PCTuning
http://pctforum.tyden.cz/

Zase svchost.exe a 100% CPU + přehřívání
http://pctforum.tyden.cz/viewtopic.php?f=54&t=169648
Stránka 1 z 1

Autor:  zandys [ so 16. duben 2011, 03:26 ]
Předmět:  Zase svchost.exe a 100% CPU + přehřívání

Přečetla jsem si spoustu témat, ale většinou se nejednalo nebo to nepopisovalo můj problém.
aneb Generic Host Process for Win32 Services

Při hraní L2 mě to Dc a už jsem se od té doby nemohla lognout (ban nemám ;D), tak jsem restartovala NTB a ten mi hodil hlášku o přehřátí... Což mě moc nepřekvapilo, neboť větrák už není tak úplně fit, i když fouká :P Ale co mě zarazilo bylo 100% využití CPU programem svchost.exe... Tak si tak říkám, jestli to přehřívání nezpůsobuje právě toto nebo se na tom alespoň nepodílí. Tak či onak, je to divný. Pustím písničky, pustím programy, dokonce i hru, ale ta mě Dctuje ze serveru a já nevím, kde je problém a jestli je to právě spojené s tímhle, jelikož do teď vše fungovalo normálně...

Podotýkám, že na na tom ntb dělám vše, jelikož jiný pc nemám a hlavně na něm hraji hry 24/7..

Tak jsem to zkoukla prez processexplorer:
Kód:
Process   PID   CPU   Private Bytes   Working Set   Description   Company Name
System Idle Process   0   24.22   0 K   28 K      
System   4   1.56   0 K   244 K      
 Interrupts   n/a   1.56   0 K   0 K   Hardware Interrupts and DPCs   
 smss.exe   1992      180 K   432 K   Správce relací systému Windows NT   Microsoft Corporation
  csrss.exe   648      1 964 K   7 232 K   Client Server Runtime Process   Microsoft Corporation
  winlogon.exe   792      7 188 K   4 288 K   Windows NT Logon Application   Microsoft Corporation
   services.exe   836      2 052 K   3 916 K   Services and Controller app   Microsoft Corporation
    nvsvc32.exe   1064      4 996 K   7 312 K   NVIDIA Driver Helper Service, Version 266.58   NVIDIA Corporation
    svchost.exe   1140   48.44   3 940 K   6 464 K   Generic Host Process for Win32 Services   Microsoft Corporation

zkracený náhled: http://i55.tinypic.com/2198jer.jpg

A ještě přez Hijack, což vám asi řekne víc, než mě:
Kód:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:20:01, on 16.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\PROGRAMY\ventrilo\Ventrilo.exe
C:\Program Files\SensorsViewPro41\svservice.exe
C:\Program Files\SensorsViewPro41\sviewpro.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 216.107.254.72 aionpts.patcher.ncsoft.com
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: winesm32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe


Viry a celkově havěť jsem sice našla, ale bohužel vliv to nemělo. Pomoc by se hodila ;)

Autor:  jan.svoboda [ so 16. duben 2011, 12:42 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

Ahoj, v HijackThis vidím jednoho šmejda, ale může tam být více problémů. Takže, doporučuji nejprve zálohovat důležitá data - nemohu na 100% zaručit, že vše bude v pořádku -> vir může napáchat škody. Takže sem zatím dej log z ComboFixu, návod v mém podpise. Poté uvidíme víc ;)

Autor:  zandys [ so 16. duben 2011, 13:37 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

Tak jsem musela restartovat pc, ted se mi prehriva uz i GPU
Tu je log:
Kód:
ComboFix 11-04-15.05 - Vlastník 16.04.2011  14:10:07.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.420.1029.18.2047.786 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Vlastník\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Vlastník\Data aplikací\.#
C:\Documents and Settings\Vlastník\Recent\Thumbs.db
C:\Documents and Settings\Vlastník\WINDOWS
C:\install.exe
C:\Program Files\Hotspot Shield\hssie\HsSIe.dll
C:\WINDOWS\AutoRun.ini
C:\WINDOWS\Downloaded Program Files\launcher.ocx
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\Thumbs.db


(((((((((((((((((((((((((   Soubory vytvořené od 2011-03-16 do 2011-04-16  )))))))))))))))))))))))))))))))


2011-04-16 06:36:11 . 2011-04-16 06:36:11   212   ---ha-w-   C:\aaw7boot.cmd
2011-04-16 02:00:43 . 2011-04-16 02:00:43   388096   ----a-r-   C:\Documents and Settings\Vlastník\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 01:01:41 . 2011-04-16 01:01:41   --------   d-----w-   C:\WINDOWS\LastGood
2011-04-16 00:43:26 . 2011-04-16 00:43:26   --------   d-----w-   C:\Documents and Settings\Vlastník\Data aplikací\STV Software
2011-04-16 00:43:15 . 2011-04-16 00:43:18   --------   d-----w-   C:\Program Files\SensorsViewPro41
2011-04-12 21:26:10 . 2009-04-06 08:08:04   5174   ----a-w-   C:\WINDOWS\system32\nppt9x.vxd
2011-04-12 21:26:10 . 2009-04-06 08:08:04   4682   ----a-w-   C:\WINDOWS\system32\npptNT2.sys
2011-04-08 11:28:58 . 2011-04-08 11:28:58   41872   ----a-w-   C:\WINDOWS\system32\xfcodec.dll
.


