[qqwwaass]

Stack на » taskhost

Код:

ntdll.dll!KiFastSystemCallRet
discan.dll!DllUnregisterServer+0x694e
discan.dll!DllUnregisterServer+0x5bed
discan.dll!DllUnregisterServer+0x6f41
discan.dll!DllUnregisterServer+0x571c
discan.dll!DllUnregisterServer+0x5636
discan.dll+0x4eaf
discan.dll+0x3da3
ntdll.dll!RtlExpandEnvironmentStrings+0x3d1
ntdll.dll!RtlRbInsertNodeEx+0x365
KERNEL32.DLL!BaseThreadInitThunk+0x12
ntdll.dll!LdrInitializeThunk+0x1a3
ntdll.dll!LdrInitializeThunk+0x14f

Stack на » system

kernrate

Код:

Microsoft Windows [Version 6.2.9200]
(c) Корпорация Майкрософт, 2012. Все права защищены.

C:\Windows\system32>kernrate.exe
"kernrate.exe" не является внутренней или внешней
командой, исполняемой программой или пакетным файлом.

C:\Windows\system32>C:\KernRate.exe
 /==============================\
<         KERNRATE LOG           >
 \==============================/
Date: 2012/10/21   Time: 17:02:51
Machine Name: LUDA
Number of Processors: 2
PROCESSOR_ARCHITECTURE: x86
PROCESSOR_LEVEL: 6
PROCESSOR_REVISION: 0f0b
Physical Memory: 3071 MB
Pagefile Total: 6556 MB
Virtual Total: 2047 MB
PageFile1: \??\C:\pagefile.sys, 200MB
PageFile2: \??\P:\pagefile.sys, 3286MB
OS Version: 6.2 Build 9200 Service-Pack: 0.0
WinDir: C:\Windows

Kernrate Executable Location: C:

Kernrate User-Specified Command Line:
C:\KernRate.exe


Kernel Profile (PID = 0): Source= Time,
Using Kernrate Default Rate of 10000 events/hit
Starting to collect profile data

***> Press ctrl-c to finish collecting profile data
===> Finished Collecting Data, Starting to Process Results

------------Overall Summary:--------------

P0     K 0:00:05.101 (26.4%)  U 0:00:00.218 ( 1.1%)  I 0:00:13.977 (72.4%)  DPC
0:00:00.093 ( 0.5%)  Interrupt 0:00:00.046 ( 0.2%)
       Interrupts= 1468, Interrupt Rate= 76/sec.

P1     K 0:00:05.460 (28.3%)  U 0:00:00.234 ( 1.2%)  I 0:00:13.603 (70.5%)  DPC
0:00:00.124 ( 0.6%)  Interrupt 0:00:00.062 ( 0.3%)
       Interrupts= 7354, Interrupt Rate= 381/sec.

TOTAL  K 0:00:10.561 (27.4%)  U 0:00:00.452 ( 1.2%)  I 0:00:27.580 (71.5%)  DPC
0:00:00.218 ( 0.6%)  Interrupt 0:00:00.109 ( 0.3%)
       Total Interrupts= 8822, Total Interrupt Rate= 457/sec.


Total Profile Time = 19297 msec

                                       BytesStart          BytesStop         Byt
esDiff.
    Available Physical Memory   ,      1622540288,      1624227840,         1687
552
    Available Pagefile(s)       ,      4960792576,      4966862848,         6070
272
    Available Virtual           ,      2117210112,      2116161536,        -1048
576
    Available Extended Virtual  ,               0,               0,
  0
    Committed Memory Bytes      ,      1914310656,      1908031488,        -6279
168
    Non Paged Pool Usage Bytes  ,       182870016,       182837248,          -32
768
    Paged Pool Usage Bytes      ,       482861056,       482865152,            4
096
    Paged Pool Available Bytes  ,       148897792,       157286400,         8388
608
    Free System PTEs            ,           38717,           40765,            2
048

                                  Total      Avg. Rate
    Context Switches     ,        48333,         2505/sec.
    System Calls         ,       147804,         7659/sec.
    Page Faults          ,         7103,         368/sec.
    I/O Read Operations  ,          783,         41/sec.
    I/O Write Operations ,          230,         12/sec.
    I/O Other Operations ,         6363,         330/sec.
    I/O Read Bytes       ,       158514,         202/ I/O
    I/O Write Bytes      ,        80374,         349/ I/O
    I/O Other Bytes      ,        55040,         9/ I/O

-----------------------------

Results for Kernel Mode:
-----------------------------

OutputResults: KernelModuleCount = 160
Percentage in the following table is based on the Total Hits for the Kernel

Time   5627 hits, 10000 events per hit --------
 Module                                Hits   msec  %Total  Events/Sec
NTOSKRNL                               5054      19286    89 %     2620553
HALMACPI                                402      19286     7 %      208441
WIN32K                                   71      19287     1 %       36812
NVLDDMKM                                 38      19287     0 %       19702
USBPORT                                  14      19287     0 %        7258
DXGMMS1                                   9      19286     0 %        4666
CDD                                       6      19287     0 %        3110
NETWLV32                                  6      19287     0 %        3110
DXGKRNL                                   4      19286     0 %        2074
USBUHCI                                   3      19287     0 %        1555
WPPRECORDER                               3      19286     0 %        1555
PARTMGR                                   3      19286     0 %        1555
USBCCGP                                   2      19287     0 %        1036
FLTMGR                                    2      19286     0 %        1037
HDAUDBUS                                  2      19287     0 %        1036
WUDFRD                                    1      19287     0 %         518
CNG                                       1      19286     0 %         518
NTFS                                      1      19286     0 %         518
NETIO                                     1      19286     0 %         518
TCPIP                                     1      19286     0 %         518
DISK                                      1      19286     0 %         518
RTKVHDA                                   1      19287     0 %         518
HIDPARSE                                  1      19287     0 %         518

================================= END OF RUN ==================================
============================== NORMAL END OF RUN ==============================

C:\Windows\system32>

если что-то неправильно сделал, то исправлю... и ещё, гляньте пожалуйста лог avz(подозрительные файлы).