svchost.exe CPU 100% problem

Uz asi tyzden pozorujem, ze mi comp ide pomalsie. Medzi procesmi mi svchost.exe zacal zaberat 100% CPU. Neviem,cim to je,alebo ako to vypnut.Predtym som mala problem sp spoolsv.exe,ktory mi bral taktiez 100%CPU. Ked som vymazala vsetko,co sa tykalo tlaciarni,tak prestalo.Ale objavil sa problem so svchost.exe.Neviem,ci to spolu nejako suvisi,ale uz som v koncoch.Vie mi niekto pomoct?

a nebezia ti nahodou automaticke update-y od MS?

Vypla som ich.A aj tak mi to robi.

Mozes tam mat cervika... svchost.exe - ten by mal byt niekolko krat spusteni, neni tam nahodou svchost.exe ale napr. ine pismenka alebo co? (ten co ti vytazuje procak)

Presla som cely com spybotom,ad-awarom,nodom...nic mi nenaslo. A ten svchost.exe je normalny.Bez ziadnych inych pismen a pod. Skusala som nainstalovat nejake "zaplaty",ktore som nasla na nete,no nezabrali...

Vlož log z HijackThis =>

http://www.pcforum.sk/postup-pri-cisten ... 17087.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:37, on 26. 9. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Programs\MFIndexer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu517\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu517\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu517\toolbaru.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Programs\MFIndexer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Fixni:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll


= označ a daj "Fix checked"


Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC



Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt

ComboFix 07-09-26 - mery 2007-09-26 17:03:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.567 [GMT 2:00]
Running from: C:\Documents and Settings\mery\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))
.

