none
svchost netsvcs kernell32.dll cpu usage problém

    Dotaz

  • Zdravím,

    mám dotaz na svchost, vytěžuje cpu na 100 %. Našel jsem si téma na tomto foru od 16. listopadu 2009, kde se doporučuje svchost oscanovat antivirem, popř updatovat windows update agent. Oscanoval jsem pomocí MS Security Essentials c:\windows\system32\svchost.exe  - žádný vir nenalezen. Možná bych měl oscanovat netsvcs a kernell32?

    Kde zjistím verzi windows update agenta?

    Jinak zde podrobnosti:

     

    Snad pomohou.

     

    Předem pozdravuji pana Prágla, na jehož přednáškách v prvním ročníku bakalářského studia FIT ČVUT jsem před rokem byl. :)

     

    Předem děkuji za jakoukoli pomoc.

     

    P.S.: Na obrázku je okénko Stack for thread 3964, položky v tomto okénku se mohou mírně lišit při každém restartu systému (popř. s během času).



    středa 11. května 2011 16:39

Odpovědi

Všechny reakce

  • Ahoj, kolego,

    hodne divne je ze parent process tohoto service chvostu je explorer.exe. Jakou verzi Process Exploreru mas ze u toho svchostu neni tab "Services" (u korektnich sluzeb spoustenych pres svchost tato zalozka je?)? Jaky procesor mas v sestave? Neni to vicejadro AMD?

    Windows Update Agent by se mel sam predstavit ve %windir%\windowsupdate.log

    MP




    středa 11. května 2011 20:06
    Moderátor
  • Měla by to být nejnovější verze Process Exploreru, stáhl jsem ji dnes/včera, takže ta od 3. května - 14.11

    Jinak jedná se o notebook Acer Aspire 3003wlmi, Mobile AMD Sempron procesor 3000+, je to už starší mašina na dnešní poměry.

    Momentálně pouštím AVG rescue CD - bootuju z pamětové karty. Trvá to dlouho, nějaké adware to zatím našlo, ovšem ještě nejsem nejspíš ani zdaleka u konce scanu.

    středa 11. května 2011 20:33
  • Tak AVG doběhl, oscanoval vše, ale nenašel nic. Co se týče WindowsUpdate.log - je to tento řádek? "WU client version 7.4.7600.226"
    středa 11. května 2011 23:00
  •  1. McSACore.exe je soubor, ktery by mel mit digitalni podpis. Existuje malware, ktery se tvari jako MsSACore, ale je umisteny jinde, nez prava verze programu.

    2. Udelejte analyzu pomoci HiJackThis a uvedte tady vystupni log.

    3. Mate na pocitaci grafiku od NVIDIA (typ, driver,...)?

    Pod carou: Uvadejte vzdy radeji cely vypis. Neni od veci pri podezreni na nezadouci software spustit Autoruns a take poskytnout vypis.



    čtvrtek 12. května 2011 5:57
    Moderátor
  • Děkuji za odpověď.

    Nemám 2 antiviry - mám pouze Security Essentials. To od McAfee je pouze Site Advisor pro Firefox (a asi i Internet Explorer).

    Výpis z autoruns poskytnu později, zatim výstup z hijack this:

    ===================================================

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:29:46, on 12.5.2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    D:\fix_svchost\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264587424968
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    --
    End of file - 7940 bytes

    čtvrtek 12. května 2011 14:43
  • A jinak grafika není nVidia. Jedná se o věstavěnou grafiku od SiS.

     

    U toho McSACore.exe, co má potomka rundll32 na prvním obrázku jsem dal v Process Exploreru pravym tlačitkem properties a na záložce image verify - píše "Site Advisor (Verified) McAfee, Inc."

