svchost.exe zżera 100% procka

przez **golas123** » 02 Lis 2012, 09:47

Witam
Od paru dni mam problem z laptopem HP Pavilion DH7,system Windows 7 . W programie processexplorer zauważyłem że mam dużo svchost.exe i to one zjadają mi w 100% procka i nie da się dosłownie nic robić. Bardzo proszę o sprawdzenie logów ...

Skany :
OTL .txt

http://www.wklej.eu/index.php?id=b2010e689f

OTL extras

http://www.wklej.eu/index.php?id=348a119192

Gmerem podobno nie da się na systemach 64...?

Skanowałem jeszcze AVG i TDSSKILLER ,ale nic nie znalazły .

przez **kominekl** » 02 Lis 2012, 11:47

"Microsoft Security Client" = Microsoft Security Essentials
"HitmanPro36" = HitmanPro 3.6

Odinstaluj to oprogramowanie.

Logi.

Uruchom OTL

w oknie Własne opcje skanowania/skrypt wklej:

Kod: Zaznacz wszystko: :OTL IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0C35FDEE-1219-400D-82EC-BC9BF01A3F19} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0C35FDEE-1219-400D-82EC-BC9BF01A3F19}: \"URL\" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKLM\..\SearchScopes,DefaultScope = {0C35FDEE-1219-400D-82EC-BC9BF01A3F19} IE - HKLM\..\SearchScopes\{0C35FDEE-1219-400D-82EC-BC9BF01A3F19}: \"URL\" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\..\SearchScopes,DefaultScope = {0C35FDEE-1219-400D-82EC-BC9BF01A3F19} IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\..\SearchScopes\{0C35FDEE-1219-400D-82EC-BC9BF01A3F19}: \"URL\" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\..\SearchScopes\{E03F82F5-012A-4F85-BAB5-682A7B2DFF5B}: \"URL\" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com IE - HKU\S-1-5-21-975284082-1695124671-1698552500-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.0 FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.4375 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010-09-16 01:18:46 | 000,000,000 | ---D | M] [2011-06-28 09:45:36 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\mg\AppData\Roaming\mozilla\firefox\profiles\glwld47y.default\extensions\[email protected] O3 - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-975284082-1695124671-1698552500-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\mg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-975284082-1695124671-1698552500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) [2012-11-01 21:18:30 | 000,000,000 | -H-D | C] -- C:\$AVG [2012-11-01 21:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012-11-01 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC :Files C:\Windows\tasks\*.* :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] :Commands [emptyflash] [clearallrestorepoints] [emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z ADWCleaner (z opcji Delete)

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 + log z TDSSKiller

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 + nowe logi z OTL + log z Autoruns

otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.

przez **golas123** » 02 Lis 2012, 13:53

log z usuwania OTL

http://www.wklej.eu/index.php?id=538db834fc

log ADW cleaner

http://www.wklej.eu/index.php?id=779046ec2a

log tdsskiller

http://www.wklej.eu/index.php?id=22badc9054

log OTL.txt

http://www.wklej.eu/index.php?id=49706dca67

log extras.txt-> http://www.wklej.eu/index.php?id=a3398633f4

autoruns .arn

http://www9.zippyshare.com/v/88544611/file.html

autoruns.txt

http://www.wklej.eu/index.php?id=908a657a73

przez **mateo8898** » 07 Lis 2012, 16:39

Wrzuć screenshot z Process Explorer, jeśli da się rozwinąć gałąź z tym felernym procesem to ją rozwiń.

W Autoruns odznacz i usuń:
zakładka Logon:

rdpclip
BCSSync
HotKeysCmds
IgfxTray
Persistence
SmartMenu
SysTrayApp
Adobe ARM
Adobe Reader Speed Launcher
HP Quick Launch
Norton Online Backup
StartCCC
SunJavaUpdateSched
Microsoft Windows
LightScribe Control Panel
Microsoft Windows

zakładka Scheduled Tasks:

wszystko oprócz "\Adobe Flash Player Updater"

zakładka Services (tylko odznacz):

gusvc
LightScribeService
Microsoft SharePoint Workspace Audit Service
ose64
osppsvc
WinDefend
WMPNetworkSvc

zakładka Drivers:

WinRing0_1_2_0
Partizan

W OTL wklej:

:OTL
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found

Klikasz Wykonaj skrypt, później Sprzątanie

Przeczyść dysk oraz rejestr CCleaner

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport (po uruchomieniu odrzuć okres testowy)

Zainstaluj SP1

http://www.instalki.pl/programy/downloa ... ack_1.html

Zaktualizuj IE do najnowszej wersji (nawet jeśli go nie używasz)

http://www.instalki.pl/programy/downloa ... rer_9.html

Odinstaluj starą wersję czytnika .PDF:

Adobe Reader 9.5.1 - Polish

i zainstaluj najnowszą

http://www.instalki.pl/programy/downloa ... eader.html

Po wykonaniu wszystkich powyższych napisz, jak sytuacja.

svchost.exe zżera 100% procka

svchost.exe zżera 100% procka

Re: svchost.exe zżera 100% procka

Re: svchost.exe zżera 100% procka

Re: svchost.exe zżera 100% procka

Kto jest na forum