Wojtek1992
Nowy
Liczba postów: 3
|
RE: Proces scvhost.exe pożera dużą część RAMu
Na własną rękę przeprowadziłem skan programem skanowanie Malwarybtes Anti-Malware oraz ADWcleaner i oto wyniki
ADWcleaner
Kod:
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 12: 57: 02
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Wojtek - JAN-KOMPUTER
# Running from : C: \Users\Wojtek\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C: \ProgramData\Babylon
Folder Deleted : C: \ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Deleted : C: \Program Files (x86)\SimilarSites
Folder Deleted : C: \Program Files (x86)\DriverToolkit
Folder Deleted : C: \Users\Wojtek\AppData\Local\DriverToolkit
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\Babylon
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\eIntaller
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\download Manager
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\WebSiteRecommendation@weliketheweb.com
File Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\invalidprefs.js
File Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24E0EC68-31FD-4A47-9793-33B27C4FBEB1}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;192.168.*.*
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 pl)
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.id", "f24f50bf0000000000008e55f9aab799");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15556");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp: //www.google.com/search?babsrc=TB_ggl&q=");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116: 17: 15");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4807 bytes] - [01/03/2015 12: 50: 49]
AdwCleaner[S0].txt - [4756 bytes] - [01/03/2015 12: 57: 02]
########## EOF - C: \AdwCleaner\AdwCleaner[S0].txt - [4815 bytes] ##########
Malwarebytes Anti-Malware
Kod:
Malwarebytes Anti-Malware
www.malwarebytes.org
Data skanu: 2015-03-01
Czas skanu: 11: 38: 52
Raport: malwar.txt
Administrator: Tak
Wersja: 2.00.4.1028
Baza danych malware: v2015.03.01.01
Baza danych rootkitów: v2015.02.25.01
Licencja: Trial
Ochrona przeciw malware: Włączony
Ochrona przeciw szkodliwymi stronami: Włączony
Samoobrony: Wyłączony
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Wojtek
Typ skanu: Skanowanie w poszukiwaniu zagrożeń
Wynik: Zakończono
Objekty zeskanowane: 405898
Minęło: 34 min, 39 s
Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PNP: Włączony
PNM: Włączony
Procesy: 0
(Nie wykryto groźnych)
Moduły: 0
(Nie wykryto groźnych)
Klucze rejestru: 5
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, , [63f2390795f5c2747d43a66ad92a13ed],
PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, , [a4b196aaadddd5617d3bd6548f74fc04],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [381dda668ffb40f6c36383260af93ec2],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [fc5948f899f1ef47cc588180dc29639d],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3135873756-1747778033-1847798441-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [b5a01c245b2f1026192143c0e1249967],
Wartości rejestru: 0
(Nie wykryto groźnych)
Dane rejestru: 0
(Nie wykryto groźnych)
Foldery: 1
PUP.Optional.SimilarSites.A, C: \Users\Wojtek\AppData\Roaming\SimilarSites, , [163fb38df5951323e3f7e484e71c31cf],
Pliki: 36
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (user_pref("extensions.BabylonToolbar.admin", false);), ,[e273f54b75151a1ce7579d74df27f709]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ferences
/* Do not edit this file.
*
* If you m), ,[89ccfc441872f34344fa30e133d3ec14]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you ma), ,[f560053b5535d75f4cf2f31e10f61ce4]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (erences
/* Do not edit this file.
*
* If you ma), ,[da7b30100189f3439ea090817294de22]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to this file w), ,[d58081bf464456e06cd26da4a85e51af]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: ( this file.
*
* If you make changes to this file whil), ,[0253ec544f3b2115142ac64be521fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make ch), ,[93c2d56be6a43501241aa76a0ef8936d]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ences
/* Do not edit this file.
*
* If you make changes ), ,[7cd91828f793b482d86644cde71ff010]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (
/* Do not edit this file.
*
* If you make changes to ), ,[f560dc64d7b3053197a769a83accc63a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (es
/* Do not edit this file.
*
* If you make ch), ,[e2739da32466270f43fbd14013f37c84]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application i), ,[b0a5e957eaa05fd73b03d43d0ff707f9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: ( you make changes to this file while the application is ), ,[c19476ca44463cfad76770a1eb1b8f71]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (nces
/* Do not edit this file.
*
* If you make cha), ,[fa5b0c34018944f2300e2be6f41254ac]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make), ,[124350f0a9e185b1a39be22fe12506fa]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ferences
/* Do not edit this file.
*
* If you make changes to this file while the), ,[94c1152bef9bfa3cfb4346cb10f6847c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (.
*
* If you make changes to this file while the appl), ,[86cf8fb190fa8bab83bbad6453b3867a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make c), ,[460f103008822d09ac924cc57c8a6f91]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to t), ,[064f66da9bef8caa58e66fa2ef17fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");), ,[a0b56fd141494ceacf0da56bd23421df]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ID=113543&tt=010812_nich_3112_1");
user_pref("exten), ,[c194340c9af003334399f9179076ce32]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ons.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[0b4a8bb51d6d6acc6775848c58ae7987]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
user_pref("extensions.BabylonT), ,[d283e7595832f93db92341cf749234cc]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (=010812_nich_3112_1");
user_pref("extensions.BabylonToolbar_i.babExt", "");
), ,[b4a1ba861b6f0b2b29b327e96e9839c7]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ack", "affID=113543&tt=010812_nich_3112_1");
user_pref("), ,[d38276cad8b273c3dffd35dbae585da3]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[c09553ed6228db5b11cb3bd514f212ee]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[86cfc878d5b553e31ac2c14fad5947b9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
u), ,[193cf0509eecc472f5e76fa17d89ea16]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
us), ,[0055c779fc8e989ec517c050be487f81]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (bylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1")), ,[5df8e15f543642f4defede320ff7ad53]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (Toolbar_i.babTrack", "affID=113543&tt=010812_nich_3112), ,[e96cde62afdb94a2c01c3ad6ea1c1fe1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[a5b0cf71573357df2fad15fb23e30ff1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[490c90b067237fb713c95db3d036946c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_n), ,[58fde35d96f49e98b12b0f019670d729]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_), ,[a9ace25ee1a9c37319c3a56b8e78ab55]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ns.BabylonToolbar_i.babTrack", "affID=113543&tt=010812), ,[fb5ad7691674c76f2bb1ce428e78dc24]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[411491afe9a13df9f7e59a76986eae52]
Sektory fizyczne: 0
(Nie wykryto groźnych)
(end)
Notatka została dodana 01.03.2015 14:00 . Ostatnia edycja dokonana 01.03.2015 14:00 przez beabea:
Zamiast cytatów ujmuj wyniki skanowania w znaczniki "code". Poprawiłam.
|
Post: #2
