Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Problem sa svchost.exe milioniti put

[es] :: Zaštita :: Problem sa svchost.exe milioniti put

Strane: 1 2

[ Pregleda: 14775 | Odgovora: 31 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

vuchko.vuchko

Član broj: 217112
Poruke: 301
*.teol.net.



+2 Profil

icon Re: Problem sa svchost.exe milioniti put22.02.2010. u 22:39 - pre 171 meseci
Nisam se previse udubljivao u ovu temu , ali sam ja problem sa tim cudom rijesio na sledeci nacin.

Control Panel -> Administrative Tools -> Services -> Automatic Updates

I u podesavanju jednostavno cekiram Disables (kao sto je na slici) i stalno stopanje mog jadnog racunara je prestalo

Prikačeni fajlovi
 
Odgovor na temu

clean_Up

Član broj: 252346
Poruke: 3
*.ze2.dlp97.bih.net.ba.



Profil

icon Re: Problem sa svchost.exe milioniti put24.02.2010. u 13:02 - pre 171 meseci
Pozz. Malo kasnim na ovu temu,drago mi je sto si rijesio problem. Prvo na com se instalira samo jedan antivirus i onda ga ubija u pojma mislim procesor ali radi. Drugo cini mi se da sam procitao gdje pise da je svchost virus A TO USTVARI nije nikakav virus. Trece postojalo je dosta jednostavnije rijesenje za taj problem REGEDIT baza i rijesio bih to za max 1min. Ako ima jos osoba da imaju isti problem neka mi se jave na PP o poslat cu im rijesenje u doc formatu, upustvo jednostavno i lako.
 
Odgovor na temu

snenad_82
Nenad Stevanovic
Niš

Član broj: 126686
Poruke: 74
109.93.197.*



Profil

icon Re: Problem sa svchost.exe milioniti put15.03.2010. u 12:26 - pre 170 meseci
Citat:
clean_Up: Pozz. Malo kasnim na ovu temu,drago mi je sto si rijesio problem. Prvo na com se instalira samo jedan antivirus i onda ga ubija u pojma mislim procesor ali radi. Drugo cini mi se da sam procitao gdje pise da je svchost virus A TO USTVARI nije nikakav virus. Trece postojalo je dosta jednostavnije rijesenje za taj problem REGEDIT baza i rijesio bih to za max 1min. Ako ima jos osoba da imaju isti problem neka mi se jave na PP o poslat cu im rijesenje u doc formatu, upustvo jednostavno i lako.


Za prvo i drugo nisi u pravu (procitaj celu temu pa ces videti zasto). Sto se tice treceg okaci resenje da ima za ubuduce, a i da ga provere ljudi koji znaju malo vise o registeri bazi.
Pozdrav
 
Odgovor na temu

mirotovorac
student
Banjaluka

Član broj: 185666
Poruke: 31
*.teol.net.



Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 09:48 - pre 147 meseci
imam slican problem malo me komp zeza tacnije startmeni mi se na trenutke vraca u prvobitnu formu startmenija win98.

Kada startam komp pojave mi se ovi problemi

http://imageshack.us/photo/my-images/444/67853999.jpg/

desava se u zadnjih 5 dana, a sada je pocelo i treca stavka da se pojavljuje

Jel postoji za mene neko drugo resenje sem combofix?

hitman je nasao neke stavke u inistalacionom fajlu veoh.exe. Mada ne znam kako je nasao nesto u intalacionom fajlu ako je skinut sa sajta cini mi se glavnog.
a to sam skidao kada sam instalirao Hotspot Shield


