PCTuning :: Zobrazit téma - Zase svchost.exe a 100% CPU + přehřívání

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 24.22 0 K 28 K
System 4 1.56 0 K 244 K
Interrupts n/a 1.56 0 K 0 K Hardware Interrupts and DPCs
smss.exe 1992    180 K 432 K Správce relací systému Windows NT Microsoft Corporation
csrss.exe 648    1 964 K 7 232 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 792    7 188 K 4 288 K Windows NT Logon Application Microsoft Corporation
services.exe 836    2 052 K 3 916 K Services and Controller app Microsoft Corporation
nvsvc32.exe 1064    4 996 K 7 312 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation
svchost.exe 1140 48.44 3 940 K 6 464 K Generic Host Process for Win32 Services Microsoft Corporation

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:20:01, on 16.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\PROGRAMY\ventrilo\Ventrilo.exe
C:\Program Files\SensorsViewPro41\svservice.exe
C:\Program Files\SensorsViewPro41\sviewpro.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 216.107.254.72 aionpts.patcher.ncsoft.com
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: winesm32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe

ComboFix 11-04-15.05 - Vlastník 16.04.2011 14:10:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.786 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Vlastník\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Vlastník\Data aplikací\.#
C:\Documents and Settings\Vlastník\Recent\Thumbs.db
C:\Documents and Settings\Vlastník\WINDOWS
C:\install.exe
C:\Program Files\Hotspot Shield\hssie\HsSIe.dll
C:\WINDOWS\AutoRun.ini
C:\WINDOWS\Downloaded Program Files\launcher.ocx
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\Thumbs.db

((((((((((((((((((((((((( Soubory vytvořené od 2011-03-16 do 2011-04-16 )))))))))))))))))))))))))))))))

2011-04-16 06:36:11 . 2011-04-16 06:36:11 212 ---ha-w- C:\aaw7boot.cmd
2011-04-16 02:00:43 . 2011-04-16 02:00:43 388096 ----a-r- C:\Documents and Settings\Vlastník\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 01:01:41 . 2011-04-16 01:01:41 -------- d-----w- C:\WINDOWS\LastGood
2011-04-16 00:43:26 . 2011-04-16 00:43:26 -------- d-----w- C:\Documents and Settings\Vlastník\Data aplikací\STV Software
2011-04-16 00:43:15 . 2011-04-16 00:43:18 -------- d-----w- C:\Program Files\SensorsViewPro41
2011-04-12 21:26:10 . 2009-04-06 08:08:04 5174 ----a-w- C:\WINDOWS\system32\nppt9x.vxd
2011-04-12 21:26:10 . 2009-04-06 08:08:04 4682 ----a-w- C:\WINDOWS\system32\npptNT2.sys
2011-04-08 11:28:58 . 2011-04-08 11:28:58 41872 ----a-w- C:\WINDOWS\system32\xfcodec.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-02 19:40:23 . 2010-05-30 08:21:07 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-02-02 17:19:39 . 2008-06-10 16:01:45 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2009-06-05 05:36:54 . 2010-07-07 15:42:13 2003456 ----a-w- C:\Program Files\Common Files\Boris RED.msi
2008-11-30 21:35:20 . 2008-11-30 21:35:20 3876 ----a-w- C:\Program Files\ffdssetts.reg
2008-11-30 21:35:20 . 2008-11-30 21:35:20 34130 ----a-w- C:\Program Files\ffdsvsetts.reg
2008-11-30 21:35:20 . 2008-11-30 21:35:20 2224 ----a-w- C:\Program Files\ffdsasetts.reg
2007-12-07 13:00:00 . 2010-07-14 20:30:01 16244736 ----a-w- C:\Program Files\Graffiti5 AE.aex
2007-12-07 09:40:54 . 2010-07-14 20:30:06 229376 ----a-w- C:\Program Files\Graffiti5_ED3FL.tpi
2007-12-07 09:40:18 . 2010-07-14 20:30:07 229376 ----a-w- C:\Program Files\Graffiti5_ED4FL.tpi
2007-12-07 09:38:36 . 2010-07-14 20:32:32 110592 ----a-w- C:\Program Files\IM-Graffiti5.prm
2007-12-07 09:38:28 . 2010-07-14 20:32:31 114688 ----a-w- C:\Program Files\FL7-Graffiti5P2.prm
2007-12-07 09:38:20 . 2010-07-14 20:32:30 147456 ----a-w- C:\Program Files\FL-Graffiti5P2.prm
2007-12-07 09:37:36 . 2010-07-14 20:30:03 16150528 ----a-w- C:\Program Files\Graffiti5-10.avx
2007-12-07 09:30:40 . 2010-07-14 20:30:04 16155136 ----a-w- C:\Program Files\Graffiti5-15.avx
2007-12-07 09:10:32 . 2010-07-14 20:30:04 16185856 ----a-w- C:\Program Files\Graffiti5-20.avx
2004-08-09 21:30:22 . 2008-06-08 19:47:58 40960 ----a-w- C:\Program Files\Uninstall_CDS.exe