    čtvrtek 12. května 2011 14:51
  • Výstup autoruns:

    ======================================

     

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
    + "AGRSMMSG"    "SoftModem Messaging Applet"    "Agere Systems"    "c:\windows\agrsmmsg.exe"
    + "eRecoveryService"    "OBRCheck"    "acer Inc."    "c:\windows\system32\check.exe"
    + "LaunchApp"    "Acer Launch Tool Utility"    "Acer Inc."    "c:\windows\alaunch.exe"
    + "LManager"    "Launch Manager"    "Dritek System Inc."    "c:\program files\launch manager\qtzgacer.exe"
    + "mouseElf"    "The Mouse main program"    ""    "c:\program files\scroll mouse\mouseelf.exe"
    + "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"
    + "MSPY2002"    ""    ""    "c:\windows\system32\ime\pintlgnt\imscinst.exe"
    + "PCMService"    "CyberLink PowerCinema Resident Program"    "CyberLink Corp."    "c:\program files\arcade\pcmservice.exe"
    + "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files\quicktime\qttask.exe"
    + "SiS Windows KeyHook"    "SiS Compatible Super VGA Keyboard Daemon"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\keyhook.exe"
    + "SiSPower"    "Dynamic link library for setting Power Scheme"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\sispower.dll"
    + "SoundMan"    "Realtek Sound Manager"    "Realtek Semiconductor Corp."    "C:\WINDOWS\soundman.exe"
    + "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics, Inc."    "c:\program files\synaptics\syntp\syntpenh.exe"
    + "SynTPLpr"    "TouchPad Driver Helper Application"    "Synaptics, Inc."    "c:\program files\synaptics\syntp\syntplpr.exe"
    "C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění"    ""    ""    ""
    + "Utility Tray.lnk"    "SiS Compatible Super VGA Tray Application"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\sistray.exe"
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
    + "Adresář 6"    "Knihovna instalačního programu Outlook Express"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
    + "Microsoft Outlook Express 6"    "Knihovna instalačního programu Outlook Express"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
    "HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
    + "dssrequest"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
    + "sacore"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"    ""    ""    ""
    + "0"    ""    ""    "File not found: About:Home"
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
    + "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
    + "PSPad"    ""    ""    "c:\program files\pspad editor\pspadshell.dll"
    + "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
    + "jetAudio"    "Shell Extension for jetAudio"    "JetAudio"    "c:\program files\jetaudio\jetflext.dll"
    "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
    + "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
    + "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
    + "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
    "HKCU\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
    + "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"    ""    "OpenOffice.org"    "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
    + "jetAudio"    "Shell Extension for jetAudio"    "JetAudio"    "c:\program files\jetaudio\jetflext.dll"
    + "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
    + "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
    + "Java(tm) Plug-In 2 SSV Helper"    "Java(TM) Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jp2ssv.dll"
    + "JQSIEStartDetectorImpl Class"    "Java(TM) Quick Starter binary"    "Sun Microsystems, Inc."    "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
    + "McAfee SiteAdvisor BHO"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
    + "{724d43a9-0d85-11d4-9908-00400523e39a}"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files\siber systems\ai roboform\roboform.dll"
    "HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks"    ""    ""    ""
    + "McAfee SiteAdvisor Toolbar"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
    + "&RoboForm"    "RoboForm Main Module"    "Siber Systems Inc."    "c:\program files\siber systems\ai roboform\roboform.dll"
    + "McAfee SiteAdvisor"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
    + "Fill Forms"    ""    ""    "c:\program files\siber systems\ai roboform\roboformcomfillforms.html"
    + "RoboForm Toolbar"    ""    ""    "c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html"
    + "Save Forms"    ""    ""    "c:\program files\siber systems\ai roboform\roboformcomsavepass.html"
    + "Windows Messenger"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
    "Task Scheduler"    ""    ""    ""
    + "AppleSoftwareUpdate.job"    "Apple Software Update"    "Apple Inc."    "c:\program files\apple software update\softwareupdate.exe"
    + "MP Scheduled Scan.job"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\antimalware\mpcmdrun.exe"
    "HKLM\System\CurrentControlSet\Services"    ""    ""    ""
    + "anbmService"    "Service Program for Acer eManager"    "OSA Technologies Inc."    "c:\acer\emanager\anbmserv.exe"
    + "AppMgmt"    "Poskytuje služby instalace softwaru, jako např. Přiřadit, Publikovat a Odebrat."    ""    "File not found: C:\WINDOWS\System32\appmgmts.dll"
    + "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
    + "JavaQuickStarterService"    "Prefetches JRE files for faster startup of Java applets and applications"    "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jqs.exe"
    + "McAfee SiteAdvisor Service"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcsacore.exe"
    + "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\antimalware\msmpeng.exe"
    + "ose"    "Uloží instalační soubory používané k aktualizacím a opravám. Tento modul je požadován ke stažení aktualizací instalačního programu a zpráv o chybách programu Dr.Watson."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"
    + "WMPNetworkSvc"    "Sdílí knihovny programu Windows Media Player s ostatními hráči v síti a médii pomocí technologie Universal Plug and Play."    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