((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-02 19:40:23 . 2010-05-30 08:21:07   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2011-02-02 17:19:39 . 2008-06-10 16:01:45   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2009-06-05 05:36:54 . 2010-07-07 15:42:13   2003456   ----a-w-   C:\Program Files\Common Files\Boris RED.msi
2008-11-30 21:35:20 . 2008-11-30 21:35:20   3876   ----a-w-   C:\Program Files\ffdssetts.reg
2008-11-30 21:35:20 . 2008-11-30 21:35:20   34130   ----a-w-   C:\Program Files\ffdsvsetts.reg
2008-11-30 21:35:20 . 2008-11-30 21:35:20   2224   ----a-w-   C:\Program Files\ffdsasetts.reg
2007-12-07 13:00:00 . 2010-07-14 20:30:01   16244736   ----a-w-   C:\Program Files\Graffiti5 AE.aex
2007-12-07 09:40:54 . 2010-07-14 20:30:06   229376   ----a-w-   C:\Program Files\Graffiti5_ED3FL.tpi
2007-12-07 09:40:18 . 2010-07-14 20:30:07   229376   ----a-w-   C:\Program Files\Graffiti5_ED4FL.tpi
2007-12-07 09:38:36 . 2010-07-14 20:32:32   110592   ----a-w-   C:\Program Files\IM-Graffiti5.prm
2007-12-07 09:38:28 . 2010-07-14 20:32:31   114688   ----a-w-   C:\Program Files\FL7-Graffiti5P2.prm
2007-12-07 09:38:20 . 2010-07-14 20:32:30   147456   ----a-w-   C:\Program Files\FL-Graffiti5P2.prm
2007-12-07 09:37:36 . 2010-07-14 20:30:03   16150528   ----a-w-   C:\Program Files\Graffiti5-10.avx
2007-12-07 09:30:40 . 2010-07-14 20:30:04   16155136   ----a-w-   C:\Program Files\Graffiti5-15.avx
2007-12-07 09:10:32 . 2010-07-14 20:30:04   16185856   ----a-w-   C:\Program Files\Graffiti5-20.avx
2004-08-09 21:30:22 . 2008-06-08 19:47:58   40960   ----a-w-   C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2010-03-31 05:20:36 2340784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 08:21:48 16125952]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 12:02:04 786521]
"Power_Gear"="C:\Program Files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 16:46:00 90112]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 10:53:00 188416]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 09:37:40 110592]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 12:00:00 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 12:00:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 13:14:00 98616]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03:26 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 08:15:42 1461080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 09:17:42 421888]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 08:42:56 69632]
"HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 16:55:02 294912]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-01-07 18:58:12 111208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-01-07 18:58:12 13880424]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 07:51:42 1753192]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 12:49:28 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160]

C:\Documents and Settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
winesm32.exe [2008-4-14 22528]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2011-4-8 3510160]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-11-29 17:43:44   393216   ----a-w-   C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\PROGRAMY\\garena\\Garena.exe"=
"C:\\PROGRAMY\\ICQ6\\ICQ.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\PROGRAMY\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"C:\\PROGRAMY\\ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Sony\\Vegas Pro 9.0\\vegas90.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\BlastShark\\Aika\\BlastShark.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:login-server.exe
"6121:TCP"= 6121:TCP:char-server.exe
"5121:TCP"= 5121:TCP:map-server.exe
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56192:TCP"= 56192:TCP:Pando Media Booster
"56192:UDP"= 56192:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [23.10.2009 13:20:32 64288]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [14.5.2009 14:30:36 721904]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [1.7.2008 10:04:40 35168]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [29.11.2005 20:50:58 36768]
R1 sensorsview;sensorsview;C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys [26.7.2008 20:30:30 14416]
R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [2.3.2006 14:00:00 14336]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 10:02:28 472280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17:32 1352832]
R2 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 5:29:54 29178224]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [16.9.2010 15:06:22 80896]
R3 SynMini;Syntek USB2.0 2M WebCam;C:\WINDOWS\system32\drivers\SynMini.sys [8.1.2008 12:30:23 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;C:\WINDOWS\system32\drivers\SynScan.sys [8.1.2008 12:30:26 8064]
S2 SensorsVService;SensorsVService;C:\Program Files\SensorsViewPro41\svservice.exe [17.6.2010 19:01:42 923648]
S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp --> C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp [?]
S3 HTCAND32;HTC Device Driver;C:\WINDOWS\system32\drivers\ANDROIDUSB.sys [25.12.2010 1:12:06 24576]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\system32\drivers\htcnprot.sys [22.6.2010 19:01:50 21248]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\drivers\ifxtpm.sys [8.1.2008 12:52:01 36352]
S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [15.1.2011 3:35:04 37688]
S3 XDva359;XDva359;\??\C:\WINDOWS\system32\XDva359.sys --> C:\WINDOWS\system32\XDva359.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SENSORSVIEW
*NewlyCreated* - SENSORSVSERVICE
*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai

