můžeš smazat prázdnou složku:
c:\documents and settings\All Users\CydMini
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Spusť F-Secure Online Scanner
Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .
svchost 100% využití CPU Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost 100% využití CPU
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: svchost 100% využití CPU
Scanning Report
Thursday, April 1, 2010 09:30:03 - 10:16:09
Computer name: MASINKA
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ G:\
13 malware found
TrackingCookie.Atdmt (spyware)
* System (Disinfected)
Rootkit.26055 (spyware)
* System (Disinfected)
Suspicious:W32/Malware!Gemini (spyware)
* System (Disinfected)
TrackingCookie.Doubleclick (spyware)
* System (Disinfected)
Rootkit.26055 (virus)
* C:\WINDOWS\SYSTEM32\DRIVERS\START.SYS (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\PROGRAM FILES\TOPSTYLE 4\TOPSTYLE4.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\FREERAPID-0.83U1\FREERAPID-0.83U1\FRD.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\PLOCHA\FREERAPID-0.81\FRD.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\HONZA\FREERAPID-DOWNLOADER_0.81\FREERAPID-0.81\FRD.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE (Not cleaned & Submitted)
Statistics
Scanned:
* Files: 48197
* System: 4974
* Not scanned: 12
Actions:
* Disinfected: 4
* Renamed: 0
* Deleted: 0
* Not cleaned: 9
* Submitted: 5
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\DOKUMENTY\1\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\DOKUMENTY\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0037FBF7C62D77E048C4FFBA100DC6DD_33D9AD2F-8F34-4A2B-BA7D-8967180C493C
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\2392
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\3640
Options
Scanning engines:
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics
Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Thursday, April 1, 2010 09:30:03 - 10:16:09
Computer name: MASINKA
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ G:\
13 malware found
TrackingCookie.Atdmt (spyware)
* System (Disinfected)
Rootkit.26055 (spyware)
* System (Disinfected)
Suspicious:W32/Malware!Gemini (spyware)
* System (Disinfected)
TrackingCookie.Doubleclick (spyware)
* System (Disinfected)
Rootkit.26055 (virus)
* C:\WINDOWS\SYSTEM32\DRIVERS\START.SYS (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\PROGRAM FILES\TOPSTYLE 4\TOPSTYLE4.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\FREERAPID-0.83U1\FREERAPID-0.83U1\FRD.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\PLOCHA\FREERAPID-0.81\FRD.EXE (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\HONZA\FREERAPID-DOWNLOADER_0.81\FREERAPID-0.81\FRD.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE (Not cleaned & Submitted)
Statistics
Scanned:
* Files: 48197
* System: 4974
* Not scanned: 12
Actions:
* Disinfected: 4
* Renamed: 0
* Deleted: 0
* Not cleaned: 9
* Submitted: 5
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\DOKUMENTY\1\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\DOKUMENTY\BLBOSTIČKY\NIC.DOC
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0037FBF7C62D77E048C4FFBA100DC6DD_33D9AD2F-8F34-4A2B-BA7D-8967180C493C
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\2392
* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\3640
Options
Scanning engines:
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics
Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost 100% využití CPU
Stáhni si program OTM (by OldTimer) pokud si ho nesmazal , tak ho tam máš (v PC)...
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
C:\WINDOWS\SYSTEM32\DRIVERS\START.SYS
C:\PROGRAM FILES\TOPSTYLE 4\TOPSTYLE4.EXE
C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\FREERAPID-0.83U1\FREERAPID-0.83U1\FRD.EXE
C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\PLOCHA\FREERAPID-0.81\FRD.EXE
C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\HONZA\FREERAPID-DOWNLOADER_0.81\FREERAPID-0.81\FRD.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREWLM.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\STBREAIM.EXE
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: svchost 100% využití CPU
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\START.SYS not found.
File/Folder C:\PROGRAM FILES\TOPSTYLE 4\TOPSTYLE4.EXE not found.
File/Folder C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\FREERAPID-0.83U1\FREERAPID-0.83U1\FRD.EXE not found.
File/Folder C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\PLOCHA\FREERAPID-0.81\FRD.EXE not found.
C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\HONZA\FREERAPID-DOWNLOADER_0.81\FREERAPID-0.81\frd.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbreaim.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbrewlm.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbrewlm.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbreaim.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 175727207 bytes
->Temporary Internet Files folder emptied: 2804209 bytes
->Java cache emptied: 29627 bytes
->FireFox cache emptied: 3589547 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Honza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: HONZA.MASINKA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: JOSEF
->Temp folder emptied: 177837548 bytes
->Temporary Internet Files folder emptied: 238969 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29679230 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2217 bytes
User: learning
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Seky
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 378,00 mb
OTM by OldTimer - Version 3.1.10.1 log created on 04012010_201246
Files moved on Reboot...
Registry entries deleted on Reboot...
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\START.SYS not found.
File/Folder C:\PROGRAM FILES\TOPSTYLE 4\TOPSTYLE4.EXE not found.
File/Folder C:\DOCUMENTS AND SETTINGS\JOSEF\DOKUMENTY\HONZA\FREERAPID-0.83U1\FREERAPID-0.83U1\FRD.EXE not found.
File/Folder C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\PLOCHA\FREERAPID-0.81\FRD.EXE not found.
C:\DOCUMENTS AND SETTINGS\HONZA.MASINKA\DOKUMENTY\HONZA\HONZA\FREERAPID-DOWNLOADER_0.81\FREERAPID-0.81\frd.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbreaim.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbrewlm.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbrewlm.exe moved successfully.
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACÍ\{5FBDCA6E-055E-4083-89AA-123FF33DCB7F}\OFFLINE\MFILEBAGIDE.DLL\BAG\stbreaim.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 175727207 bytes
->Temporary Internet Files folder emptied: 2804209 bytes
->Java cache emptied: 29627 bytes
->FireFox cache emptied: 3589547 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Honza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: HONZA.MASINKA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: JOSEF
->Temp folder emptied: 177837548 bytes
->Temporary Internet Files folder emptied: 238969 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29679230 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2217 bytes
User: learning
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Seky
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 378,00 mb
OTM by OldTimer - Version 3.1.10.1 log created on 04012010_201246
Files moved on Reboot...
Registry entries deleted on Reboot...
Notebook: Acer Extensa 5230E
Re: svchost 100% využití CPU
Kdyby byl potřeba nový log z HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:01, on 1.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 4791 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:01, on 1.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 4791 bytes
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost 100% využití CPU
Můžeš smazat :
C:\_OTM.
Logy OK, jak vypadá vytížení CPU?
C:\_OTM.
Logy OK, jak vypadá vytížení CPU?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost 100% využití CPU Vyřešeno
Nemáš zač , pokud by bylo vše OK , můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 102 hostů