2007-09-26 17:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 16:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-24 21:02 <DIR> d---s---- C:\Documents and Settings\mery\UserData
2007-09-24 20:23 <DIR> d-------- C:\Program Files\Nattyware
2007-09-20 17:14 <DIR> d-------- C:\Documents and Settings\mery\Application Data\Help
2007-09-19 16:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-16 22:30 <DIR> d-------- C:\WINDOWS\pss
2007-09-15 20:27 <DIR> d-------- C:\Documents and Settings\mery\Application Data\Jpeg Resampler
2007-09-13 21:53 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-13 21:53 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-13 21:22 <DIR> d-------- C:\Program Files\hp deskjet 3420 series
2007-09-06 13:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 23:12 --------- d-------- C:\Program Files\ICQLite
2007-09-20 17:15 --------- d-------- C:\Program Files\Color
2007-09-20 17:14 --------- d-------- C:\Program Files\Programs
2007-09-20 17:14 --------- d-------- C:\Program Files\Custom
2007-09-16 13:51 --------- d-------- C:\Program Files\Hewlett-Packard
2007-09-07 14:09 --------- d-------- C:\Documents and Settings\mery\Application Data\Skype
2007-08-24 19:16 --------- d-------- C:\Documents and Settings\mery\Application Data\Google
2007-08-24 19:15 --------- d-------- C:\Program Files\Google
2007-08-20 18:25 --------- d-------- C:\Documents and Settings\mery\Application Data\CyberLink
2007-08-20 11:34 --------- d-------- C:\Program Files\JLC's Software
2007-08-19 22:03 --------- d-------- C:\Documents and Settings\mery\Application Data\Real
2007-08-19 22:02 --------- d-------- C:\Program Files\Real
2007-08-19 22:02 --------- d-------- C:\Program Files\Common Files\xing shared
2007-08-19 22:02 --------- d-------- C:\Program Files\Common Files\Real
2007-08-19 21:17 --------- d-------- C:\Program Files\DivX
2007-08-14 14:51 --------- d-------- C:\Program Files\Kyodai Mahjongg 2006
2007-08-11 20:48 --------- d-------- C:\Documents and Settings\mery\Application Data\JLC's Software
2007-08-11 20:34 149159 --a------ C:\Program Files\JLCs_Internet_TV_Setup.exe
2007-08-11 15:27 --------- d-------- C:\Program Files\Common Files\Borland Shared
2007-08-11 15:17 --------- d-------- C:\Program Files\borland
2007-08-09 22:24 --------- d-------- C:\Documents and Settings\mery\Application Data\Corel
2007-08-08 22:06 --------- d-------- C:\Documents and Settings\mery\Application Data\Azureus
2007-08-08 19:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-08-08 19:55 --------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-08 19:15 --------- d-------- C:\Program Files\Scripts
2007-08-08 19:15 --------- d-------- C:\Program Files\Plugins
2007-08-08 19:15 --------- d-------- C:\Program Files\Photopnt
2007-08-08 19:15 --------- d-------- C:\Program Files\Ocrtrace
2007-08-08 19:15 --------- d-------- C:\Program Files\Filters
2007-08-08 19:15 --------- d-------- C:\Program Files\Envoy7
2007-08-08 19:15 --------- d-------- C:\Program Files\Draw
2007-08-08 19:15 --------- d-------- C:\Program Files\Config
2007-08-08 19:14 --------- d-------- C:\Program Files\Barista
2007-08-08 19:12 --------- d-------- C:\Program Files\MediaFolders
2007-08-08 19:11 --------- d-------- C:\Program Files\Tutors
2007-08-08 19:10 --------- d-------- C:\Program Files\Workspace
2007-08-08 19:10 --------- d-------- C:\Program Files\Symbols
2007-08-08 19:10 --------- d-------- C:\Program Files\Papertypes
2007-08-05 11:35 --------- d-------- C:\Program Files\C++Builder6
2007-08-02 17:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 17:41 --------- d-------- C:\Program Files\Samsung
2007-07-29 17:14 --------- d-------- C:\Program Files\OO Software
2007-07-28 21:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-28 20:07 --------- d-------- C:\Documents and Settings\mery\Application Data\Ahead
2007-07-28 14:38 --------- d-------- C:\Program Files\Bullfrog
2007-07-28 12:42 --------- d-------- C:\Program Files\switchoff11cz
2007-07-27 17:32 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-07-26 13:54 --------- d-------- C:\Program Files\PC Translator
2007-07-26 13:54 --------- d-------- C:\Program Files\Lex2002
2007-07-26 13:49 --------- d-------- C:\Program Files\AusLogics Registry Defrag
2007-07-26 13:48 --------- d-------- C:\Program Files\Wise Registry Cleaner
2007-07-26 13:30 --------- d-------- C:\Program Files\Miranda IM
2007-07-26 13:30 --------- d-------- C:\Documents and Settings\mery\Application Data\Miranda
2007-07-26 13:29 1149405 --a------ C:\Program Files\miranda-im-v0.6.8-unicode.exe
2007-07-25 20:09 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2007-07-25 15:07 5037072 --a------ C:\Program Files\spybotsd14.exe
2007-04-29 18:47 394450944 --a------ C:\Program Files\Office Pro 2003 Slovak Disk Kit MVL.iso
1998-03-24 19:28 23280 --------- C:\Program Files\CorelDRAW 8 Readme.html
1998-03-12 13:03 1143 --------- C:\Program Files\Corel SCRIPT 7 and 8 Readme.html
1998-03-12 10:14 77 --------- C:\Program Files\Drawreg.url
1998-02-26 12:27 2831 --------- C:\Program Files\Corel Readme.html
1998-02-18 20:41 1187 --------- C:\Program Files\Corel Texture Maker 8 Readme.html
1998-02-18 20:38 992 --------- C:\Program Files\Corel Media Folders 8 Readme.html
1998-02-18 20:38 2386 --------- C:\Program Files\CorelDRAW Printing and Color Management Readme.html
1998-02-18 20:33 4355 --------- C:\Program Files\CorelPHOTO-PAINT 8 Readme.html
1998-02-18 20:28 2430 --------- C:\Program Files\CorelDRAW WEB Related Features Readme.html
1998-01-20 16:16 6970 --------- C:\Program Files\CorelSCAN 8 Readme.html
1998-01-20 16:12 99936 --------- C:\Program Files\3rd Party Clipart Readme.html
1998-01-20 16:12 2844 --------- C:\Program Files\CorelDRAW 8 Filters Readme.html
1998-01-20 16:12 2161 --------- C:\Program Files\CorelDRAW 8 Installation Notes.html
1998-01-20 16:12 1887 --------- C:\Program Files\Corel DREAM 3D Readme.html
1998-01-20 16:12 1827 --------- C:\Program Files\CorelTUTORS 8 Readme.html
1997-11-10 16:24 3824 --------- C:\Program Files\newdaisy.gif
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D6F180CB-E683-41A3-8CD2-C53DBAA0530D}"= C:\Program Files\Rightdown Software SearchBar\rssb.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{D6F180CB-E683-41A3-8CD2-C53DBAA0530D}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 04:48]
"nwiz"="nwiz.exe" [2006-04-27 04:48 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 04:48]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 08:52 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-25 22:57]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-12-27 20:43]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 17:01]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 06:34 C:\WINDOWS\sm56hlpr.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-19 22:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-25 20:09]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Program Files\Programs\MFIndexer.exe [2007-08-08 19:15:07]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-25 20:09:27]

C:\Documents and Settings\mery\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Program Files\Programs\MFIndexer.exe [2007-08-08 19:15:07]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-25 20:09:27]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4b03e2-235d-11dc-b9b7-0018f34617e0}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 17:09:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 17:10:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 17:09
.
--- E O F ---

Toto poznáš?

