Author Topic: [Split][Proc.Svchost]  (Read 11854 times)

0 Members and 2 Guests are viewing this topic.

December 14, 2015, 10:37:52 PM

roshak

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
[Split][Proc.Svchost]
« on: December 14, 2015, 10:37:52 PM »
RogueKiller V11.0.3.0 (x64) [Dec 14 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : () [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/14/2015 22:00:41

¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe(5180) -- C:\Windows\System32\svchost.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 1 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> ERROR [2]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> ERROR [3]
[PUP][File] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
--- User ---
[MBR] 6b1343ac4b8cc445be9a23efb6f184bb
[BSP] 32a1902de6527ec86a46e600c5cba02b : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 910197 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1868976128 | Size: 350 MB
6 - Basic data partition | Offset (sectors): 1869692928 | Size: 25600 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1922121728 | Size: 15333 MB
User = LL1 ... OK
User = LL2 ... OK

Reply #1December 14, 2015, 10:49:27 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #1 on: December 14, 2015, 10:49:27 PM »
Hi roshak,

I've splitted your post in a new thread. Your problem is not an injection.
Please attach RogueKiller JSON report in your next reply.

Regards.

Reply #2December 14, 2015, 11:06:06 PM

roshak

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #2 on: December 14, 2015, 11:06:06 PM »
Here's the json report, thank you for the reply

Reply #3December 14, 2015, 11:21:44 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #3 on: December 14, 2015, 11:21:44 PM »
Hi roshak,

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Reply #4December 14, 2015, 11:45:33 PM

roshak

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #4 on: December 14, 2015, 11:45:33 PM »
Here are the files. Sorry for the delay but i wasn't logged in

Reply #5December 15, 2015, 12:11:27 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #5 on: December 15, 2015, 12:11:27 AM »
Hi roshak,

Your system seems to be damaged in some ways.
Do BSODs occur regularly ?

Do you know this program ?
Quote
C:\Users\Leke Qirezi\Downloads\x6epqj3t.exe

Regards.

Reply #6December 15, 2015, 12:20:22 AM

roshak

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #6 on: December 15, 2015, 12:20:22 AM »
yes i downloaded it today, like 30 minutes ago.It restarted my pc without my permition, this is it's url       http://www.gmer.net/
but now i deleted it.
other than that is my system safe?
thank you

Reply #7December 15, 2015, 12:22:51 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #7 on: December 15, 2015, 12:22:51 AM »
Hi roshak,

Gmer is legit.
Taking apart the instabilities, your system is safe.

Regards.

Reply #8December 15, 2015, 12:35:46 AM

roshak

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #8 on: December 15, 2015, 12:35:46 AM »
What kind of instabilities, and is there any way to turn these instabilities into sustainability.
Thank you for your time.

Reply #9December 15, 2015, 11:27:08 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: [Split][Proc.Svchost]
« Reply #9 on: December 15, 2015, 11:27:08 PM »
Hi roshak,

It seems Windows Update is not working properly :
Quote
Error: (12/14/2015 11:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: wuaueng.dll, version: 10.0.10240.16515, time stamp: 0x55fa55bd

A BSOD seems to have occured yesterday:
Quote
2015-12-14 23:26 - 2015-12-14 23:26 - 860276998 _____ C:\WINDOWS\MEMORY.DMP
2015-12-14 23:26 - 2015-12-14 23:26 - 00366696 _____ C:\WINDOWS\Minidump\121415-31359-01.dmp

A system repair may solve this.

Regards.