    "HKLM\System\CurrentControlSet\Services"    ""    ""    ""
    + "AgereSoftModem"    "SoftModem Device Driver"    "Agere Systems"    "c:\windows\system32\drivers\agrsm.sys"
    + "ALCXWDM"    "Realtek AC'97 Audio Driver (WDM)"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\alcxwdm.sys"
    + "BCM43XX"    "Broadcom 802.11 Network Adapter wireless driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcmwl5.sys"
    + "Changer"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
    + "DKbFltr"    "Dritek PS2 Keyboard Filter Driver"    "Dritek System Inc."    "c:\windows\system32\drivers\dkbfltr.sys"
    + "ENTECH"    ""    "EnTech Taiwan"    "c:\windows\system32\drivers\entech.sys"
    + "genmcmnUSB"    "WDM NULL filter driver"    ""    "c:\windows\system32\drivers\gflmouhid.sys"
    + "i2omgmt"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
    + "int15.sys"    ""    ""    "c:\program files\acer\erecovery\int15.sys"
    + "lbrtfdc"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
    + "MpKsl15ad07be"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27101EF7-BD51-42C5-8140-A71CA19FCF9B}\MpKsl15ad07be.sys"
    + "MpKsl222ef3f4"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2E439D94-6C29-488F-83EA-A0097866965C}\MpKsl222ef3f4.sys"
    + "MpKsl486edd9e"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46B1F552-EE84-4C65-99F8-860DF2B193DA}\MpKsl486edd9e.sys"
    + "MpKsl587168d1"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16374017-5808-4C6F-9F95-A1FCA842E6AD}\MpKsl587168d1.sys"
    + "MpKsl63537104"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E7C14796-95A8-4A6B-AF67-875461E29E63}\MpKsl63537104.sys"
    + "MpKsl79e03c98"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16374017-5808-4C6F-9F95-A1FCA842E6AD}\MpKsl79e03c98.sys"
    + "MpKsl7ba79c8d"    "KSLDriver"    "Microsoft Corporation"    "c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{16374017-5808-4c6f-9f95-a1fca842e6ad}\mpksl7ba79c8d.sys"
    + "MpKsl801d321a"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A0216EB-CE27-4ED0-B466-2B945E707D83}\MpKsl801d321a.sys"
    + "MpKsl845bcd3f"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{16374017-5808-4C6F-9F95-A1FCA842E6AD}\MpKsl845bcd3f.sys"
    + "MpKsl97ab5340"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3BAF78B0-AD22-473B-9FFF-51846AB739E9}\MpKsl97ab5340.sys"
    + "MpKsla7cb2bc7"    "KSLDriver"    "Microsoft Corporation"    "c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{16374017-5808-4c6f-9f95-a1fca842e6ad}\mpksla7cb2bc7.sys"
    + "MpKsle5d24a93"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{59EBC051-2E72-4BF6-B110-9FF28AF08D40}\MpKsle5d24a93.sys"
    + "MpKsleea10952"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C50019F6-0939-436B-8D82-CD853B6C37AA}\MpKsleea10952.sys"
    + "MpKslf35d3783"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A0216EB-CE27-4ED0-B466-2B945E707D83}\MpKslf35d3783.sys"
    + "MpKslfcd954e1"    ""    ""    "File not found: c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1972FC9E-6887-413C-BC4B-A91AD2E913AE}\MpKslfcd954e1.sys"
    + "NTIDrvr"    "NTI CD-ROM Filter Driver"    "NewTech Infosystems, Inc."    "c:\windows\system32\drivers\ntidrvr.sys"
    + "PCIDump"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
    + "PDCOMP"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
    + "PDFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
    + "PDRELI"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
    + "PDRFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
    + "pfc"    "Padus(R) ASPI Shell"    "Padus, Inc."    "c:\windows\system32\drivers\pfc.sys"
    + "Ptilink"    "Direct Parallel Link Driver"    "Parallel Technologies, Inc."    "c:\windows\system32\drivers\ptilink.sys"
    + "PxHelp20"    "Px Engine Device Driver for Windows 2000/XP"    "Sonic Solutions"    "c:\windows\system32\drivers\pxhelp20.sys"
    + "Secdrv"    "SafeDisc driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
    + "Ser2pl"    "USB-to-Serial Cable Driver"    "Prolific Technology Inc."    "c:\windows\system32\drivers\ser2pl.sys"
    + "SiS315"    "SiS Compatible Super VGA Driver"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\drivers\sisgrp.sys"
    + "SISAGP"    "SiS AGPv3.5 Filter"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\drivers\sisagpx.sys"
    + "SiSkp"    "SiS VGA Driver Manager"    "Silicon Integrated Systems Corporation"    "c:\windows\system32\drivers\srvkp.sys"
    + "SISNICXP"    "SiS PCI Fast Ethernet Adapter Driver"    "SiS Corporation"    "c:\windows\system32\drivers\sisnicxp.sys"
    + "StMp3Rec"    "Generic MP3 Player USB Driver"    "Generic"    "c:\windows\system32\drivers\stmp3rec.sys"
    + "SynTP"    "Synaptics Touchpad Driver"    "Synaptics, Inc."    "c:\windows\system32\drivers\syntp.sys"
    + "UBHelper"    ""    ""    "c:\windows\system32\drivers\ubhelper.sys"
    + "WDICA"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
    + "msacm.iac2"    "Indeo® Audio Software"    "Ligos Corporation"    "c:\windows\system32\iac25_32.ax"
    + "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
    + "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "c:\windows\system32\sl_anet.acm"
    + "msacm.trspch"    "DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50"    "DSP GROUP, INC."    "c:\windows\system32\tssoft32.acm"
    + "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
    + "vidc.DIVX"    "divx"    "DivXNetworks"    "c:\windows\system32\divx.dll"
    + "VIDC.FPS1"    "Fraps"    "Beepa P/L"    "c:\windows\system32\frapsvid.dll"
    + "vidc.iv31"    "Ligos Indeo® Video 3.2"    "Ligos Corporation"    "c:\windows\system32\ir32_32.dll"
    + "vidc.iv32"    "Ligos Indeo® Video 3.2"    "Ligos Corporation"    "c:\windows\system32\ir32_32.dll"
    + "vidc.iv41"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
    + "vidc.iv50"    "Ligos Indeo® Video 5.11"    "Ligos Corporation"    "c:\windows\system32\ir50_32.dll"
    + "vidc.yv12"    "divx"    "DivXNetworks"    "c:\windows\system32\divx.dll"
    + "vidc.yvu9"    ""    ""    "c:\windows\system32\iyvu9_32.dll"

