Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga

anonymousexd 21 Lut 2017 21:42 693 4
  • #1 21 Lut 2017 21:42
    anonymousexd
    Poziom 24  

    Witam.
    Proszę o pomoc z bardzo zawirusowanym laptopem, z tego co wiem laptop jest już po próbach odratowania z pomocą MBAM i Adwcleaner ale to nie pomogło.
    Zdjęcia z objawów problemów i skanów:
    Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga




    Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga
    Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga
    Skany z FRST w załączniku.
    Z góry dziękuję za pomoc.

    0 4
  • Pomocny post
    #2 21 Lut 2017 21:58
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome, skrypt usunie katalogi profili przegladarki.

    Sam utworzyles te katalogi:
    2017-02-21 21:21 - 2017-02-21 21:21 - 00000000 ____D C:\Users\Dell\Desktop\ControlerLearn
    2017-02-21 21:21 - 2017-02-21 21:21 - 00000000 ____D C:\Users\Dell\Desktop\BallShoot
    Jezeli nie, to tez usun.

    Odinstaluj:
    YAC(Yet Another Cleaner!)
    McAfee Security Scan Plus
    WinSnare
    RogueKiller version 12.9.8.0

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    W trybie awaryjnym wykonaj podany Fixlist.txt dla FRST:
    CloseProcesses:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
    (HKLM-x32\...\{E78409E6-6C14-475A-A855-C23E79F5B00E}) (Version: 4.1.2 - WinSnare) <==== ATTENTION
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\ChromeHTML: -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) <==== ATTENTION
    Task: {0236521F-D01F-49A2-BC8E-A1559CD20C03} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: {3BDF9AC6-3DF2-4DC7-84F4-1FC327C6622B} - System32\Tasks\Arodupychinering Nodifier => C:\Program Files (x86)\Lomutherbagaied\zkering.exe [2017-02-19] (Glarysoft Ltd)
    Task: {5724B1CD-9F6E-4750-A9B4-5213B70EA52C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
    Task: {598E300F-A5D5-42AA-BE21-07F5E61EC47C} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: {7205470A-C9AF-4F20-8B19-50F586FB27F9} - no filepath
    Task: {749418E9-2218-4A99-9CA3-099898D3FB14} - \Milimili -> No File <==== ATTENTION
    Task: {87956BDD-2A9D-4B7A-BD02-6741AAEDA770} - System32\Tasks\{69ABA85A-8D7C-4698-9F55-D14AFA7522CB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/ru/abando...?source=lightinstaller&amp;page=tsInstall
    Task: {9609728C-F6ED-44BA-90D1-30644FD33542} - System32\Tasks\{BC8E3FC8-41EB-4115-A20A-B4EAA4F6E908} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.14.0.104/ru/abando...?source=lightinstaller&amp;page=tsInstall
    Task: {97A75163-CF22-4FE0-AD4A-C928A4EAE45F} - System32\Tasks\{E02DB7A6-1AA9-43C1-AD50-038D0F0761CB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/ru/abando...?source=lightinstaller&amp;page=tsInstall
    Task: {A66C072B-6430-49F0-B958-8769A0182FE7} - \Plsesh Community -> No File <==== ATTENTION
    Task: {DBBE9766-7DB5-4377-96FD-753181CB5C74} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
    Task: {DEA0A343-8E67-4923-ADB3-3877D63C9F74} - System32\Tasks\{2AF5346A-E153-4C09-8949-A3E77A2D78C5} => pcalua.exe -a "C:\Users\Dell\Desktop\Turbo
    Task: {FAA375A3-C3A2-4A73-886C-42A3C2291CB4} - System32\Tasks\{09F8798F-93AB-4B2E-94E5-5E984CA84159} => Chrome.exe hxxps://ui.skype.com/ui/0/7.31.0.104/ru/abandoninstall?page=tsProgressBar
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk
    C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk
    C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk
    Shortcut: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
    Shortcut: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dell\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dell\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dell\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dell\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    Hosts:
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {308861c0-618e-11e4-8179-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {60e6021c-c385-11e3-b2ea-bc77376660bf} - G:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {9b32f086-ecb5-11e4-977b-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {b760a415-071c-11e4-b58e-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {bfff7111-c920-11e3-ac5c-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {c2bc03b5-3e1e-11e4-bf4b-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-21-1317842153-3577692074-3430689424-1000\...\MountPoints2: {c2bc03c3-3e1e-11e4-bf4b-bc77376660bf} - F:\AutoRun.exe