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2010-03-31 05:20:36 2340784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 08:21:48 16125952]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 12:02:04 786521]
"Power_Gear"="C:\Program Files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 16:46:00 90112]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 10:53:00 188416]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 09:37:40 110592]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 12:00:00 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 12:00:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 13:14:00 98616]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03:26 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 08:15:42 1461080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 09:17:42 421888]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 08:42:56 69632]
"HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 16:55:02 294912]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-01-07 18:58:12 111208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-01-07 18:58:12 13880424]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 07:51:42 1753192]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 12:49:28 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160]

C:\Documents and Settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
winesm32.exe [2008-4-14 22528]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2011-4-8 3510160]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-11-29 17:43:44 393216 ----a-w- C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\PROGRAMY\\garena\\Garena.exe"=
"C:\\PROGRAMY\\ICQ6\\ICQ.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\PROGRAMY\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"C:\\PROGRAMY\\ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Sony\\Vegas Pro 9.0\\vegas90.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\BlastShark\\Aika\\BlastShark.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:login-server.exe
"6121:TCP"= 6121:TCP:char-server.exe
"5121:TCP"= 5121:TCP:map-server.exe
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56192:TCP"= 56192:TCP:Pando Media Booster
"56192:UDP"= 56192:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [23.10.2009 13:20:32 64288]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [14.5.2009 14:30:36 721904]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [1.7.2008 10:04:40 35168]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [29.11.2005 20:50:58 36768]
R1 sensorsview;sensorsview;C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys [26.7.2008 20:30:30 14416]
R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [2.3.2006 14:00:00 14336]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 10:02:28 472280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17:32 1352832]
R2 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 5:29:54 29178224]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [16.9.2010 15:06:22 80896]
R3 SynMini;Syntek USB2.0 2M WebCam;C:\WINDOWS\system32\drivers\SynMini.sys [8.1.2008 12:30:23 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;C:\WINDOWS\system32\drivers\SynScan.sys [8.1.2008 12:30:26 8064]
S2 SensorsVService;SensorsVService;C:\Program Files\SensorsViewPro41\svservice.exe [17.6.2010 19:01:42 923648]
S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp --> C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp [?]
S3 HTCAND32;HTC Device Driver;C:\WINDOWS\system32\drivers\ANDROIDUSB.sys [25.12.2010 1:12:06 24576]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\system32\drivers\htcnprot.sys [22.6.2010 19:01:50 21248]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\drivers\ifxtpm.sys [8.1.2008 12:52:01 36352]
S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [15.1.2011 3:35:04 37688]
S3 XDva359;XDva359;\??\C:\WINDOWS\system32\XDva359.sys --> C:\WINDOWS\system32\XDva359.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SENSORSVIEW
*NewlyCreated* - SENSORSVSERVICE
*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Obsah adresáře 'Naplánované úlohy'

2011-04-16 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-09-20 11:22:59]

2011-04-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]

------- Doplňkový sken -------

uStart Page = About:Blank
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/HanSetup1040.cab
FF - ProfilePath - C:\Documents and Settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\8ovq0ugy.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: qtl: qtl.co.il@gmail.com - %profile%\extensions\qtl.co.il@gmail.com
FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-FixMyRegistry - C:\Program Files\FixMyRegistry\FixMyRegistry.exe
HKLM-Run-Media Codec Update Service - C:\Program Files\Essentials Codec Pack\update.exe
AddRemove-Mike Crash Vegas Filters - C:\Program Files\Sony\Filters\uninst-mcvegas.exe
AddRemove-mod_sobit - C:\Program Files\forsage3\Uninstall s0beit 3.4 mod
AddRemove-Vegas Smart Smoother - C:\Program Files\Sony\Filters\uninst-ssmooth.exe
AddRemove-Warkeys - C:\PROGRAMY\Warcraft III\Warkeys\uninst.exe
AddRemove-{70DA8A87-79B0-4DE8-A837-8AD40D9ECB67}_is1 - C:\Programy\Lineage II\system\unins000.exe

