svchost.exe a vytizeni CPU na 100%

[struhadlo]

Dobry den,
mam problem, do pocitaci se mi dostal nejaky bordel. Pokousel jsem se problem odstranit pomoci rad v podobnych tematech, ale bohuzel neuspesne.

Prikladam log z RSIT

Dekuji predem za jakoukoliv radu

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ctibor at 2013-09-12 13:16:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (7%) free of 15 GB
Total RAM: 755 MB (31% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ctibor\Data aplikací\Mozilla\Firefox\Profiles\xqdp3i4w.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-26 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-26 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMUserServices"=C:\Program Files\Virtual Machine Additions\vmusrvc.exe [2007-01-25 112008]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-07-01 4411440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SmartSVN 4 (background).lnk - C:\Program Files\SmartSVN 4\bin\smartsvn.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\FireBird\bin\fbserver.exe"="C:\Program Files\FireBird\bin\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2013-09-12 13:17:00 ----D---- C:\Program Files\trend micro
2013-09-12 13:16:55 ----D---- C:\rsit
2013-09-12 13:02:02 ----A---- C:\ComboFix.txt
2013-09-12 11:39:45 ----D---- C:\AdwCleaner
2013-09-11 13:50:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2013-09-11 13:50:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-11 10:00:11 ----A---- C:\Boot.bak
2013-09-11 10:00:05 ----RASHD---- C:\cmdcons
2013-09-11 09:57:47 ----A---- C:\WINDOWS\zip.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\SWSC.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\SWREG.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\sed.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\PEV.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\NIRCMD.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\MBR.exe
2013-09-11 09:57:47 ----A---- C:\WINDOWS\grep.exe
2013-09-11 09:56:34 ----D---- C:\Qoobox
2013-09-11 09:55:14 ----D---- C:\WINDOWS\erdnt
2013-09-11 08:48:16 ----D---- C:\Config.Msi
2013-09-11 08:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2013-09-11 08:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2013-09-11 08:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2013-09-10 08:38:27 ----HD---- C:\WINDOWS\$hf_mig$
2013-09-09 14:23:29 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2013-08-22 15:05:48 ----D---- C:\Documents and Settings\Ctibor\Data aplikací\Thunderbird
2013-08-22 15:05:33 ----D---- C:\Program Files\Mozilla Thunderbird
2013-08-22 15:05:26 ----D---- C:\Documents and Settings\Ctibor\Data aplikací\Opera Software
2013-08-22 15:05:20 ----D---- C:\Program Files\Opera
2013-08-21 13:22:21 ----D---- C:\Program Files\Microsoft Works
2013-08-21 13:22:04 ----D---- C:\Program Files\Microsoft Visual Studio
2013-08-21 13:22:04 ----D---- C:\Program Files\Common Files\DESIGNER
2013-08-21 13:21:43 ----D---- C:\Program Files\Microsoft.NET
2013-08-21 13:19:33 ----D---- C:\Program Files\Microsoft Office
2013-08-21 13:19:16 ----RD---- C:\MSOCache
2013-08-21 10:56:35 ----D---- C:\Documents and Settings\Ctibor\Data aplikací\OpenOffice
2013-08-21 10:45:22 ----D---- C:\Program Files\OpenOffice 4
2013-08-19 08:58:53 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-09-12 13:17:00 ----RD---- C:\Program Files
2013-09-12 13:11:38 ----D---- C:\WINDOWS\Prefetch
2013-09-12 12:53:02 ----SD---- C:\WINDOWS\Tasks
2013-09-12 12:50:01 ----D---- C:\WINDOWS
2013-09-12 12:50:01 ----A---- C:\WINDOWS\system.ini
2013-09-12 12:47:54 ----D---- C:\WINDOWS\Temp
2013-09-12 12:42:27 ----D---- C:\WINDOWS\system32
2013-09-12 12:42:26 ----D---- C:\WINDOWS\system32\drivers
2013-09-12 12:42:24 ----D---- C:\WINDOWS\AppPatch
2013-09-12 12:41:21 ----D---- C:\Program Files\Common Files
2013-09-12 12:11:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-12 12:04:59 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-12 10:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\firebird
2013-09-12 10:15:53 ----D---- C:\home
2013-09-12 09:51:44 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-12 09:24:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-09-11 12:15:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-11 10:00:12 ----RASH---- C:\boot.ini
2013-09-11 08:48:20 ----SHD---- C:\WINDOWS\Installer
2013-09-11 08:36:05 ----HD---- C:\WINDOWS\inf
2013-09-11 08:35:55 ----A---- C:\WINDOWS\imsins.BAK
2013-09-11 08:35:43 ----D---- C:\Program Files\Outlook Express
2013-09-10 11:12:32 ----AD---- C:\Advis_4.0
2013-09-09 14:23:38 ----D---- C:\WINDOWS\SoftwareDistribution
2013-09-09 14:23:35 ----D---- C:\WINDOWS\Help
2013-08-27 11:51:02 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-22 15:19:18 ----SD---- C:\Documents and Settings\Ctibor\Data aplikací\Microsoft
2013-08-22 14:45:56 ----A---- C:\WINDOWS\IE4 Error Log.txt
2013-08-22 12:50:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-08-22 12:50:19 ----RSD---- C:\WINDOWS\assembly
2013-08-22 12:49:50 ----RSD---- C:\WINDOWS\Fonts
2013-08-22 12:48:47 ----A---- C:\WINDOWS\win.ini
2013-08-22 12:48:44 ----D---- C:\Program Files\Common Files\System
2013-08-21 14:25:13 ----D---- C:\Program Files\Adobe
2013-08-21 14:25:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-08-21 13:22:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-21 12:16:08 ----D---- C:\WINDOWS\WinSxS
2013-08-21 12:07:17 ----D---- C:\Program Files\OpenOffice.org 3
2013-08-21 10:41:46 ----D---- C:\Program Files\LibreOffice 4.0
2013-08-14 13:23:38 ----D---- C:\AIS_1.0
2013-08-14 12:30:45 ----D---- C:\Documents and Settings\Ctibor\Data aplikací\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-07-01 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-07-10 39224]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 catchme;catchme; \??\C:\DOCUME~1\Ctibor\LOCALS~1\Temp\catchme.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\FireBird\bin\fbguard.exe [2010-09-17 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-26 182184]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\FireBird\bin\fbserver.exe [2010-09-17 3735552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-19 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!