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\ahwq7cx4: C:\Program Files (x86)\Arodupychinering Nodifier\local64spl.dll [307712 2017-02-19] ()
    ShellExecuteHooks: No Name - {D4385D50-F441-11E6-BA98-64006A5CFC23} - C:\Program Files (x86)\Lomutherbagaied\Stergalycuvoent.dll [145408 2017-02-19] ()
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction - Windows Defender <======= ATTENTION
    GroupPolicy\User: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1317842153-3577692074-3430689424-1000 -> DefaultScope 0BF151DB25481CA0A4AF7751D814F465 URL = hxxps://yandex.ru/search/?win=231&clid=2255395-217&text={searchTerms}
    SearchScopes: HKU\S-1-5-21-1317842153-3577692074-3430689424-1000 -> 0BF151DB25481CA0A4AF7751D814F465 URL = hxxps://yandex.ru/search/?win=231&clid=2255395-217&text={searchTerms}
    FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ahwq7cx4.xml [2017-02-19]
    FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-104602.xml [2016-05-31]
    CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-20] <==== ATTENTION
    C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-18]
    CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-02-19] <==== ATTENTION
    C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb [2016-05-28]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ehfjihahbphdpljpiadbkmgmhnfehhgi [2016-05-28]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mofelbkemhligelpmjmohgphhmogbkni [2016-11-30]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2016-05-28]
    CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneggodalbcmgdkkfhbhbicbbahnacjb [2016-05-28]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-06-10]
    CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-02-21]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-18]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-05]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-05]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kcknbenjnkkjknphmnidanjifbgphjke [2016-05-21]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mofelbkemhligelpmjmohgphhmogbkni [2016-11-30]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-05]
    CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-19]
    CHR Extension: (No Name) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-18]
    CHR HKLM-x32\...\Chrome\Extension: [cpegcopcfajiiibidlaelhjjblpefbjk] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Quick Searcher) - C:\Users\Dell\AppData\Roaming\Opera Software\Opera Stable\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-18]
    OPR Extension: (Teddy Protection) - C:\Users\Dell\AppData\Roaming\Opera Software\Opera Stable\Extensions\mofelbkemhligelpmjmohgphhmogbkni [2016-11-30]
    OPR Extension: (Web assistant) - C:\Users\Dell\AppData\Roaming\Opera Software\Opera Stable\Extensions\onnpamhldelphfpbjneadljcchmcbomn [2016-04-02]
    S2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111616 2017-02-21] ()
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    S2 themctrl; C:\Windows\SysWOW64\themctrl.dll [362496 2014-03-04] ()
    S2 wbiosrvp; C:\Windows\SysWOW64\wbiosrvp.dll [290304 2014-03-04] ()
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
    S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-08-11] (REALiX(tm))
    S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-21] ()
    S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 TcHardWare; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCHW-x64.sys [X]
    2017-02-21 21:46 - 2017-02-21 21:56 - 00396662 _____ C:\Windows\ntbtlog.txt
    2017-02-21 21:21 - 2017-02-21 21:21 - 00000000 ____D C:\Program Files\¿ìѹ
    2017-02-21 21:15 - 2017-02-21 21:15 - 00000000 _____ C:\Users\Dell\AppData\Local\{AD8818E2-0682-4853-8735-785DFB31EDC1}
    2017-02-21 20:05 - 2017-02-21 20:05 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Elex-tech