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 10:12:35 on 2012-02-23
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.1023.351 [GMT 1:00]
.
AV: Anti-Virus *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\HitmanPro\hmpsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 81.93.64.9 81.93.64.1
TCP: Interfaces\{3A7E5017-844B-46DF-9B60-7A36481657D2} : DhcpNameServer = 192.168.1.254 81.93.64.9 81.93.64.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z5rc9ibr.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 50517e6b0000000000000013d4c6288d
FF - user.js: extensions.BabylonToolbar_i.hardId - 50517e6b0000000000000013d4c6288d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15393
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:45:13
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-2-17 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-2-17 82872]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\wrkrn.sys --> c:\windows\system32\drivers\WRkrn.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\apps\computersecurity\hips\drivers\fshs.sys [2012-2-17 73192]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/12 13:50:04];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2012-2-12 77296]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-9-29 809736]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2012-2-12 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2012-2-12 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2012-2-12 312616]
R2 fshoster;F-Secure Dll Hoster;c:\program files\f-secure\fshoster32.exe [2011-12-14 160424]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-2-23 98120]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-22 652360]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2012-2-12 71664]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\apps\computersecurity\anti-virus\minifilter\fsgk.sys [2012-2-17 148632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WRSVC;WRSVC;"c:\program files\webroot\wrsa.exe" -service --> c:\program files\webroot\WRSA.exe [?]
S3 EverestDriver;FinalWire EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2012-2-12 27800]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-23 09:11:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-02-23 08:59:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-23 08:59:40 -------- d-----w- c:\program files\HitmanPro
2012-02-23 08:58:55 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-02-23 08:45:24 -------- d-----w- c:\documents and settings\administrator\application data\BabylonToolbar
2012-02-23 08:45:15 -------- d-----w- c:\program files\BabylonToolbar
2012-02-23 08:44:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Babylon
2012-02-23 08:44:40 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-02-23 08:44:40 -------- d-----w- c:\documents and settings\administrator\application data\Babylon
2012-02-23 08:44:23 -------- d-----w- c:\program files\JEEFORemoval Tool
2012-02-23 08:28:00 -------- d-----w- c:\documents and settings\all users\application data\MCShield
2012-02-23 08:19:31 -------- d-----w- c:\documents and settings\administrator\application data\MCShield
2012-02-23 08:19:30 -------- d-----w- c:\program files\MCShield
2012-02-22 21:47:05 -------- d-----w- c:\windows\SiS
2012-02-22 21:45:56 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys
2012-02-22 20:47:29 -------- d-----w- c:\documents and settings\administrator\application data\ABBYY
2012-02-22 20:35:37 -------- d-----w- c:\program files\common files\ABBYY
2012-02-22 20:31:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ABBYY
2012-02-22 20:31:00 -------- d-----w- c:\program files\ABBYY FineReader 10
2012-02-22 20:31:00 -------- d-----w- c:\documents and settings\all users\application data\ABBYY
2012-02-22 17:43:26 -------- d-----w- c:\documents and settings\administrator\application data\3v
2012-02-22 17:26:45 -------- d-----w- c:\documents and settings\administrator\application data\DriverCure
2012-02-22 17:26:44 -------- d-----w- c:\documents and settings\administrator\application data\ParetoLogic
2012-02-22 17:26:24 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-02-22 16:24:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-22 16:24:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-22 15:10:45 -------- d-----w- c:\documents and settings\administrator\application data\Media Finder