O4 - Startup: winesm32.exe

:filefind
winesm32.exe

:regfind
winesm32

KillAll::

Driver::
GarenaPEngine

Folder::
c:\Program Files\Garena
C:\PROGRAMY\garena

Rootkit::
C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:21, on 21.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\SensorsViewPro41\sviewpro.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SensorsViewPro41\svservice.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAMY\ventrilo\Ventrilo.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe

Autor:	zandys [ so 16. duben 2011, 03:26 ]
Předmět:	Zase svchost.exe a 100% CPU + přehřívání
Přečetla jsem si spoustu témat, ale většinou se nejednalo nebo to nepopisovalo můj problém. aneb Generic Host Process for Win32 Services Při hraní L2 mě to Dc a už jsem se od té doby nemohla lognout (ban nemám ;D), tak jsem restartovala NTB a ten mi hodil hlášku o přehřátí... Což mě moc nepřekvapilo, neboť větrák už není tak úplně fit, i když fouká Ale co mě zarazilo bylo 100% využití CPU programem svchost.exe... Tak si tak říkám, jestli to přehřívání nezpůsobuje právě toto nebo se na tom alespoň nepodílí. Tak či onak, je to divný. Pustím písničky, pustím programy, dokonce i hru, ale ta mě Dctuje ze serveru a já nevím, kde je problém a jestli je to právě spojené s tímhle, jelikož do teď vše fungovalo normálně... Podotýkám, že na na tom ntb dělám vše, jelikož jiný pc nemám a hlavně na něm hraji hry 24/7.. Tak jsem to zkoukla prez processexplorer: Kód: Process PID CPU Private Bytes Working Set Description Company Name System Idle Process 0 24.22 0 K 28 K System 4 1.56 0 K 244 K Interrupts n/a 1.56 0 K 0 K Hardware Interrupts and DPCs smss.exe 1992 180 K 432 K Správce relací systému Windows NT Microsoft Corporation csrss.exe 648 1 964 K 7 232 K Client Server Runtime Process Microsoft Corporation winlogon.exe 792 7 188 K 4 288 K Windows NT Logon Application Microsoft Corporation services.exe 836 2 052 K 3 916 K Services and Controller app Microsoft Corporation nvsvc32.exe 1064 4 996 K 7 312 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation svchost.exe 1140 48.44 3 940 K 6 464 K Generic Host Process for Win32 Services Microsoft Corporation zkracený náhled: http://i55.tinypic.com/2198jer.jpg A ještě přez Hijack, což vám asi řekne víc, než mě: Kód: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:20:01, on 16.4.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Generic\Power4 Gear\BatteryLife.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\ATK0100\ATKOSD.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\QIP Infium\infium.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\PROGRAMY\ventrilo\Ventrilo.exe C:\Program Files\SensorsViewPro41\svservice.exe C:\Program Files\SensorsViewPro41\sviewpro.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\FastStone Capture\FSCapture.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O1 - Hosts: 216.107.254.72 aionpts.patcher.ncsoft.com O1 - Hosts: ::1 localhost O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - (no file) O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: winesm32.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe Viry a celkově havěť jsem sice našla, ale bohužel vliv to nemělo. Pomoc by se hodila

Autor:	jan.svoboda [ so 16. duben 2011, 12:42 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
Ahoj, v HijackThis vidím jednoho šmejda, ale může tam být více problémů. Takže, doporučuji nejprve zálohovat důležitá data - nemohu na 100% zaručit, že vše bude v pořádku -> vir může napáchat škody. Takže sem zatím dej log z ComboFixu, návod v mém podpise. Poté uvidíme víc