Pokousel jsem se problem odstranit pomoci rad v podobnych tematech.....

Hlavně, že tak, ale pravidla jste si nepřečetl, jinak byste věděl, že profi utilita ComboFix se nespouští bez pokynu rádce.

Hlavní váš problém je v přeplnění systémového disku (pouhý 1GB volného místa je opravdu málo). Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[struhadlo]

Zdravim,

moje blbost, ze jsem prehlid tohle pravidlo . Pravdepodobne je to v pytli, kdyz vidim ze v logu uz nic neni. Aspon mam pouceni pro priste, kdyz dostanu na pocitac zase nejakej vir, ze to chce i znalost dane problematiky a ne jenom spustit nekolik programu a doufat ze to bude ok.

edit. Problem odstranen nebyl. Chvili po startu windows zacne opet svchost.exe vytezezovat CPU na 100%.

Prikladam log z AdwCleaner


# AdwCleaner v3.003 - Report created 13/09/2013 at 08:38:32
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ctibor - DEV91
# Running from : C:\Documents and Settings\Ctibor\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Ctibor\Data aplikací\Mozilla\Firefox\Profiles\xqdp3i4w.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1800 octets] - [12/09/2013 11:39:48]
AdwCleaner[R1].txt - [920 octets] - [13/09/2013 08:21:10]
AdwCleaner[S0].txt - [1883 octets] - [12/09/2013 12:00:00]
AdwCleaner[S1].txt - [842 octets] - [13/09/2013 08:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [901 octets] ##########

[Rudy]

Když už jste CF spustil, dejte z něj log. Najdete ho v c:\combofix.txt.

[struhadlo]

Prikladam log z ComboFix.


ComboFix 13-09-10.03 - Ctibor 12.09.2013 12:15:00.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.755.414 [GMT 2:00]
Spuštěný z: c:\home\Download\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000116_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-12 do 2013-09-12 )))))))))))))))))))))))))))))))
.
.
2013-09-12 09:39 . 2013-09-12 10:00 -------- d-----w- C:\AdwCleaner
2013-09-11 11:50 . 2013-09-11 12:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-09-11 11:50 . 2013-09-11 11:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-09-11 10:15 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-09-11 06:54 . 2013-09-11 06:54 -------- d-----w- c:\documents and settings\Ctibor\Local Settings\Data aplikací\PCHealth
2013-09-10 06:38 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-09-10 06:38 . 2013-09-11 06:35 -------- d--h--w- c:\windows\$hf_mig$
2013-08-22 13:05 . 2013-08-23 07:10 -------- d-----w- c:\documents and settings\Ctibor\Local Settings\Data aplikací\Thunderbird
2013-08-22 13:05 . 2013-08-22 13:05 -------- d-----w- c:\documents and settings\Ctibor\Data aplikací\Thunderbird
2013-08-22 13:05 . 2013-08-27 12:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-08-22 13:05 . 2013-08-22 13:05 -------- d-----w- c:\documents and settings\Ctibor\Local Settings\Data aplikací\Opera Software
2013-08-22 13:05 . 2013-08-22 13:05 -------- d-----w- c:\documents and settings\Ctibor\Data aplikací\Opera Software
2013-08-22 13:05 . 2013-08-22 13:05 -------- d-----w- c:\program files\Opera
2013-08-22 12:57 . 2013-08-22 12:57 -------- d-----w- c:\documents and settings\Ctibor\Local Settings\Data aplikací\Chromium
2013-08-21 11:22 . 2013-08-21 11:22 -------- d-----w- c:\program files\Microsoft Works
2013-08-21 11:21 . 2013-08-21 11:21 -------- d-----w- c:\program files\Microsoft.NET
2013-08-21 11:19 . 2013-08-21 11:19 -------- d-----r- C:\MSOCache
2013-08-21 08:56 . 2013-08-21 08:56 -------- d-----w- c:\documents and settings\Ctibor\Data aplikací\OpenOffice
2013-08-21 08:45 . 2013-08-21 10:17 -------- d-----w- c:\program files\OpenOffice 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 23:51 . 2013-02-08 02:37 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2012-04-19 02:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2011-12-23 11:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2012-02-22 03:25 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-09 23:32 . 2012-01-31 02:46 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-06-30 23:45 . 2011-12-23 11:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-26 07:50 . 2013-06-26 07:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-26 07:50 . 2013-06-26 07:50 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-26 07:50 . 2012-09-18 07:57 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-26 07:50 . 2012-09-18 07:57 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-26 07:13 . 2012-11-07 11:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-26 07:13 . 2012-11-07 11:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2010-02-09 10:33 . 2010-02-24 11:52 533 ----a-w- c:\program files\MyDel.bat
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2008-09-15 16:20 250368 ----a-w- c:\program files\SmartSVN 4\lib\shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMUserServices"="c:\program files\Virtual Machine Additions\vmusrvc.exe" [2007-01-25 112008]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SmartSVN 4 (background).lnk - c:\program files\SmartSVN 4\bin\smartsvn.exe --server-mode [2008-9-15 210944]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\FireBird\\bin\\fbserver.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31.1.2012 4:46 39224]
R1 1-driver-vmsrvc;Virtual Machine Additions Services Driver;c:\windows\system32\drivers\vmsrvc.sys [25.1.2007 23:09 68488]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22.2.2012 5:25 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19.3.2012 5:17 182072]
R1 msvmmouf;Virtual Machine Additions Mouse Integration Filter Driver;c:\windows\system32\drivers\msvmmouf.sys [17.11.2005 4:47 5632]
R2 1-vmsrvc;Virtual Machine Additions Services Application;c:\program files\Virtual Machine Additions\vmsrvc.exe [25.1.2007 23:09 91528]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23.7.2013 19:09 283136]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\FireBird\bin\fbguard.exe [11.6.2012 10:42 98304]
R2 MRxVPC;Virtual Machine Additions Folder Sharing Driver;c:\windows\system32\drivers\mrxvpc.sys [25.1.2007 23:04 114568]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 VPCMap;Virtual Machine Additions Shared Folder Service;c:\program files\Virtual Machine Additions\vpcmap.exe [25.1.2007 23:04 66952]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [9.6.2007 17:09 96256]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\FireBird\bin\fbserver.exe [11.6.2012 10:42 3735552]
R3 vpc-s3;vpc-s3;c:\windows\system32\drivers\vpc-s3.sys [17.11.2005 4:48 66560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4.7.2013 15:53 4939312]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [9.6.2007 17:09 65664]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{C2F058CD-C885-4ADA-9369-232C74213B2E}: NameServer = 81.27.192.33
FF - ProfilePath - c:\documents and settings\Ctibor\Data aplikací\Mozilla\Firefox\Profiles\xqdp3i4w.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 12:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\program files\Virtual Machine Additions\mrxvpcnp.dll
.
- - - - - - - > 'explorer.exe'(2312)
c:\program files\SmartSVN 4\lib\shellext.dll
c:\program files\Virtual Machine Additions\mrxvpcnp.dll
.
Celkový čas: 2013-09-12 13:01:53
ComboFix-quarantined-files.txt 2013-09-12 11:01
.
Před spuštěním: 1 138 094 080
Po spuštění: 1 104 723 968
.
- - End Of File - - 27FE61166785ED9F3ED7190FD1A8626C
413FC2A0C716421B3158746D63736515