2012-02-22 14:57:25 -------- d-----w- c:\program files\MKVToolNix
2012-02-22 14:22:07 -------- d-----w- C:\Temp
2012-02-22 14:20:12 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-22 14:04:42 -------- d-----w- c:\program files\eRightSoft
2012-02-22 13:26:50 -------- d-----w- c:\documents and settings\administrator\application data\mkvtoolnix
2012-02-21 16:53:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-21 16:53:39 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-02-21 16:38:49 -------- d-----w- c:\program files\Xvid
2012-02-21 16:32:42 -------- d-----w- c:\documents and settings\all users\application data\DivX
2012-02-18 20:35:15 -------- d-----w- c:\windows\system32\PreInstall
2012-02-18 20:33:46 -------- d--h--w- c:\windows\$hf_mig$
2012-02-18 14:22:18 193 ----a-w- c:\documents and settings\administrator\application data\12.tmp
2012-02-18 13:44:32 193 ----a-w- c:\documents and settings\administrator\application data\C.tmp
2012-02-18 13:44:26 193 ----a-w- c:\documents and settings\administrator\application data\A.tmp
2012-02-18 13:38:39 193 ----a-w- c:\documents and settings\administrator\application data\6.tmp
2012-02-18 13:38:38 193 ----a-w- c:\documents and settings\administrator\application data\5.tmp
2012-02-18 12:47:05 193 ----a-w- c:\documents and settings\administrator\application data\2BA.tmp
2012-02-17 15:07:56 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-02-17 15:07:25 82872 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-02-17 15:01:36 -------- d-----w- c:\program files\F-Secure
2012-02-17 11:28:19 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2012-02-17 11:28:19 45056 ----a-w- c:\windows\system32\vusetup.dll
2012-02-17 11:28:19 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2012-02-17 11:10:12 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-02-16 22:25:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 21:26:35 -------- d-----w- c:\documents and settings\all users\application data\fssg
2012-02-16 21:25:47 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2012-02-15 13:05:30 -------- d-----w- c:\program files\IGI Subtitler
2012-02-14 01:42:46 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-02-14 01:42:46 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2012-02-14 01:41:40 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2012-02-14 01:40:37 -------- d-----w- c:\windows\LastGood.Tmp
2012-02-12 22:37:38 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-02-12 20:41:03 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-12 20:41:03 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-12 20:41:01 -------- d-----w- c:\program files\ffdshow
2012-02-12 20:35:44 -------- d-----w- c:\program files\Haali
2012-02-12 19:33:39 497664 ----a-w- c:\windows\system32\ac3filter.acm
2012-02-12 19:33:38 -------- d-----w- c:\program files\AC3Filter
2012-02-12 14:14:55 3583 ----a-w- c:\windows\SiSport.sys
2012-02-12 14:14:55 32768 ----a-w- c:\windows\SIS_LIB.DLL
2012-02-12 14:14:55 106496 ----a-w- c:\windows\SiSUSBrg.exe
2012-02-12 14:13:30 36992 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2012-02-12 14:11:09 -------- d-----w- c:\program files\SiSLan
2012-02-12 14:08:16 306688 ----a-w- c:\windows\IsUninst.exe
2012-02-12 14:07:28 -------- d-----w- c:\documents and settings\administrator\WINDOWS
2012-02-12 12:50:05 -------- d-----w- c:\documents and settings\all users\application data\PDVD
2012-02-12 12:49:31 -------- d-----w- c:\documents and settings\administrator\local settings\application data\MediaServer
2012-02-12 12:46:53 -------- d-----w- c:\documents and settings\all users\application data\install_clap
2012-02-12 12:00:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-02-12 12:00:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-02-12 12:00:55 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-02-12 12:00:55 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-02-12 12:00:54 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-02-12 12:00:53 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-02-12 12:00:52 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-02-12 12:00:48 -------- d-----w- C:\ATI
2012-02-12 11:58:04 10194 ------w- c:\windows\system32\PFMODNT.SYS
2012-02-12 11:18:27 -------- d-----w- c:\program files\Lavalys
2012-02-12 07:53:34 -------- d-----w- c:\windows\system32\NtmsData
2012-02-11 19:44:24 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-08 16:56:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Conduit