Autor:	zandys [ so 16. duben 2011, 13:37 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
Tak jsem musela restartovat pc, ted se mi prehriva uz i GPU Tu je log: Kód: ComboFix 11-04-15.05 - Vlastník 16.04.2011 14:10:07.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.786 [GMT 2:00] Spuštěný z: C:\Documents and Settings\Vlastník\Dokumenty\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Vlastník\Data aplikací\.# C:\Documents and Settings\Vlastník\Recent\Thumbs.db C:\Documents and Settings\Vlastník\WINDOWS C:\install.exe C:\Program Files\Hotspot Shield\hssie\HsSIe.dll C:\WINDOWS\AutoRun.ini C:\WINDOWS\Downloaded Program Files\launcher.ocx C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\Thumbs.db ((((((((((((((((((((((((( Soubory vytvořené od 2011-03-16 do 2011-04-16 ))))))))))))))))))))))))))))))) 2011-04-16 06:36:11 . 2011-04-16 06:36:11 212 ---ha-w- C:\aaw7boot.cmd 2011-04-16 02:00:43 . 2011-04-16 02:00:43 388096 ----a-r- C:\Documents and Settings\Vlastník\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-16 01:01:41 . 2011-04-16 01:01:41 -------- d-----w- C:\WINDOWS\LastGood 2011-04-16 00:43:26 . 2011-04-16 00:43:26 -------- d-----w- C:\Documents and Settings\Vlastník\Data aplikací\STV Software 2011-04-16 00:43:15 . 2011-04-16 00:43:18 -------- d-----w- C:\Program Files\SensorsViewPro41 2011-04-12 21:26:10 . 2009-04-06 08:08:04 5174 ----a-w- C:\WINDOWS\system32\nppt9x.vxd 2011-04-12 21:26:10 . 2009-04-06 08:08:04 4682 ----a-w- C:\WINDOWS\system32\npptNT2.sys 2011-04-08 11:28:58 . 2011-04-08 11:28:58 41872 ----a-w- C:\WINDOWS\system32\xfcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-02-02 19:40:23 . 2010-05-30 08:21:07 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-02-02 17:19:39 . 2008-06-10 16:01:45 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2009-06-05 05:36:54 . 2010-07-07 15:42:13 2003456 ----a-w- C:\Program Files\Common Files\Boris RED.msi 2008-11-30 21:35:20 . 2008-11-30 21:35:20 3876 ----a-w- C:\Program Files\ffdssetts.reg 2008-11-30 21:35:20 . 2008-11-30 21:35:20 34130 ----a-w- C:\Program Files\ffdsvsetts.reg 2008-11-30 21:35:20 . 2008-11-30 21:35:20 2224 ----a-w- C:\Program Files\ffdsasetts.reg 2007-12-07 13:00:00 . 2010-07-14 20:30:01 16244736 ----a-w- C:\Program Files\Graffiti5 AE.aex 2007-12-07 09:40:54 . 2010-07-14 20:30:06 229376 ----a-w- C:\Program Files\Graffiti5_ED3FL.tpi 2007-12-07 09:40:18 . 2010-07-14 20:30:07 229376 ----a-w- C:\Program Files\Graffiti5_ED4FL.tpi 2007-12-07 09:38:36 . 2010-07-14 20:32:32 110592 ----a-w- C:\Program Files\IM-Graffiti5.prm 2007-12-07 09:38:28 . 2010-07-14 20:32:31 114688 ----a-w- C:\Program Files\FL7-Graffiti5P2.prm 2007-12-07 09:38:20 . 2010-07-14 20:32:30 147456 ----a-w- C:\Program Files\FL-Graffiti5P2.prm 2007-12-07 09:37:36 . 2010-07-14 20:30:03 16150528 ----a-w- C:\Program Files\Graffiti5-10.avx 2007-12-07 09:30:40 . 2010-07-14 20:30:04 16155136 ----a-w- C:\Program Files\Graffiti5-15.avx 2007-12-07 09:10:32 . 2010-07-14 20:30:04 16185856 ----a-w- C:\Program Files\Graffiti5-20.avx 2004-08-09 21:30:22 . 2008-06-08 19:47:58 40960 ----a-w- C:\Program Files\Uninstall_CDS.exe (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) Poznámka prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fraps"="C:\FRAPS\FRAPS.EXE" [2010-03-31 05:20:36 2340784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 08:21:48 16125952] "SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 12:02:04 786521] "Power_Gear"="C:\Program Files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 16:46:00 90112] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 10:53:00 188416] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 09:37:40 110592] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 12:00:00 59392] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 12:00:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 12:00:00 455168] "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 13:14:00 98616] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03:26 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 08:15:42 1461080] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-09-08 09:17:42 421888] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 08:42:56 69632] "HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 16:55:02 294912] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-01-07 18:58:12 111208] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-01-07 18:58:12 13880424] "nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 07:51:42 1753192] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 12:49:28 249064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160] C:\Documents and Settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\ My_AutoWarkey_Script.lnk - C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A] winesm32.exe [2008-4-14 22528] Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2011-4-8 3510160] C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] 2005-11-29 17:43:44 393216 ----a-w- C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\PROGRAMY\\garena\\Garena.exe"= "C:\\PROGRAMY\\ICQ6\\ICQ.