Obsah adresáře 'Naplánované úlohy'

2011-04-16 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-09-20 11:22:59]

2011-04-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]


------- Doplňkový sken -------

uStart Page = About:Blank
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - C:\Documents and Settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\8ovq0ugy.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: qtl: qtl.co.il@gmail.com - %profile%\extensions\qtl.co.il@gmail.com
FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-FixMyRegistry - C:\Program Files\FixMyRegistry\FixMyRegistry.exe
HKLM-Run-Media Codec Update Service - C:\Program Files\Essentials Codec Pack\update.exe
AddRemove-Mike Crash Vegas Filters - C:\Program Files\Sony\Filters\uninst-mcvegas.exe
AddRemove-mod_sobit - C:\Program Files\forsage3\Uninstall s0beit 3.4 mod
AddRemove-Vegas Smart Smoother - C:\Program Files\Sony\Filters\uninst-ssmooth.exe
AddRemove-Warkeys - C:\PROGRAMY\Warcraft III\Warkeys\uninst.exe
AddRemove-{70DA8A87-79B0-4DE8-A837-8AD40D9ECB67}_is1 - C:\Programy\Lineage II\system\unins000.exe

Autor:  jan.svoboda [ so 16. duben 2011, 15:32 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

:arrow: V HijackThis fixni (označ křížkem velvo od položky a klikni na Fix) položku:
Kód:
O4 - Startup: winesm32.exe


:arrow: Stáhni a spusť SystemLook, vlož do něj kód:
Kód:
:filefind
winesm32.exe

:regfind
winesm32

klikni na Look, po dokončení skenu vyskočí log, jeho obsah sem vlož


:arrow: Dle návodu v mém podpise použij ComboFix se scriptem CFScript.txt, jeho obsah
Kód:
KillAll::

Driver::
GarenaPEngine

Folder::
c:\Program Files\Garena
C:\PROGRAMY\garena

Rootkit::
C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp

Autor:  zandys [ so 16. duben 2011, 16:07 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

Takze... CPU 50-65stupnu, GPU 79 bez zateze, temer hned po startu. Pri 1 okne(obvykle mam 2) L2 CPU stoupne na 75-90, podle co tam delam, GPU dokonce misty vysplha az na 95°C. Tohle uz ale asi nebude virem a tak... Takze v pondeli to zanesu do servisu, at mi to alespon namazou pastou, pri poslednim cisteni toho tam moc nebylo, tak treba to je i tim a objednam novy vetrak. Nic lepsiho me nenapada :) Kazdopadne diky, zda se, ze to pomohlo

Autor:  jan.svoboda [ ne 17. duben 2011, 10:09 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

Jak myslíš, ale dočištění systému by ničemu neškodilo, jelikož tam máš rootkit ;) Pravda, že ty teploty nejsou nejlepší, a asi s tím již spojené nebudou... Jestli tedy chceš, dones to do servisu a uvidíš, jestli pomůže pasta a tak :) Nebo se můžeme pokusit si pomoct sami, takže pokud budeš chtít, kldině se sem zase ozvi. Není vůbec za co děkovat :)

Autor:  zandys [ st 20. duben 2011, 20:33 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

tak jsem zasla do toho servisu a zjistili jsme, ze se temer netoci ventilator, proto ty vysoke teploty. Tudiz se hned objednal novy. A to docisteni, no nevim, muzem to zkusit:)

Autor:  jan.svoboda [ čt 21. duben 2011, 09:18 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

Aha, v tom případě jsi udělala dobře, za ty teploty opravdu teda viry nemohly :) Pokud to chceš zkusit, tak můžeš postupovat dle mého posledního příspěvku s návodem, neměl by to být velký problém ;)

Autor:  zandys [ čt 21. duben 2011, 16:05 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

No ono uz to vypada ted nove takto :p
Kód:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:21, on 21.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\SensorsViewPro41\sviewpro.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SensorsViewPro41\svservice.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAMY\ventrilo\Ventrilo.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe

Autor:  jan.svoboda [ so 28. květen 2011, 12:22 ]
Předmět:  Re: Zase svchost.exe a 100% CPU + přehřívání

I přes to bych zkusil dle mého posledního příspěvku provést čištění ComboFixem s uvedeným skriptem :)

Stránka 1 z 1 Čas je uváděn v UTC + 1 hodina
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/