61% Space Free | Partition Type: NTFS
Computer Name: PAVEL-PC | User Name: pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{84308FA6-615F-4320-BBFB-C042D24593AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C0FABD-7D31-4A3D-B7B6-36FD4D87A492}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{13287241-621B-4241-BF53-399440F858F5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{42050D81-6E11-476D-B797-3F7D0C5BA3EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FA6CA88-A0B9-47B8-B682-9BF8AECAC68C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{67C48572-2EA9-4CF2-A204-ECB1EE1F75EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6997178C-7719-4C9D-8114-72E35B501FE9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{75D12D9D-A3B3-49AB-8718-5C2CEB26CEA1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A2338A38-317E-4C9A-9992-95B2D1D93F59}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B967038D-2374-4609-AE0D-581B8EFE08A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3EF953E-8BFF-4274-A54D-A57C5449CD5D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C667EC05-5A1B-4408-BCFB-E454B0576C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CBDC895E-1E3A-41AA-8EBB-5E41405B8D2A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CFEB981C-C28B-4C0B-B207-1B0BE7FF8BA4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E6430E1E-D194-48F9-95C3-BD58E887CB4F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F00004BC-2A41-4C83-8D98-DD7F869A7CE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FB32EEF7-C96D-4303-A289-1F062B3F799A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FC356778-60FF-4427-AB34-118102F6B939}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0DF038AF-BC2C-47D0-97D2-2E0D6CE2CE91}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DF39498B-5ADF-45DC-BE58-73862F469C5B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7FD70A6C-765E-4851-8C9C-555431CAF46B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9BEE02DC-8A3D-465A-84DD-BA5A08A57C01}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}" = Need For Speed Hot Pursuit 2
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{EFA800BF-C5C8-46D1-B49D-13920D05417C}" = ESET NOD32 Antivirus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"VLC media player" = VLC media player 1.1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2010 17:15:57 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:16:05 | Computer Name = pavel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 24.10.2010 17:20:43 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:20:45 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:21:05 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:21:06 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:21:08 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 17:21:09 | Computer Name = pavel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.10.2010 18:07:22 | Computer Name = pavel-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 24.10.2010 18:07:22 | Computer Name = pavel-PC | Source = Windows Search Service | ID = 3083
Description =
[ System Events ]
Error - 24.10.2010 6:53:40 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 24.10.2010 14:35:35 | Computer Name = pavel-PC | Source = DCOM | ID = 10010
Description =
Error - 24.10.2010 14:35:56 | Computer Name = pavel-PC | Source = DCOM | ID = 10010
Description =
Error - 24.10.2010 14:36:43 | Computer Name = pavel-PC | Source = DCOM | ID = 10010
Description =
Error - 24.10.2010 14:45:48 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 24.10.2010 16:24:44 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 24.10.2010 16:38:01 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 24.10.2010 18:09:34 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 24.10.2010 18:21:53 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
Error - 25.10.2010 12:31:41 | Computer Name = pavel-PC | Source = LSM | ID = 1048
Description =
< End of report >
Trvalé vytížení CPU +
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trvalé vytížení CPU +
Bez nákazy..
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
+info o vytížení CPU.
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O33 - MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\Shell - "" = AutoRun
O33 - MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\System32\perfh005.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfc005.dat
C:\Windows\System32\perfc009.dat
C:\ProgramData\ezsidmv.dat
:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
+info o vytížení CPU.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trvalé vytížení CPU +
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\Windows\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
File H:\Launch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{B3F76057-59A8-42A4-9517-394C7E31F988}.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pavel
->Temp folder emptied: 656746 bytes
->Temporary Internet Files folder emptied: 92158998 bytes
->Flash cache emptied: 1593 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5643441 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 94,00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 10252010_225445
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
vytízení CPU stále 50-60%, RAM "klesla" na 900MB
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\Windows\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699fbb2a-bb73-11df-96b0-001eec874d3e}\ not found.
File H:\Launch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{B3F76057-59A8-42A4-9517-394C7E31F988}.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\System32\perfh005.dat moved successfully.
C:\Windows\System32\perfh009.dat moved successfully.
C:\Windows\System32\perfc005.dat moved successfully.
C:\Windows\System32\perfc009.dat moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pavel
->Temp folder emptied: 656746 bytes
->Temporary Internet Files folder emptied: 92158998 bytes
->Flash cache emptied: 1593 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5643441 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 94,00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 10252010_225445
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
vytízení CPU stále 50-60%, RAM "klesla" na 900MB
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trvalé vytížení CPU +
Stáhni AVP Tools
na svojí plochu.
Zaškrtni :
Hidden startup objels
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Also any other drives (Removable that you may have)
Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.
na svojí plochu.
Zaškrtni :
Hidden startup objels
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Also any other drives (Removable that you may have)
Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti