CPU 100%+svchost+help

[Jack06]

Prosím pomozte mé cpu se občas vyšplhá až na 100% využítí CPU a necím co s tím
Zde je použítí vyjeté proces explorerem

Kód: Vybrat vše

Process   PID   CPU   Description   Company Name
System Idle Process   0         
 Interrupts   n/a   1.54   Hardware Interrupts   
 DPCs   n/a      Deferred Procedure Calls   
 System   4         
  smss.exe   604      Správce relací systému Windows NT   Microsoft Corporation
   csrss.exe   680      Client Server Runtime Process   Microsoft Corporation
   winlogon.exe   704      Windows NT Logon Application   Microsoft Corporation
    services.exe   748      Services and Controller app   Microsoft Corporation
     svchost.exe   912      Generic Host Process for Win32 Services   Microsoft Corporation
      CapabilityManager.exe   2040      Capability Manager   Popwire AB
      NMIndexStoreSvr.exe   432      Nero Home   Nero AG
      FxSvr2.exe   576      QuickCam Framework Server   Labtec Inc.
      Generic.exe   1452      Generic Device Management Executable.   Teleca Software Solutions
      epmworker.exe   2364      CAPI_Worker Module   Sony Ericsson Mobile Communications AB
      wmiprvse.exe   2892      WMI   Microsoft Corporation
     svchost.exe   968      Generic Host Process for Win32 Services   Microsoft Corporation
    svchost.exe   1068   89.23   Generic Host Process for Win32 Services   Microsoft Corporation
      wuauclt.exe   2904      Windows Update Automatic Updates   Microsoft Corporation
     svchost.exe   1112      Generic Host Process for Win32 Services   Microsoft Corporation
     svchost.exe   1200      Generic Host Process for Win32 Services   Microsoft Corporation
     spoolsv.exe   1628      Spooler SubSystem App   Microsoft Corporation
     AppleMobileDeviceService.exe   1704      Apple Mobile Device Service   Apple, Inc.
     mDNSResponder.exe   1796      Bonjour Service   Apple Inc.
     MDM.EXE   2008      Machine Debug Manager   Microsoft Corporation
     nod32krn.exe   2088      NOD32 Kernel Service   Eset
     nvsvc32.exe   2128      NVIDIA Driver Helper Service, Version 71.25   NVIDIA Corporation
     StarWindService.exe   2672      StarWind iSCSI Target (Alcohol Edition)   Rocket Division Software
     svchost.exe   2712      Generic Host Process for Win32 Services   Microsoft Corporation
     iPodService.exe   3788      iPodService Module   Apple Inc.
     alg.exe   2756      Application Layer Gateway Service   Microsoft Corporation
    lsass.exe   760      LSA Shell (Export Version)   Microsoft Corporation
    taskmgr.exe   1388      Správce úloh   Microsoft Corporation
explorer.exe   1556      Průzkumník Windows   Microsoft Corporation
 LVCOMSX.EXE   1740      LVCom Server   Labtec Inc.
 LogiTray.exe   1748      ImageStudio Tray Application   Labtec Inc.
 remoterm.exe   1756      Remote Control Application   Pinnacle Systems
 rundll32.exe   1788      Run a DLL as an App   Microsoft Corporation
 cledx.exe   1820      Team H2O CLEDX   Team H2O
 mHotkey.exe   1828      Chicony Multimedia Driver   Chicony
 SOUNDMAN.EXE   1852      Realtek Sound Manager   Realtek Semiconductor Corp.
 nod32kui.exe   1868      NOD32 Control Center GUI   Eset
 Application Launcher.exe   1896      Application Launcher   Sony Ericsson Mobile Communications AB
 jusched.exe   1912      Java(TM) Platform SE binary   Sun Microsystems, Inc.
 iTunesHelper.exe   1964      iTunesHelper Module   Apple Inc.
 ctfmon.exe   176      CTF Loader   Microsoft Corporation
 NMBgMonitor.exe   212      Nero Home   Nero AG
 StrongDC.exe   3360      StrongDC++   
 uTorrent.exe   2560         
 qip.exe   1524      Quiet Internet Pager   The Author of QIP
 Skype.exe   356      Skype. Take a deep breath    Skype Technologies S.A.
  skypePM.exe   540      Skype Extras Manager   Skype Technologies
 firefox.exe   552      Firefox   Mozilla Corporation
 TOTALCMD.EXE   932      Total Commander 32 bit international version, file manager replacement for Windows   C. Ghisler & Co.
  xczoffbot.exe   3760         
  wmplayer.exe   1908   3.08   Windows Media Player   Microsoft Corporation
   setup_wm.exe   1128      Microsoft Windows Media Configuration Utility   Microsoft Corporation
 procexp.exe   1688   6.15   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com




[Reklama]

[Baron Prášil]

tak tě vítám v antivirové léčebně fóra PC-HELP

začal bych standardním vyšetřením na hijackthis. návod na něj mám v podpisu

[Jack06]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:37, on 31.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Software\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Pinnacle\PCTV Sat\Remote\Remoterm.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\mHotkey.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Software\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Software\QIP\qip.exe
D:\Documents and Settings\Jack\Plocha\stahy\DC\StrongDC.exe
C:\totalcmd\TOTALCMD.EXE
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Windows Media Player\setup_wm.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Software\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Software\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Software\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Software\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PCTVRemote] D:\Program Files\Pinnacle\PCTV Sat\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Software\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Software\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QIP2005] D:\Software\QIP\qip.exe
O4 - HKCU\..\Run: [FreeCall] "D:\Software\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = D:\Games\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Software\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Software\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8258280765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Software\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8578 bytes

[Baron Prášil]

log je v pořádku. systém je špatně zabezpečen!

nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm,Comodo nebo Ashampoo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
Ashampoo Firewall free + čeština

a nainstaluj taky antispyware s rezidentním štítem
Spyware Terminator nebo Spybot S&D
návod na ST http://www.viry.cz/forum/viewtopic.php?t=44730
návod na Spybot http://www.jaknato.com/index.php?clanek ... tne-slouzi
ten aktualizuj a proskenuj systém

sleduj taskmanagera nebo Process Explorer a zkus zjistit kterej proces ti vytěžuje CPU

též předpokládám,že jsi skenoval nodem-nějaké nálezy. udělej sken po restartu.

a dej vědět