problem se svchost . snizuje vykon a pristup k pameti .W8

[tomsh]

Dobrý den

asi před 6 hodinami mi začal nootebook vydávat hlučný výkon...když se podíval do správce úloh tak zde mam nekolik Hostitelů služeb : Místní disk (omezená síť) (6) kteří mi ubírají z výkonu pc....po 5 hodinách bádání a procházení google stránek jsem ničeho nedocílil a nyní kompletne v basic formě čistit pc programem Spyware Antispyware.
Po stažení Process Exploreru jsem zjistil kde všude a s jakýi aplikacemi svchost pracuje a je to neuvěřitelný stro čnící ze System/wininit.exe/services.exe/svchost.exe............a pak strom.....................

už nevím co notebook je nově koupený s Windows 8 (HP)

Mnohokrat dekuji a ocenuji jakoukoliv pomoc a příspěvek

[Rudy]

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

[tomsh]

Děkuji mnohokrát za odpověď výsledek je zde.....

[Rudy]

Logy by měly být 2. Kde je ten druhý?

[tomsh]

myslíte tento???

[Rudy]

Ano, to je on.

Otevřte poznámkový blok a zkopírujte do něj:

Start
() C:\Windows\Temp\svchost.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM - {F0422BA8-3C73-482A-8206-C92A15A296EB} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM-x32 - {F0422BA8-3C73-482A-8206-C92A15A296EB} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.my-online-search.com/?q={sea ... 3&tsp=5051
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
R0 46157410; C:\Windows\System32\drivers\92678191.sys [229984 2013-11-01] (Kaspersky Lab, GERT)
R0 96994047; C:\Windows\System32\drivers\42644370.sys [229984 2013-11-01] (Kaspersky Lab, GERT)
C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
C:\WINDOWS\86CA3695A4124BAE92B649A60C2AC663.TMP
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP
C:\Users\Tomsh\AppData\Local\Babylon
AlternateDataStreams: C:\Users\Tomsh\SkyDrive:ms-properties
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[tomsh]

po dokončení poznamkového bloku s nazvem fixlist.txt. a vloženým textem mi to hodilo hlašku :

Farbar Recovery Scan Tool
-No fixlist.txt. found.
-The fixlist.txt. should made and save in the same directory the tool is located


Minulý logy zmizely a nechapu proc mi to hazi toto když mam vše odpředtím vložené na ploše a nikde jinde

[Rudy]

Musíte fixlist uložit do stejného adresáře, jako je FRST. Jinak to nefunguje.

[tomsh]

Kde najdu tento adresář, prosím. Omlouvám se

[Rudy]

Pokud jste uložil FRST na plochu, uložte tam i fixlist. Musí být uložen jako fixlist.txt. Já nevím, do kterého adresáře jste si uložil , případně přetáhl FRST. Naposledy byl spouštěn z C:\Users\Tomsh\Desktop , což najdete v hlavičce logu. Ten adresář je plocha.

[tomsh]

na disku C jjsem si to našel vložeil jen do složky FRST....aplikace nenašla....vložil do složky logs kde sem našel ty dva předešlé logy a nenašlo......dal jsem to i do složky quarantine a nic......nwm....

[Rudy]

Když jste spouštěl FRST ke skenu, měl jste FRST na ploše:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Tomsh (administrator) on PC on 01-11-2013 21:56:36
Running from C:\Users\Tomsh\Desktop
Windows 8.1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

Takže pokud tam nyní není, přesuňte ho tam, na plochu k němu uložte fixlisit. Pak spusťte FRST a klikněte >Fix<.

[Márty84]

Omlouvam se za vstup

Jen pro ujisteni. Pojmenoval jste ten poznamkovy blok fixlist ? Nepripsal jste k tomu i to .txt? To v nazvu byt nema, to je jen koncovka, ktera rika, ze je to poznamkovy blok. Uz jsem se s tim setkal nekolikrat, ze to uzivatel pripsal do nazvu a pak to nefungovalo

Preji uspesne doreseni

[tomsh]

uz sem rto dal dohromady......nechapu....aaaaale i tam byla chyba v tom že sem to měl špatne pojmenovane.......sem idiot no......ale zde je log :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Tomsh at 2013-11-02 11:53:38 Run:1
Running from C:\Users\Tomsh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
() C:\Windows\Temp\svchost.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM - {F0422BA8-3C73-482A-8206-C92A15A296EB} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKLM-x32 - {F0422BA8-3C73-482A-8206-C92A15A296EB} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.my-online-search.com/?q={sea ... 3&tsp=5051
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
R0 46157410; C:\Windows\System32\drivers\92678191.sys [229984 2013-11-01] (Kaspersky Lab, GERT)
R0 96994047; C:\Windows\System32\drivers\42644370.sys [229984 2013-11-01] (Kaspersky Lab, GERT)
C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
C:\WINDOWS\86CA3695A4124BAE92B649A60C2AC663.TMP
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP
C:\Users\Tomsh\AppData\Local\Babylon
AlternateDataStreams: C:\Users\Tomsh\SkyDrive:ms-properties
End
*****************

[3956] C:\Windows\Temp\svchost.exe => Process closed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0422BA8-3C73-482A-8206-C92A15A296EB} => Key deleted successfully.
HKCR\CLSID\{F0422BA8-3C73-482A-8206-C92A15A296EB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F0422BA8-3C73-482A-8206-C92A15A296EB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F0422BA8-3C73-482A-8206-C92A15A296EB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
46157410 => Service deleted successfully.
96994047 => Service deleted successfully.
C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP => Moved successfully.
C:\WINDOWS\86CA3695A4124BAE92B649A60C2AC663.TMP => Moved successfully.
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => Moved successfully.
C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP => Moved successfully.
C:\Users\Tomsh\AppData\Local\Babylon => Moved successfully.
"C:\Users\Tomsh\SkyDrive" => ":ms-properties" ADS not found.


The system needs a manual reboot.

==== End of Fixlog ====

[Rudy]

2Márty84: Díky!

2Tomsh: Smazáno. Nastale nějaká změna?