2012-02-08 16:56:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2012-02-08 16:56:25 -------- d-----w- c:\program files\Hotspot_Shield
2012-02-08 09:20:27 0 ----a-w- c:\windows\system32\wbem\TempWmicBatchFile.bat
2012-02-07 14:35:31 260608 ----a-w- c:\windows\system32\lame.ax
2012-02-07 14:34:51 -------- d-----w- c:\windows\system32\oodag
2012-02-07 14:33:38 -------- d-----w- c:\program files\CODES lameDS-3.99.4
2012-02-07 13:25:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\O&O
2012-02-07 13:23:06 -------- d-----w- c:\program files\OO Software
2012-02-07 11:46:33 -------- d-----w- c:\documents and settings\administrator\application data\CheckPoint
2012-02-07 11:46:01 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-02-07 11:41:26 -------- d-----w- c:\program files\CheckPoint
2012-02-06 21:52:57 -------- d-----w- C:\SLUZBENI GLASNIK REPUBLIKE SPRSKE
2012-02-06 18:55:42 -------- d-----w- c:\documents and settings\all users\Microsoft
2012-02-06 18:52:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-06 18:50:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-02-06 18:47:55 -------- d-----w- c:\windows\SHELLNEW
2012-02-06 18:46:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft Help
2012-02-06 17:16:14 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-02-06 15:13:12 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-06 15:11:36 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-06 15:11:35 -------- d-----w- c:\documents and settings\administrator\application data\TestApp
2012-02-06 14:45:13 -------- d-----w- c:\program files\Yamicsoft
2012-02-06 14:43:11 -------- d-----w- c:\program files\Microsoft WSE
2012-02-06 13:28:11 -------- d-----w- c:\program files\common files\PCSuite
2012-02-06 13:28:10 -------- d-----w- c:\program files\common files\Nokia
2012-02-06 13:27:58 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-06 13:27:47 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-06 13:27:42 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-06 13:27:41 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-06 13:27:40 20864 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-06 13:27:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2012-02-06 13:27:32 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2012-02-06 13:27:32 17536 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-06 13:27:32 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-02-06 13:27:30 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-06 13:27:28 -------- d-----w- c:\program files\Nokia
2012-02-06 11:58:04 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-06 11:58:04 53248 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-06 11:58:04 53248 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-06 11:58:04 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-06 11:58:04 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-06 11:58:04 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-06 11:58:04 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-06 11:58:04 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-02-06 11:57:47 -------- d-----w- C:\CIMTEMP
2012-02-06 11:52:38 12288 ----a-r- c:\windows\system32\drivers\EIO_XP.sys
2012-02-06 11:35:57 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-02-06 11:35:55 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-02-06 11:16:46 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-06 11:16:42 311296 ----a-r- c:\windows\system32\atiiiexx.dll
2012-02-06 11:16:41 450560 ----a-r- c:\windows\system32\ATIDEMGX.dll
2012-02-06 11:07:49 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-02-06 11:07:49 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-02-06 11:07:49 28672 ----a-w- c:\windows\system32\vidcap.ax
2012-02-06 11:07:47 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2012-02-06 11:07:47 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-02-06 11:07:46 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-02-06 11:07:00 102400 ----a-w- c:\windows\system32\NetVideo_SBS.ax
2012-02-06 11:03:39 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-02-06 10:45:01 -------- d-----w- C:\Samsung
2012-02-06 10:35:28 -------- d-----w- c:\program files\ATI Technologies