    2017-02-21 20:05 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2017-02-21 19:48 - 2017-02-21 21:05 - 00000294 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-21 19:48 - 2017-02-21 19:48 - 00002580 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-02-21 19:11 - 2017-02-21 19:11 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-02-21 19:09 - 2017-02-21 19:09 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-02-21 19:09 - 2017-02-21 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-02-21 19:09 - 2017-02-21 19:09 - 00000000 ____D C:\Program Files\RogueKiller
    2017-02-21 19:07 - 2017-02-21 19:07 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-02-21 18:48 - 2017-02-21 19:48 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-21 17:54 - 2017-02-21 22:05 - 00015058 _____ C:\Program Files (x86)\metadata
    2017-02-21 17:54 - 2017-02-21 22:05 - 00000000 ____D C:\Program Files (x86)\reports
    2017-02-21 17:54 - 2017-02-21 21:58 - 00000040 _____ C:\Program Files (x86)\settings.dat
    2017-02-21 17:52 - 2017-02-21 17:52 - 00000007 _____ C:\Windows\SysWOW64\825A.tmp
    2017-02-21 17:52 - 2017-02-21 17:52 - 00000000 ____D C:\Users\Dell\AppData\Local\Fishjane
    2017-02-21 17:51 - 2017-02-21 17:51 - 00000000 ____D C:\Program Files (x86)\Fishjane
    2017-02-21 17:51 - 2017-02-21 17:51 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-02-21 17:51 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2017-02-20 21:42 - 2017-02-20 21:42 - 00000000 ____D C:\Program Files\ahwq7cx4
    2017-02-20 15:06 - 2017-02-20 15:06 - 02030360 _____ (Adobe Systems Incorporated) C:\Users\Dell\Downloads\Photoshop_Set-Up (2).exe
    2017-02-20 14:53 - 2017-02-20 14:53 - 02030360 _____ (Adobe Systems Incorporated) C:\Users\Dell\Downloads\Photoshop_Set-Up (1).exe
    2017-02-20 12:02 - 2017-02-21 18:00 - 00000000 ____D C:\AdwCleaner
    2017-02-20 09:52 - 2017-02-20 09:54 - 00000000 _____ C:\Users\Dell\AppData\Local\{5C3D2FB0-1BD9-4812-8113-BE1496D72EB0}
    2017-02-20 09:16 - 2017-02-20 09:16 - 00000000 ____H C:\Users\Dell\AppData\Local\BITAE8A.tmp
    2017-02-20 09:16 - 2017-02-20 09:16 - 00000000 ____H C:\Users\Dell\AppData\Local\BIT81BF.tmp
    2017-02-20 09:16 - 2017-02-20 09:16 - 00000000 _____ C:\Users\Dell\AppData\Local\{8E9B4E13-3361-4846-86F4-13B9F4AE8ED7}
    2017-02-20 09:15 - 2017-02-20 09:16 - 00000000 _____ C:\Users\Dell\AppData\Local\{E0410F34-7B93-4865-9866-42FCD343060F}
    2017-02-20 09:15 - 2017-02-20 09:15 - 00000000 _____ C:\Users\Dell\AppData\Local\{49F3C251-F7C9-455D-8C44-D00FBA4A6A96}
    2017-02-19 23:57 - 2017-02-20 00:09 - 00003426 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-02-19 23:57 - 2017-02-20 00:09 - 00000454 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-19 23:56 - 2017-02-21 20:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-19 23:54 - 2017-02-19 23:54 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Therqoyqirugh
    2017-02-19 23:39 - 2017-02-21 20:51 - 00000000 ____D C:\Users\Dell\AppData\Roaming\{97a-bc-04-d6416-bb344-0fda-7a832}
    2017-02-19 23:34 - 2017-02-19 23:34 - 00006062 _____ C:\Windows\System32\Tasks\Arodupychinering Nodifier
    2017-02-19 23:34 - 2017-02-19 23:34 - 00000000 ____D C:\Program Files (x86)\Arodupychinering Nodifier
    2017-02-19 23:34 - 2017-02-19 23:34 - 00000000 _____ C:\TOSTACK
    2017-02-19 23:33 - 2017-02-20 21:42 - 00000000 ____D C:\Program Files (x86)\Lomutherbagaied
    2017-02-19 23:33 - 2017-02-19 23:35 - 00000000 ____D C:\Users\Dell\AppData\Local\Wzerry
    2017-02-19 23:27 - 2017-02-19 23:27 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-02-19 23:27 - 2017-02-19 23:27 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-02-19 23:17 - 2017-02-19 23:20 - 00385889 _____ C:\Users\Dell\Downloads\Adobe CS5 Extended Crack (Activated).zip
    2017-02-21 17:54 - 2017-02-21 22:05 - 0015058 _____ () C:\Program Files (x86)\metadata
    2017-02-21 17:54 - 2017-02-21 21:58 - 0000040 _____ () C:\Program Files (x86)\settings.dat
    2017-02-20 09:16 - 2017-02-20 09:16 - 0000000 ____H () C:\Users\Dell\AppData\Local\BIT81BF.tmp
    2016-07-17 13:02 - 2016-07-17 13:02 - 0000000 ____H () C:\Users\Dell\AppData\Local\BITA553.tmp
    2017-02-20 09:16 - 2017-02-20 09:16 - 0000000 ____H () C:\Users\Dell\AppData\Local\BITAE8A.tmp
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Odinstaluj tez:
    Online.io Application
    Traffic Exchange
    Beda widoczne dopiero po wykonaniu skryptu.