[Rudy]

Log CF je OK po smazání několika položek. Zkuste odinatalovat Spybot, může být v konfliktu s antispy AVG.

[struhadlo]

Uvolnil jsem nejake misto na disku, odinstaloval Spybot a restartoval. Chvili po startu nabehne zase svchost.exe a zacne vytezovat CPU na 100%.

[Rudy]

Přeinstalujte antivir a na zkoušku vypněte aut. aktualizace.

[struhadlo]

S odinstalaci antiviru jsem mel trochu problemy. Zobrazovalo se hlaseni, ze nelze ziskat pristup k instalacni sluzbe. Pro odinstalaci jsem pouzil AVG Remover, ktery antivir odstranil.

Pri instalaci se objevil stejny problem. Podle chybove zpravy jsem nasel navod na strankach Microsoftu, kde byl popsat navod jak chybu odstranit http://support.microsoft.com/kb/315353/cs. Pote jiz instalace probehla bez problemu.

Po restartu pocitace vsak nebyl problem stale vyresen. Zkusil jsem vypnout automaticke aktualizace systemu windows a pocitac restartoval. Po nabehnuti systemu se jiz svchost.exe, ktery vytezoval CPU na 100% nespustil. Zkusil jsem pustit automatickou aktualizaci manualne a problem nastal znovu. Automaticke aktualizace necham zatim vypnute. Pokud najdu nejake reseni na problem s aktualizacemi systemu windows, uverenim ho zde, pokud by mel nekdo stejny problem.

Velice vam dekuji za pomoc pri reseni meho problemu

[Rudy]

Aut aktualizace zkuste opět zapnout příští měsíc (druhou středu), kdy jsou windows pravidelně aktualizovány. Většinou se napodruhé podaří nainstalovat aktualizace korektně. Nemáte zač!