svchost porta al 100% l'uso della cpu [era:virus?]

**ste-95** · 27-04-2007, 07:06

ragazzi appena accendo il pc subito svchost.exe mi prende tt il processore...un viruz?

**Davide91** · 27-04-2007, 07:26

Svchost.exe è un file di sistema, ma a volte potrebbe essere anche un virus!
Fai una scansione con Avast!

**OYS** · 27-04-2007, 07:32

Prova con vundofix

**Habanero** · 27-04-2007, 10:45

ste-95 leggi il regolamento e la prossima volta scegli titoli significativi.

**ste-95** · 27-04-2007, 15:10

senza offesa davide ma avast è davvero il peggio r antivirus che esista...

oys che cosa fa vundo?

**OYS** · 27-04-2007, 15:21

Il peggior antivirus che esista mi sembra un pò troppo esagerato...

Spesso il problema dello svchost, è legato al trojan vundo.
Dopo aver fatto la scansione posta anche un log di hijackthis

**ste-95** · 27-04-2007, 15:23

ah ok sto scansionando

**ste-95** · 27-04-2007, 15:26

vundo nn ha trovato nulla posto il log

Logfile of HijackThis v1.99.1
Scan saved at 15.25.55, on 27/04/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Program Files\Windows Defender\MSASCui.exe
E:\Windows\SOUNDMAN.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Windows\ehome\ehtray.exe
E:\Program Files\K-Meleon\loader.exe
E:\Windows\system32\taskeng.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Windows\ehome\ehmsas.exe
E:\Program Files\K-Meleon\k-meleon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\eMule\emule.exe
E:\Program Files\Internet Explorer\ieuser.exe
E:\Program Files\Windows Mail\WinMail.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\ste programmi\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] E:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /F "E:\Windows\TEMP\E_S31A2.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] E:\Windows\ehome\ehTray.exe
O4 - Startup: K-Meleon Loader.lnk = E:\Program Files\K-Meleon\loader.exe
O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,E:\PRO GRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - E:\Windows\system32\klogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - E:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

**OYS** · 27-04-2007, 15:32

Fai una scansione con systemscan.
Una volta eseguita la scansione portati in C:\suspectfile e carica il file report.txt su www.sendmefile.com e scrivi il link per poterlo scaricare.
(se non riesci a scaricarlo fallo da qui)

Discussione: svchost porta al 100% l'uso della cpu [era:virus?]

Strumenti discussione

Ricerca discussione

Visualizza

virus?

Permessi di invio