C:\Program Files\JLCs_Internet_TV_Setup.exe


Otvor Poznámkový blok, skopíruj toto:


Súbor ulož pod názvom CFScript.txt a urob toto:


- súbory musia byť na ploche


+ Zabaľ napríklad cez WinRAR adresár Avenger a Qoobox do archívu RAR s heslom "infected" (menu rozšírené - nastaviť heslo), ktoré sú na disku C. Pošli RAR na adresu threat.samples@gmail.com

Ďakujem

Poslala som ti na mail tie zararkovane subory

a inak straaaasne moc dakujeeeem,ze mi pomahas

Ako sa správa počítač?


//: + nabudúce použi voľbu "upraviť"

sprava sa rovnako.CPU na 100%..ziadne zlepsenie

Toto je známy problém Windows update, malware s tým nič nemá.
Tento update stiahni na c:\. Otvor poznámkový blok a skopíruj:


Ulož ako "skript.bat" a spusti.

spravila som to a aj tak to robi....((((((((((((((((((

No este to cele restartni..

Obsah vytvoreneho suboru skript.bat (ikonka musi! mat servisne koliesko) vymaz a nahrad tymto



Uloz a zpusti..

Ak to nepobezi nadalej, chyba najskor nie je spojena s aktualizaciou.

Takze ani toto nazabralo.Stale stale stale je tam to vysoke cisielko,co ma privadza do sialenstva


Nemoze to mat suvis s tym,ze mi to zacalo robit,ked som vymazala vsetko,co sa tykalo tlaciarni?

Stiahni si processexplorer a uvidis co spusta konkretny svchost.exe.

Ak spominas ovladace na tlaciaren, tak tie nie, ale aplikacie pre monitorovanie tlace uz v dnesnej dobe tiez bez upozornenia uzivatela "lezu" na internet a moze to potom suvisiet.

Ufff tak uz potom neviem co s tym

No ved ako som napisal ...stiahni si tu utilitku, rozbal a spusti...a daj vediet, co spusta svchost.exe a potom sa da dalej

mam ti to vsetko vymenovat?:) ci mozem niekde dat screenshot?

Nie, len ten co taha 100% cpu 2x nan klikni a posli okno services - screen cez scroll alebo napis, co tam je.

A este daj cesty z okna image alebo screen

mozem ti na mail alebo niekde poslat screenshot so services?
tu su tie cesty:
path:C:\WINDOWS\System32\svchost.exe
Command line:C:\WINDOWS\System32\svchost.exe -k netsvcs
Current directory:C:\WINDOWS\system32\

počujte odborníci, nechcem sa vám tu do toho montovať, ale mne robil svchost.exe hovadiny vtedy, keď som nainštaloval nové prostredie, novú tému, skin na win xp... také ako luna element šli, ale ak sú zložitejšie, tak môžu dokafrať komp, hlavne keď sú robené amatérmi...

marianna161 inštalovala si nejakú tému, skin na win xp?

Nic take som neinstalovala.Naposledy som instalovala len tlaciaren,ktora mi robila problemy,ako som vyssie pisala.Ked som odstarnila problemy so spoolsv.exe,zacalo robit toto.Nic ine som nedavala:Dovtedy mi slo vsetko ako hodinky

Vola sa kniznica: Remote Access Auto Connection Manager.., inak ostatne veci su tam v poriadku, co je spravca pre automaticke pripojenie pomocou vzdialeneho pristupu, ale -nevidim dovod

Skontroluje ci aj momentalne bezi ..
Daj Start Spustit napis services.msc [enter] a vyhladaj sluzbu Remote Access Auto Connection Manager - nesmie byt spustena a vsetko nastavene rucne.

No a taktiez, co sa tyka tlaciarni, je volana kniznica srvsc.dll a ma nastarosti zdielanie suborov a tlaciarni. A ci ma nejaky problem, to neviem takto povedat, ale dala by sa na skusku docasne zastavit.

A zrovna tento svchost vola aj automaticke aktualizacie a aj sluzbu pre obnovenie systemu, co by sa tiez dalo na skusku vypnut...

Tich kniznic je presne 30 a jedna z nich robi problem, takze malo by sa dosjt na to, ktora to je..alebo reinstal

Stopla som to,no svchost.exe stale blbne

Tento svchost je dolezity, cely ho nemozes zastavit, vola zivotne dolezite veci Windowsu. Ine by bolo, keby to bol svchost.exe so samostatnou kniznicou.

Zastavila len rasauto.dll?
No ..tak je tam este 29 kniznic.

Musela by si postupne pozriet ktora sluzba je aj zo zoznamu spustena a tak odhalit, ktora sluzba to sposobuje..

Hej,ja viem,ze je dolezity.. Viem,ze tam musi byt... len nie s takym zatazenim procesora

Tak mozes cez Process Explorer v menu services vyuzit [pause] - [resume] v a tak skor najst, ktora sluzba to sposobuje. Len je to riskantne, ked Ti po pause nezareaguje [resume] a zamrzne pc