2012-02-06 10:34:26 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-02-06 10:34:26 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-02-06 10:34:26 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-02-06 10:34:26 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-02-06 10:34:26 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-02-06 10:25:30 -------- d-----w- c:\windows\system32\appmgmt
2012-02-05 23:01:59 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2012-02-05 23:00:32 -------- d-----w- C:\directx 9.0c
2012-02-05 22:21:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ApplicationHistory
2012-02-05 22:14:44 -------- d-----w- c:\windows\system32\URTTEMP
2012-02-05 22:13:56 839680 ----a-w- c:\windows\system32\MpaDecFilter.ax
2012-02-05 22:13:56 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2012-02-05 22:12:01 -------- d-----w- c:\program files\Webteh
2012-02-05 22:05:51 -------- d-----w- c:\program files\Microsoft .NET Compact Framework 1.0 SP3
2012-02-05 20:36:31 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-02-05 20:28:38 -------- d-----w- c:\program files\URUSoft
2012-02-05 15:35:01 -------- d-----w- c:\program files\MagicISO
2012-02-05 15:32:44 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-02-05 15:32:43 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-02-05 15:32:38 -------- d-----w- c:\windows\Logs
2012-02-05 15:32:19 -------- d-----w- c:\program files\Winamp Detect
2012-02-05 15:32:18 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2012-02-05 15:32:18 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2012-02-05 15:31:47 -------- d-----w- c:\windows\RegisteredPackages
2012-02-05 15:29:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-05 15:28:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-02-05 15:28:12 -------- d-----w- c:\documents and settings\administrator\application data\DAEMON Tools Lite
2012-02-05 15:28:10 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-02-05 15:11:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2012-02-05 15:10:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-05 14:50:11 737280 ----a-w- c:\windows\iun6002.exe
2012-02-05 14:50:07 -------- d-----w- c:\program files\Codec Pack - All In 1
2012-02-05 14:37:48 -------- d-----w- c:\program files\GRETECH
2012-02-05 14:24:34 -------- d-----w- c:\documents and settings\administrator\.swt
2012-02-05 14:24:31 -------- d-----w- c:\documents and settings\administrator\application data\Azureus
2012-02-05 14:22:52 -------- d-----w- c:\program files\Vuze
2012-02-05 14:22:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-05 14:14:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 14:07:57 -------- d-----w- c:\program files\AARONS CLIKER
2012-02-05 14:03:52 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-02-05 14:03:51 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2012-02-05 14:03:49 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-02-05 14:03:48 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2012-02-05 14:03:46 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2012-02-05 14:03:44 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2012-02-05 14:03:43 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-02-05 14:03:42 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2012-02-05 14:03:40 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2012-02-05 14:03:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2012-02-05 14:03:38 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2012-02-05 14:03:34 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2012-02-05 14:01:59 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2012-02-05 14:01:59 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2012-02-05 14:01:54 74240 ----a-w- c:\windows\system32\usbui.dll
2012-02-05 14:01:50 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2012-02-05 14:01:46 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2012-02-05 14:01:42 32256 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-02-05 14:01:42 32256 ----a-r- c:\windows\system32\drivers\sisnic.sys
.
==================== Find3M ====================
.
2012-02-22 13:57:23 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2012-02-06 11:08:27 12288 ----a-w- c:\windows\system32\drivers\EIO64_xp.sys
2012-01-20 13:14:28 17280 ----a-w- c:\windows\system32\roboot.exe
2012-01-04 23:01:54 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 10:13:44.65 ===============
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
77.243.20.*