    čtvrtek 12. května 2011 15:11
  • Pokračování autoruns (nevešlo se do 1 příspěvku):

    ===========================================

     

    "HKLM\Software\Classes\Filter"    ""    ""    ""
    + "Elecard MPEG2 Demultiplexer"    "Moonlight-Elecard MPEG 2 Demultiplexer"    "Moonlight Cordless Ltd."    "c:\program files\sopcast\codec\mpeg2dmx.ax"
    + "Indeo® Video 4.5 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
    + "Indeo® Video 4.5 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
    + "Moonlight H.264 Video Decoder"    "Moonlight H264 Video Decoder"    "Moonlight Cordless Ltd."    "c:\program files\sopcast\codec\h264dec.ax"
    "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
    + "9x8Resize"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "AC3Filter"    "ac3filter"    ""    "c:\program files\ac3filter\ac3filter.ax"
    + "ACELP.net Audio Decoder"    "ACELP.net Audio Decoder"    "Sipro Lab Telecom Inc."    "c:\windows\system32\acelpdec.ax"
    + "Allocator Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "Aspect Ratio Resizer 16x9"    "Aspect Ratio Converter"    "muvee Technologies Pte Ltd"    "c:\program files\common files\muvee technologies\030625\aspectratioconverter16x9.ax"
    + "Aspect Ratio Resizer 4x3"    "Aspect Ratio Converter"    "muvee Technologies Pte Ltd"    "c:\program files\common files\muvee technologies\030625\aspectratioconverter4x3.ax"
    + "Bitmap"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "CyberLink Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\audiofilter\claud.ax"
    + "CyberLink Audio Decoder (Trial)"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\audiofilter\claud_trial.ax"
    + "CyberLink Audio Decoder 0"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad0.ax"
    + "CyberLink Audio Decoder 1"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad1.ax"
    + "CyberLink Audio Decoder 2"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad2.ax"
    + "CyberLink Audio Decoder 3"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad3.ax"
    + "CyberLink Audio Decoder 4"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad4.ax"
    + "CyberLink Audio Decoder 5"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad5.ax"
    + "CyberLink Audio Decoder 6"    "CyberLink Audio Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clad6.ax"
    + "CyberLink Audio Effect"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files\cyberlink\shared files\audiofilter\claudfx.ax"
    + "CyberLink Audio Encoder"    "CyberLink Audio Encoder Filter"    "Cyberlink Corp."    "c:\program files\cyberlink\shared files\pdaudenc.ax"
    + "CyberLink AudioCD Filter"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\audiofilter\claudiocd.ax"
    + "Cyberlink Byte Counter Filter"    "Cyberlink Byte Counter Filter"    "CyberLink Corporation"    "c:\program files\cyberlink\shared files\pdbytecounter.ax"
    + "CyberLink DDR"    "CyberLink DDR"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pdrender.ax"
    + "CyberLink Double Pin Tee"    "Cyberlink Double Tee Filter"    "CtberLink Corporation"    "c:\program files\cyberlink\shared files\pddoubletee.ax"
    + "Cyberlink Dump Dispatch Filter"    "Cyberlink File Dump Dispatch Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\cldumpdispatch.ax"
    + "Cyberlink Dump Filter"    "Cyberlink File Dump Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pddump.ax"
    + "CyberLink DV Buffer"    "CLDVBuffer Filter"    "CyberLink"    "c:\program files\cyberlink\shared files\pddvbuffer.ax"
    + "CyberLink DV Dump Filter"    "DV dump Filter"    "CyberLink Corporation"    "c:\program files\cyberlink\shared files\pddvdump.ax"
    + "CyberLink DV Filter"    "DVTCR"    "CyberLink"    "c:\program files\cyberlink\shared files\pddvtcr.ax"
    + "CyberLink DV Reader Filter"    "DVMultReader Filter"    "CyberLink"    "c:\program files\cyberlink\shared files\pddvmrd.ax"
    + "Cyberlink DV Scene Detect Filter"    "CLDVScnDt"    "CyberLink"    "c:\program files\cyberlink\shared files\cldvscndt.ax"
    + "CyberLink DVD Navigator"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\navfilter\clnavx.ax"