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\PROGRAMY\\Zoo Tycoon 2\\zt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "C:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "C:\\PROGRAMY\\ventrilo\\Ventrilo.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Sony\\Vegas Pro 9.0\\vegas90.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\Java\\jre6\\bin\\java.exe"= "C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "C:\\Program Files\\BlastShark\\Aika\\BlastShark.exe"= "C:\\Program Files\\Miranda IM\\miranda32.exe"= "C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6900:TCP"= 6900:TCP:login-server.exe "6121:TCP"= 6121:TCP:char-server.exe "5121:TCP"= 5121:TCP:map-server.exe "5353:TCP"= 5353:TCP:Adobe CSI CS4 "56192:TCP"= 56192:TCP:Pando Media Booster "56192:UDP"= 56192:UDP:Pando Media Booster "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6882:TCP"= 6882:TCP:League of Legends Launcher "6882:UDP"= 6882:UDP:League of Legends Launcher R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [23.10.2009 13:20:32 64288] R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [14.5.2009 14:30:36 721904] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [1.7.2008 10:04:40 35168] R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [29.11.2005 20:50:58 36768] R1 sensorsview;sensorsview;C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys [26.7.2008 20:30:30 14416] R2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [2.3.2006 14:00:00 14336] R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 10:02:28 472280] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17:32 1352832] R2 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 5:29:54 29178224] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [16.9.2010 15:06:22 80896] R3 SynMini;Syntek USB2.0 2M WebCam;C:\WINDOWS\system32\drivers\SynMini.sys [8.1.2008 12:30:23 1208064] R3 SynScan;Syntek USB2.0 2M WebCam Still Image;C:\WINDOWS\system32\drivers\SynScan.sys [8.1.2008 12:30:26 8064] S2 SensorsVService;SensorsVService;C:\Program Files\SensorsViewPro41\svservice.exe [17.6.2010 19:01:42 923648] S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp --> C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp [?] S3 HTCAND32;HTC Device Driver;C:\WINDOWS\system32\drivers\ANDROIDUSB.sys [25.12.2010 1:12:06 24576] S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\system32\drivers\htcnprot.sys [22.6.2010 19:01:50 21248] S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\drivers\ifxtpm.sys [8.1.2008 12:52:01 36352] S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [15.1.2011 3:35:04 37688] S3 XDva359;XDva359;\??\C:\WINDOWS\system32\XDva359.sys --> C:\WINDOWS\system32\XDva359.sys [?] --- Ostatní služby/ovladače v paměti --- NewlyCreated - SENSORSVIEW NewlyCreated - SENSORSVSERVICE Deregistered - PROCEXP141 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai Obsah adresáře 'Naplánované úlohy' 2011-04-16 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-09-20 11:22:59] 2011-04-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12] ------- Doplňkový sken ------- uStart Page = About:Blank mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/HanSetup1040.cab FF - ProfilePath - C:\Documents and Settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\8ovq0ugy.default\ FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/ FF - Ext: qtl: qtl.co.il@gmail.com - %profile%\extensions\qtl.co.il@gmail.com FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - HKCU-Run-PlayNC Launcher - (no file) HKCU-Run-FixMyRegistry - C:\Program Files\FixMyRegistry\FixMyRegistry.exe HKLM-Run-Media Codec Update Service - C:\Program Files\Essentials Codec Pack\update.exe AddRemove-Mike Crash Vegas Filters - C:\Program Files\Sony\Filters\uninst-mcvegas.exe AddRemove-mod_sobit - C:\Program Files\forsage3\Uninstall s0beit 3.4 mod AddRemove-Vegas Smart Smoother - C:\Program Files\Sony\Filters\uninst-ssmooth.exe AddRemove-Warkeys - C:\PROGRAMY\Warcraft III\Warkeys\uninst.exe AddRemove-{70DA8A87-79B0-4DE8-A837-8AD40D9ECB67}_is1 - C:\Programy\Lineage II\system\unins000.exe

