R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [oozeplus] "C:\ProgramData\NounWaveWave.0nv6op"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9877 bytes

อันนี้จากโปรแกรม AutoRuns

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ avast! avast! service GUI component ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe
+ iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe
+ MaxMenuMgr FreeAgent? Launcher Seagate LLC c:\program files\seagate\seagatemanager\freeagent status\stxmenumgr.exe
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ oozeplus c:\programdata\nounwavewave.4l91b
+ QuickTime Task QuickTime Task Apple Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ SpybotSD TeaTimer System settings protector Safer-Networking Ltd. c:\program files\spybot - search & destroy\teatimer.exe
+ uTorrent ?Torrent BitTorrent, Inc. c:\program files\utorrent\utorrent.exe
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ Cover Designer Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredextension.dll
+ PowerISO PowerISOShell DLL PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software c:\program files\tuneup utilities 2009\sdshelex-win32.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ PowerISO PowerISOShell DLL PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ TuneUp Disk Space Explorer Shell Extension TuneUp Disk Space Explorer Shell Extension TuneUp Software c:\program files\tuneup utilities 2009\dseshext-x86.dll
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software c:\program files\tuneup utilities 2009\sdshelex-win32.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll
+ PowerISO PowerISOShell DLL PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ avast avast! Shell Extension ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ NeroCoverEd Live Icons Cover Designer Nero AG c:\program files\nero\nero 9\nero coverdesigner\coveredextension.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ PowerISO PowerISOShell DLL PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ TuneUp Disk Space Explorer Shell Extension TuneUp Disk Space Explorer Shell Extension TuneUp Software c:\program files\tuneup utilities 2009\dseshext-x86.dll
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software c:\program files\tuneup utilities 2009\sdshelex-win32.dll
+ TuneUp Theme Extension TuneUp Theme Extension TuneUp Software c:\windows\system32\uxtuneup.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
+ Java(tm) Plug-In 2 SSV Helper Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll
+ Spybot-S&D IE Protection SBSD IE Protection Safer Networking Limited c:\program files\spybot - search & destroy\sdhelper.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ \1-Click Maintenance TuneUp 1-Klick-Starter TuneUp Software GmbH c:\program files\tuneup utilities 2009\oneclickstarter.exe
+ \Apple\AppleSoftwareUpdate Apple Software Update Apple Inc. c:\program files\apple software update\softwareupdate.exe
+ \Google Updater and Installer Google Installer Google Inc. c:\users\admin\appdata\local\google\update\googleupdate.exe
+ \GoogleUpdateTaskMachine Google Installer Google Inc. c:\program files\google\update\googleupdate.exe
+ \GoogleUpdateTaskUserS-1-5-21-3435151906-3800893470-2255208024-1000 Google Installer Google Inc. c:\users\admin\appdata\local\google\update\googleupdate.exe
+ \Microsoft\Windows\Wired\GatherWiredInfo c:\windows\system32\gatherwiredinfo.vbs
+ \Microsoft\Windows\Wireless\GatherWirelessInfo c:\windows\system32\gatherwirelessinfo.vbs
HKLM\System\CurrentControlSet\Services
+ aswUpdSv Provides automatic updating for the avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe
+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. ALWIL Software c:\program files\alwil software\avast4\ashserv.exe
+ avast! Mail Scanner Implements mail scanning for avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\ashmaisv.exe
+ avast! Web Scanner Implements web (HTTP) scanning for avast! antivirus. ALWIL Software c:\program files\alwil software\avast4\ashwebsv.exe
+ FreeAgentGoNext Service Seagate Service Seagate Technology LLC c:\program files\seagate\seagatemanager\sync\freeagentservice.exe
+ iPod Service iPod hardware management services Apple Inc. c:\program files\ipod\bin\ipodservice.exe

+ nvsvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvvsvc.exe
+ PDAgent This service controls PerfectDisk's scheduling and remote communication. Raxco Software, Inc. c:\program files\raxco\perfectdisk10\pdagent.exe
+ PDEngine PerfectDisk's defrag engine Raxco Software, Inc. c:\program files\raxco\perfectdisk10\pdengine.exe
+ SBSDWSCService Spybot-S&D Security Center integration Safer Networking Ltd. c:\program files\spybot - search & destroy\sdwinsec.exe
+ StarWindServiceAE Enables network access to local burners via iSCSI protocol. Rocket Division Software c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
+ UxTuneUp Allows to use visual styles without Microsoft signature. TuneUp Software c:\windows\system32\uxtuneup.dll
+ XAudioService User-mode gate for Modem Speakerphone Conexant Systems, Inc. c:\windows\system32\drivers\xaudio.exe
HKLM\System\CurrentControlSet\Services
+ 3xHybrid ASUSTek SAA713x BDA Capture Driver ASUSTeK Computer Inc. c:\windows\system32\drivers\3xhybrid.sys
+ aswFsBlk avast! mini-filter driver (aswFsBlk) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys
+ aswMonFlt avast! mini-filter driver (aswMonFlt) ALWIL Software c:\windows\system32\drivers\aswmonflt.sys
+ aswRdr avast! TDI RDR Driver ALWIL Software c:\windows\system32\drivers\aswrdr.sys
+ aswSP avast! self protection module ALWIL Software c:\windows\system32\drivers\aswsp.sys
+ aswTdi avast! TDI Filter Driver ALWIL Software c:\windows\system32\drivers\aswtdi.sys
+ BrFiltLo Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltlo.sys
+ BrFiltUp Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltup.sys
+ BrUsbSer Brother USB Serial Driver Brother Industries Ltd. c:\windows\system32\drivers\brusbser.sys
+ CAMTHWDM c:\windows\system32\drivers\camthwdm.sys
+ DefragFS Defragmentation Support Driver Raxco Software, Inc. c:\windows\system32\drivers\defragfs.sys
+ E1G60 Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation c:\windows\system32\drivers\e1g60i32.sys
+ GEARAspiWDM CD DVD Filter GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ HSF_DP HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsx_dp.sys
+ HSXHWBS2 HSF_HWB2 WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsxhwbs2.sys
+ IntcAzAudAddService File not found: system32\drivers\RTKVHDA.sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
+ mdmxsdk Diagnostic Interface x86 Driver Conexant c:\windows\system32\drivers\mdmxsdk.sys
+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
+ nvlddmkm NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 182.50 NVIDIA Corporation c:\windows\system32\drivers\nvlddmkm.sys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
+ Ph3xIB32 Philips 713x Inbox BDA Capture Driver Philips Semiconductors GmbH c:\windows\system32\drivers\ph3xib32.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ RTL8169 Realtek 8101E/8168/8169 NDIS6 32-bit Driver Realtek Corporation c:\windows\system32\drivers\rtlh86.sys
+ SCDEmu PowerISO Virtual Drive PowerISO Computing, Inc. c:\windows\system32\drivers\scdemu.sys
+ secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ SNPSTD3 USB PC Camera driver Sonix Co. Ltd. c:\windows\system32\drivers\snpstd3.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ VST_DPV HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\vstdpv3.sys
+ VSTHWBS2 HSF_HWB2 WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\vstbs23.sys
+ winachsf HSF_CNXT driver Conexant Systems, Inc. c:\windows\system32\drivers\hsx_cnxt.sys
+ XAudio Modem Audio Device Driver Conexant Systems, Inc. c:\windows\system32\drivers\xaudio.sys
+ {B154377D-700F-42cc-9474-23858FBDF4BD} CyberLink Corp. c:\program files\cyberlink\powerdvd9\000.fcl
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ PDBoot.exe PerfectDisk Boot Time Defragmentation Raxco Software, Inc. c:\windows\system32\pdboot.exe
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider Apple Inc. c:\program files\bonjour\mdnsnsp.dll

อีกคำถามครับ

มี svchost.exe รันอยู่ 13 ตัว มันเป็นอาการปกติหรือเปล่าครับ
ผมเช็กดูแล้ว ว่าชื่อ svchost.exe นี้แน่นอน ไม่มีแปลกปลอม

มีตัวนึงกินเม็มไปราวๆ 70,000K

ไม่ทราบว่าคอมผมปกติหรือเปล่า...ใช้วินโดวส์วิสต้า อัลติเมท

ท่านลอง scan กับ hijack เเล้วใช่ไหมครับ

ผมว่าเจ้า svchost.exe ปกตินะครับ เพราะมันเป็นตัวจัดการ service หลายอย่างหลายประเภทภายใน os มีทั้ง system,network,local แล้ว service ก็มีแบบท่ใช้ร่วมกันได้ และไม่ได้ จึงไม่แปลก ที่ svchost.exe จะโดนเรียกขึ้นมาหลายตัว ผมใช้ windows 7 เจ้า svchost.exe ก็โดนเรียกไป 16 ตัวเช่นกัน

svchost.exe มันเป็น service ไม่ใช่หรอครับ มันต้องรันอยู่แล้ว