    + "Cyberlink File Reader (Async.)"    "Cyberlink MPEG File Reader"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pdreader.ax"
    + "Cyberlink Gate Filter"    "CLGate"    "CyberLink"    "c:\program files\cyberlink\shared files\pdgate.ax"
    + "CyberLink Line21 Decoder Filter"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\videofilter\clline21.ax"
    + "CyberLink Load Image Filter"    "CLImage"    "CyberLink"    "c:\program files\cyberlink\shared files\climage.ax"
    + "CyberLink LPCM Converter"    "LPCM Converter Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\lpcmcvrt.ax"
    + "CyberLink M2V Writer"    "CLM2VWriter"    "CyberLink"    "c:\program files\cyberlink\shared files\clm2vwriter.ax"
    + "CyberLink MP3 Wrapper-PCM"    "CyberLink MP3 Wrapper"    "CyberLink Corp."    "c:\program files\arcade\music\clmp3wrap.ax"
    + "CyberLink MPEG Audio Encoder (PowerDirector)"    "CyberLink MPEG Audio Encoder"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pdmpgaenc.ax"
    + "CyberLink MPEG Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clmvd.ax"
    + "CyberLink MPEG Muxer"    "MpgMux"    "CyberLink"    "c:\program files\cyberlink\shared files\pdmpgmux.ax"
    + "CyberLink MPEG Video Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clmmd.ax"
    + "CyberLink MPEG Video Encoder"    "CyberLink MPEG Video Encoder                               "    "CyberLink Corp.                                            "    "c:\program files\cyberlink\shared files\pdmpgvenc.ax"
    + "CyberLink MPEG-1 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clm1splter.ax"
    + "CyberLink MPEG-2 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clm2splter.ax"
    + "CyberLink PCM Wrapper"    "CyberLink PCM Wrapper"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\clpcmenc.ax"
    + "CyberLink PP Video/SP Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerproducer\clppvsd.ax"
    + "Cyberlink Sample Drop Filter"    "PDVDrop"    "Cyberlink"    "c:\program files\cyberlink\shared files\pdvdrop.ax"
    + "Cyberlink Scene Detect Filter"    "CLScnDt"    "CyberLink"    "c:\program files\cyberlink\shared files\clscndt.ax"
    + "CyberLink SlideShowLT Source Filter"    "CyberLink Slide Show Controler for PCM"    "CyberLink Corp."    "c:\program files\arcade\photo\slideshowlt.ax"
    + "CyberLink SnapShot Filter"    "CLSnapShot Filter"    "CyberLink"    "c:\program files\cyberlink\shared files\pdsnapshot.ax"
    + "CyberLink TimeStretch Filter"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\audiofilter\clauts.ax"
    + "CyberLink Transform Tee"    "CyberLink Transform Tee"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pdtee.ax"
    + "CyberLink Video Regulator"    "CLRGL"    "Cyberlink"    "c:\program files\arcade\photo\clrgl.ax"
    + "Cyberlink Video Regulator"    "CyberLink Video Regulator"    "CyberLink"    "c:\program files\cyberlink\shared files\pdresample.ax"
    + "CyberLink Video/SP Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\videofilter\clvsd.ax"
    + "CyberLink WAV Dest"    "CLWavDest"    "CyberLink"    "c:\program files\cyberlink\shared files\pdwavdest.ax"
    + "CyberLink Wave Visualization Filter"    "CyberLink Wave Format Renderer Module for PCM"    "CyberLink Corp."    "c:\program files\arcade\music\clwaverender.ax"
    + "CyberLink YUY2 DeInterlace"    "DitlYuY2"    "CyberLink"    "c:\program files\cyberlink\shared files\pdditlyuy2.ax"
    + "CyberLink YUY2 Sub-Sampling"    "SubYUY2 Filter"    "CyberLink Corp."    "c:\program files\cyberlink\shared files\pdsubyuy2.ax"
    + "DirectVobSub"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "Gabest"    "c:\program files\sopcast\codec\vsfilter.dll"
    + "DirectVobSub (auto-loading version)"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "Gabest"    "c:\program files\sopcast\codec\vsfilter.dll"
    + "DivX Decoder Filter"    "DivX® Decoder Filter"    "DivXNetworks, Inc."    "c:\windows\system32\divxdec.ax"
    + "DivX Demux"    "DivX® Media Filter"    "DivXNetworks"    "c:\windows\system32\divxmedia.ax"
    + "DivX Subtitle Decoder"    "DivX® Media Filter"    "DivXNetworks"    "c:\windows\system32\divxmedia.ax"
    + "Elecard MPEG2 Demultiplexer"    "Moonlight-Elecard MPEG 2 Demultiplexer"    "Moonlight Cordless Ltd."    "c:\program files\sopcast\codec\mpeg2dmx.ax"