    0
  • #3 22 Lut 2017 17:59
    anonymousexd
    Poziom 24  

    Dalej 1.5GB RAM zajmuje svchost.exe

    Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga

    Udało się odinstalować jedynie ten program "RogueKiller version 12.9.8.0 "
    Były takie problemy:
    Windows7 - svchost.exe zajmuje pamięć, MBAM i Adwcleaner nie pomaga

    Po wykonaniu skryptu komputer przeskanowano ponownie, oto logi:

    0
  • #4 22 Lut 2017 18:33
    rafal131313
    Poziom 25  

    Witam

    Wypadało by odinstalować co zbędne i wyczyścić - wczoraj też czyściłem po jednym programie:)
    Wiadomo CCleaner powywalałem śmieci a potem adwcleaner_6.043 + Malwarebytes

    Co do svchost.exe może to pomoże ale zajmie to sporo czasu (można poczytać komentarze co zadziałało u innych)
    http://www.instalki.pl/demonstracje/systemowe/20679-svchost-naprawa.html

    0
  • #5 22 Lut 2017 19:27
    Kolobos
    Spec od komputerów

    Odinstaluj:
    YAC(Yet Another Cleaner!)
    Online.io Application
    Traffic Exchange
    WinSnare

    To juz tylko puste wpisy, powinny sie usunac.

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    Shortcut: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    (Google Inc.) C:\FRST\Quarantine\C\Program Files (x86)\Fishjane\Application\chrome.exe
    2017-02-22 18:25 - 2017-02-22 18:50 - 00004818 _____ C:\Program Files (x86)\metadata
    2017-02-22 18:25 - 2017-02-22 18:50 - 00000000 ____D C:\Program Files (x86)\reports
    2017-02-22 18:25 - 2017-02-22 18:25 - 00000040 _____ C:\Program Files (x86)\settings.dat
    2017-02-22 18:25 - 2017-02-22 18:25 - 00000000 ____D C:\Users\Dell\AppData\Local\Fishjane
    2017-02-22 18:02 - 2017-02-22 18:02 - 00000000 ____D C:\Users\Dell\Desktop\FRST-OlderVersion
    2017-02-22 17:12 - 2017-02-22 17:12 - 00658432 _____ C:\Users\Dell\Downloads\RemoveMcAfee_silent (2).exe
    2017-02-22 17:02 - 2017-02-22 17:02 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-02-22 17:00 - 2017-02-22 17:00 - 00658432 _____ C:\Users\Dell\Downloads\RemoveMcAfee_silent (1).exe
    2017-02-22 16:11 - 2017-02-22 16:24 - 00658432 _____ C:\Users\Dell\Downloads\RemoveMcAfee_silent.exe
    EmptyTemp:
    DeleteQuarantine:


    Problem z svchost to typowa usterka Windows 7, masz zepsuty Windows Update (mozesz sprawdzic w panelu sterownia).

    Zatrzymaj usluge Windows Update w services.msc i zainstaluj aktualizacje podane tutaj:
    http://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates

    0