Autor:	jan.svoboda [ so 16. duben 2011, 15:32 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
V HijackThis fixni (označ křížkem velvo od položky a klikni na Fix) položku: Kód: O4 - Startup: winesm32.exe Stáhni a spusť SystemLook, vlož do něj kód: Kód: :filefind winesm32.exe :regfind winesm32 klikni na Look, po dokončení skenu vyskočí log, jeho obsah sem vlož Dle návodu v mém podpise použij ComboFix se scriptem CFScript.txt, jeho obsah Kód: KillAll:: Driver:: GarenaPEngine Folder:: c:\Program Files\Garena C:\PROGRAMY\garena Rootkit:: C:\DOCUME~1\VLASTN~1\LOCALS~1\Temp\WKU2310.tmp

Autor:	zandys [ so 16. duben 2011, 16:07 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
Takze... CPU 50-65stupnu, GPU 79 bez zateze, temer hned po startu. Pri 1 okne(obvykle mam 2) L2 CPU stoupne na 75-90, podle co tam delam, GPU dokonce misty vysplha az na 95°C. Tohle uz ale asi nebude virem a tak... Takze v pondeli to zanesu do servisu, at mi to alespon namazou pastou, pri poslednim cisteni toho tam moc nebylo, tak treba to je i tim a objednam novy vetrak. Nic lepsiho me nenapada Kazdopadne diky, zda se, ze to pomohlo

PCTuning http://pctforum.tyden.cz/

Zase svchost.exe a 100% CPU + přehřívání http://pctforum.tyden.cz/viewtopic.php?f=54&t=169648	Stránka 1 z 1

Autor:	jan.svoboda [ ne 17. duben 2011, 10:09 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
Jak myslíš, ale dočištění systému by ničemu neškodilo, jelikož tam máš rootkit Pravda, že ty teploty nejsou nejlepší, a asi s tím již spojené nebudou... Jestli tedy chceš, dones to do servisu a uvidíš, jestli pomůže pasta a tak Nebo se můžeme pokusit si pomoct sami, takže pokud budeš chtít, kldině se sem zase ozvi. Není vůbec za co děkovat

Autor:	zandys [ st 20. duben 2011, 20:33 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
tak jsem zasla do toho servisu a zjistili jsme, ze se temer netoci ventilator, proto ty vysoke teploty. Tudiz se hned objednal novy. A to docisteni, no nevim, muzem to zkusit:)

Autor:	jan.svoboda [ čt 21. duben 2011, 09:18 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
Aha, v tom případě jsi udělala dobře, za ty teploty opravdu teda viry nemohly Pokud to chceš zkusit, tak můžeš postupovat dle mého posledního příspěvku s návodem, neměl by to být velký problém

Autor:	zandys [ čt 21. duben 2011, 16:05 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
No ono uz to vypada ted nove takto :p Kód: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:03:21, on 21.4.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Generic\Power4 Gear\BatteryLife.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Xfire\Xfire.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\SensorsViewPro41\sviewpro.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\SensorsViewPro41\svservice.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\QIP Infium\infium.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vlastník\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRAMY\ventrilo\Ventrilo.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\FixMyRegistry\FixMyRegistry.exe -t O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: My_AutoWarkey_Script.lnk = C:\PROGRAMY\Warcraft III\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Vlastník\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://play.istaria.com/controls/launcher.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tera.hangame.com/common/HanSetup1040.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe

Autor:	jan.svoboda [ so 28. květen 2011, 12:22 ]
Předmět:	Re: Zase svchost.exe a 100% CPU + přehřívání
I přes to bych zkusil dle mého posledního příspěvku provést čištění ComboFixem s uvedeným skriptem

Stránka 1 z 1	Čas je uváděn v UTC + 1 hodina
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/