    + "Frame Eater"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "Honestech VCD/SVCD Encoder"    ""    ""    "File not found: C:\WINDOWS\system32\htvcdsvcd.ax"
    + "Indeo Video (r) 5.11 Progressive Download Source"    "Ligos Indeo® Video IVF Source Filter 5.11"    "Ligos Corporation"    "c:\windows\system32\ivfsrc.ax"
    + "Indeo® Audio Software"    "Indeo® Audio Software"    "Ligos Corporation"    "c:\windows\system32\iac25_32.ax"
    + "Indeo® Video 5.11 Compression Filter"    "Ligos Indeo® Video 5.11"    "Ligos Corporation"    "c:\windows\system32\ir50_32.dll"
    + "Indeo® Video 5.11 Decompression Filter"    "Ligos Indeo® Video 5.11"    "Ligos Corporation"    "c:\windows\system32\ir50_32.dll"
    + "Intervideo 3gFileSource"    "Intervideo 3G File Source Filter"    "Microsoft Corporation"    "c:\program files\intervideo\common\bin\source3g.ax"
    + "Intervideo AMR Decoder"    "IVI AMR Decoding"    "Intervideo, Inc."    "c:\program files\intervideo\common\bin\amrdec.ax"
    + "InterVideo Audio Decoder"    "IVIAUDIO LOGID.36709"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\iviaudio.ax"
    + "InterVideo Audio Processor Fx"    ""    ""    "c:\program files\intervideo\common\bin\auprocfx.ax"
    + "InterVideo Demultiplexer"    "InterVideo® MPEG System Demultiplexer Filter"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ividemux.ax"
    + "Intervideo H.264 Decoder"    "Videosoft H.264 Decoder"    "Videosoft, Inc."    "c:\program files\intervideo\common\bin\ivih264.dll"
    + "InterVideo Navigator"    "IVINAV LOGID.36709"    "InterVideo Inc."    "c:\program files\intervideo\common\bin\ivinav.ax"
    + "InterVideo PSIP/SI Filter"    "InterVideo PSIP/SI Sections/Tables Filter"    "InterVideo, Inc."    "c:\program files\intervideo\common\bin\psidecod.ax"
    + "InterVideo Subtitle"    "Minimal Null Filter (Sample)"    "MyCompanyName"    "c:\program files\intervideo\common\bin\ivisubtitle.ax"
    + "InterVideo Video Decoder"    "IVIVIDEO LOGID.36709"    " InterVideo Inc."    "c:\program files\intervideo\common\bin\ivivideo.ax"
    + "IVI QT source"    "iviQTsource"    "InterVideo"    "c:\program files\intervideo\common\bin\iviqtsource.ax"
    + "JetAudio Audio Decoder"    "DirectShow Audio Decoder for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpad.ax"
    + "JetAudio Audio Encoder"    "DirectShow Audio Encoder for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpax.ax"
    + "JetAudio Audio Stream Switcher"    "Audio Stream Switcher for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetasw.ax"
    + "JetAudio Audio Writer"    "DirectShow Audio Writer for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetawt.ax"
    + "JetAudio AVI Reader"    "DirectShow AVI Spliiter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetavi.ax"
    + "JetAudio AVI Splitter"    "DirectShow AVI Spliiter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetavi.ax"
    + "JetAudio FLV Reader"    "DirectShow FLV Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetflv.ax"
    + "JetAudio FLV Splitter"    "DirectShow FLV Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetflv.ax"
    + "JetAudio MKV Reader"    "DirectShow Matroska Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmkv.ax"
    + "JetAudio MKV Splitter"    "DirectShow Matroska Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmkv.ax"
    + "JetAudio MP4 Reader"    "DirectShow MP4 Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmp4.ax"
    + "JetAudio MP4 Splitter"    "DirectShow MP4 Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmp4.ax"
    + "JetAudio MPEG Decoder"    "DirectShow MPEG Decoder for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpgd.ax"
    + "JetAudio MPEG4 Video Source"    "DirectShow MP4 Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmp4.ax"
    + "JetAudio MPEG4 Video Splitter"    "DirectShow MP4 Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmp4.ax"
    + "JetAudio MPG Reader"    "DirectShow MPG Spliiter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpg.ax"
    + "JetAudio MPG Splitter"    "DirectShow MPG Spliiter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpg.ax"
