Witam,
Ostatnio zużycie procesora przez svchost.exe wzrosło mi do 50-100% i komp chodzi bardzo wolno. Prosiłbym o sprawdzenie logów z HijackThis.
Link: http://wklej.org/id/270856/
Pzdr
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny.
Pozdrawiam Gutek
Pokaż log z: OTL
Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :
Klikasz Run Scan. - otl-gmer-rsit-dds-inne-instrukcje-t370405.html
Przeskanuj ten plik:
Na VirusTotal lub Jotti i podaj wyniki skanowania.
W białe dolne okno Custom Scans/Fixes w OTL wklej:
Run Fix. Restart, jeśli będzie potrzebny.
Potem log z usuwania oraz nowy log robiony opcją Run Scan.
Wyniki skanowania pliku z VirusTotal:
MD5: a4c747eb11ee038c42833fdd8044f95a
First received: 2009.06.18 10:14:44 UTC
Data: 2009.09.11 21:37:45 UTC [>140D]
Wyniki: 0/41
Permalink: analisis/4483852d730eeac62bc5be39c9c2524aa24c0ed5b94dcdd55b5f4ab9dbe138ca-1252705065
Log usuwania z OTL:
All processes killed
========== OTL ==========
Service SVPNStarter stopped successfully!
Service SVPNStarter deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://www.ask.com?o=14978&l=dis" removed from browser.startup.homepage
C:\Documents and Settings\Dawid\Dane aplikacji\Mozilla\Firefox\Profiles\1vejj6sa.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Documents and Settings\Dawid\Menu Start\Programy\Autostart\wwwpos32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRLcDVO\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^Dawid^Menu Start^Programy^Autostart^21018101.exe\ deleted successfully.
C:\WINDOWS\pss\21018101.exeStartup moved successfully.
C:\Documents and Settings\LocalService\Dane aplikacji\anvkgp.dat moved successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.
C:\Documents and Settings\NetworkService\Dane aplikacji\anvkgp.dat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dawid
->Temp folder emptied: 119958948 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48138168 bytes
->Opera cache emptied: 193789780 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2135952 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 347,00 mb
OTL by OldTimer - Version 3.1.27.0 log created on 01302010_172604
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nowy log:
W takim razie w logach czysto.
W OTL kliknij CleanUp.
Wyłącz i włącz Przywracanie Systemu na wszystkich dyskach. Instrukcja XP
Wykonaj pełny skan Dr.Web CureIt.
Gdy będą wirusy, pokaż raport.
Wyczyść rejestr i dysk CCleaner oraz wyłącz nim zbędniki z autostartu (Narzędzia -> Autostart).