    + "JetAudio OGM Reader"    "DirectShow OGM Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetogm.ax"
    + "JetAudio OGM Splitter"    "DirectShow OGM Splitter for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetogm.ax"
    + "JetAudio Sound Effector V3"    "Sound Processing DirectShow Filter for jetAudio"    "JetAudio, Inc."    "c:\program files\common files\cowon\jetsfx3.ax"
    + "JetAudio Sound Effector V4"    "DirectShow Sound Effector for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetsfx4.ax"
    + "JetAudio Subtitle Processor"    "DirectShow Subtitle Display Filter for JetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetdsd.ax"
    + "JetAudio Video Decoder"    "DirectShow Video Decoder for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpvd.ax"
    + "JetAudio Video Decoder (DXVA)"    "H.264/VC-1 DXVA video decoder"    "JetAudio, Inc."    "c:\program files\common files\cowon\jetmpvdx.ax"
    + "JetAudio Video Encoder"    "JetAudio Video Encoder for DirectShow"    "JetAudio"    "c:\program files\common files\cowon\jetmpvx.ax"
    + "JetAudio Video Writer"    "DirectShow Video Writer for jetAudio"    "JetAudio"    "c:\program files\common files\cowon\jetmpgx.ax"
    + "Moonlight H.264 Video Decoder"    "Moonlight H264 Video Decoder"    "Moonlight Cordless Ltd."    "c:\program files\sopcast\codec\h264dec.ax"
    + "MPC - RealAudio Decoder"    "RealMedia Splitter"    "MPC-HC Team"    "c:\program files\real alternative\realmediasplitter.ax"
    + "MPC - RealMedia Source"    "RealMedia Splitter"    "MPC-HC Team"    "c:\program files\real alternative\realmediasplitter.ax"
    + "MPC - RealMedia Splitter"    "RealMedia Splitter"    "MPC-HC Team"    "c:\program files\real alternative\realmediasplitter.ax"
    + "MPC - RealVideo Decoder"    "RealMedia Splitter"    "MPC-HC Team"    "c:\program files\real alternative\realmediasplitter.ax"
    + "MPEG Layer-3 Decoder"    "MPEG Layer-3 Audio Decoder"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codecx.ax"
    + "MPEG2 TS Source"    ""    ""    "c:\program files\intervideo\common\bin\mpgtsrdr.ax"
    + "muvee Music Analyser"    "Music Analyser Filter for muvee autoProducer"    "muvee Technologies Pte Ltd"    "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
    + "muvee Video Analyser"    "Video Analyser Filter for muvee autoProducer"    "muvee Technologies Pte Ltd"    "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
    + "Record Queue"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "ShotDetect"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "Stetch"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "Time Regulator"    "TimeRegulator"    "cyberlink"    "c:\program files\cyberlink\powerproducer\avi_audtr.ax"
    + "Time Regulator"    "TimeRegulator"    "cyberlink"    "c:\program files\cyberlink\shared files\avi_audtr.ax"
    + "TTL2 Decompressor"    ""    ""    "c:\program files\sopcast\codec\ttl2dec.dll"
    + "TTL2 DecompressorRGB"    ""    ""    "c:\program files\sopcast\codec\ttl2dec.dll"
    + "WIA Stream Snapshot Filter"    "WIA Stream Snapshot Filter"    "MyCompanyName"    "c:\windows\system32\wiasf.ax"
    + "WM VIH2 Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Audio Analyzer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Black Frame Generator"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT DirectX Transform Wrapper"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT DV Extract Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT FormatConversion"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Import Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Interlacer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Log Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT MuxDeMux Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Sample Info Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Screen capture Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Switch Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Renderer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Source"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Volume"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"

    čtvrtek 12. května 2011 15:12
  • Tak jsem nastartoval XPcka a:
    - msseces.exe mi bezi jako child procesu Explorer.exe a ne pod svchostem
    -vlastni MsMpEng.exe bezi jako samostatna sluzba

    MP

    • Označen jako odpověď IJK_Principle pondělí 16. května 2011 13:58
    pátek 13. května 2011 10:39
    Moderátor
  • 1. Ve vypisech jsem zatim nenasel nic podstatneho.

    2. Zkusil bych cisty start - pres msconfig bych nejdrive zrusil veskere startovani nastavenych sluzeb a postupne bych pridaval sluzby od msseces pocinaje. (Pred tim bych jeste vycistil IE (Delete Browsing History.) a http://support.microsoft.com/kb/310747/cs )

    3. Pro MS SE funguje podpora, takze bych problem adresoval i na technickou podporu https://support.microsoftsecurityessentials.com/Default.aspx?scrx=1&st=1&wfxredirect=1

     

    • Označen jako odpověď IJK_Principle pondělí 16. května 2011 14:02
    neděle 15. května 2011 15:38
    Moderátor
  • Zapnul jsem desktop a taky mám msseces.exe jako potomka explorer.exe

    Co by to mohlo znamenat, že na notebooku je to jinak?

    Na desktopu je msmpeng.exe potomek services.exe

    pondělí 16. května 2011 14:01
  • Děkuji za odpověď, o ten čistý start se pokusím, až budu mít trochu více času. Určitě je toto dobrý způsob, jak přijít na to, která služba tento můj problém způsobuje.
    pondělí 16. května 2011 14:03