+89 Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 10:50 - pre 147 meseci
Prvo i osnovno, Start→Control Panel→Add/Remove Programs, obriši sve bespotrebne programe i toolbar-ove, vidim da imaš i Babylon toolbar koji je klasičan adware.
Nakon toga preuzmi OSAM Autorun Manager 5.0, raspakuj ga i pokreni.
Nakon završene kompletne analize sačuvaj .html log, zatim ga prikači ovde
uz novu poruku.
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

mirotovorac
student
Banjaluka

Član broj: 185666
Poruke: 31
*.teol.net.



Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 11:23 - pre 147 meseci
Babylon toolbar sam skidao u medjuvremenu, a pokupio sam ga sa JEEFORemovalTool


Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 12:20:48 on 23.02.2012
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" "O&O Software GmbH" C:\WINDOWS\system32\OODBS.exe File exists
|||||| "BootExecute" "SurfRight B.V." C:\WINDOWS\system32\bootdelete.exe File exists
Common
%SystemRoot%\Tasks
|| "WinXP Manager Live Update.job" "Yamicsoft" C:\Program Files\Yamicsoft\WinXP Manager\LiveUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ac3filter.cpl" C:\WINDOWS\system32\ac3filter.cpl File exists
|||||| "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\WINDOWS\system32\FlashPlayerCPLApp.cpl File exists
"javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Anchorfree HSS Adapter" (taphss) "AnchorFree Inc" C:\WINDOWS\System32\DRIVERS\taphss.sys File exists
|||||| "ap9hgl9g" (ap9hgl9g) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ap9hgl9g.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "ASUS Video3D Service" (Video3D) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\Drivers\Video3D32.sys File exists
|||||| "ASUS Virtual Video Capture Device Driver" (asusgsb) "ASUSTeK Computer Inc." C:\WINDOWS\System32\drivers\asusgsb.sys File exists
|||||| "ASUSTeK Virtual Capture Device" (ASUSVRC) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\DRIVERS\AsusVRC.sys File exists
|||||| "ati2mtag" (ati2mtag) "ATI Technologies Inc." C:\WINDOWS\System32\DRIVERS\ati2mtag.sys File exists
|||||| "EIO_XP" (EIO_XP) "ASUSTeK Computer Inc." C:\WINDOWS\system32\drivers\EIO_XP.sys File exists
|||||| "Enhanced Display Driver Helper Service" (asuskbnt) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\drivers\atkkbnt.sys File exists
"F-Secure Firewall Driver" (FSFW) "F-Secure Corporation" C:\WINDOWS\System32\drivers\fsdfw.sys File exists
"F-Secure Gatekeeper" (F-Secure Gatekeeper) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys File exists
"F-Secure HIPS Driver" (F-Secure HIPS) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys File exists
|||||| "FinalWire EVEREST Kernel Driver" (EverestDriver) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File found, but it contains no detailed information
|||||| "fsbts" (fsbts) "F-Secure Corporation" C:\WINDOWS\System32\Drivers\fsbts.sys File exists
|||||| "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\WINDOWS\system32\drivers\mbam.sys File exists
"mbr" (mbr) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys Hidden registry entry, rootkit activity | File not found
|| "ntk_PowerDVD" (ntk_PowerDVD) "Cyberlink Corp." C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys File exists
|||||| "PfModNT" (PfModNT) "Creative Technology Ltd." C:\WINDOWS\system32\PfModNT.sys File exists
|||||| "Power Control [2012/02/12 13:50:04]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl File exists
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\WINDOWS\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "StarOpen" (StarOpen) C:\WINDOWS\system32\drivers\StarOpen.sys File found, but it contains no detailed information
|||||| "VIA USB Host Controller Lower Filter" (vulfnths) "VIA Technologies, Inc." C:\WINDOWS\System32\Drivers\vulfnth.sys File exists
|||||| "VIA USB Roothub Lower Filter" (vulfntrs) "VIA Technologies, Inc." C:\WINDOWS\System32\Drivers\vulfntr.sys File exists
"vsdatant" (Vsdatant) "Check Point Software Technologies LTD" C:\WINDOWS\System32\vsdatant.sys File exists
"WRkrn" (WRkrn) C:\WINDOWS\System32\drivers\WRkrn.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Backup" File not found | COM-object registry key not found
{9458E603-FF43-4134-9036-04B4C71791E3} "BullGuard Backup" File not found | COM-object registry key not found
|||||| {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\VISSHE.DLL File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" deskpan.dll File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" File not found | COM-object registry key not found
|||||| {bc5e1455-02ca-4b30-8eed-91d52a38da75} "FineReader10.FRContextMenu.1" "ABBYY." C:\Program Files\ABBYY FineReader 10\FRIntegration.dll File exists
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\VISSHE.DLL File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists
|||||| {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll File exists
|||||| {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" "O&O Software GmbH" C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" File not found | COM-object registry key not found
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
|||||| {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Workspaces" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBarLayout" File not found | COM-object registry key not found
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
{c95a4e8e-816d-4655-8c79-d736da1adb6d} "{c95a4e8e-816d-4655-8c79-d736da1adb6d}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
|||| {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| {FFFDC614-B694-4AE6-AB38-5D6374584B52} "OneNote Lin&ked Notes" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File exists
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{c95a4e8e-816d-4655-8c79-d736da1adb6d} "Hotspot Shield Toolbar" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL File exists
{326E768D-4182-46FD-9C16-1449A49795F4} "{326E768D-4182-46FD-9C16-1449A49795F4}" File not found | COM-object registry key not found
{c95a4e8e-816d-4655-8c79-d736da1adb6d} "{c95a4e8e-816d-4655-8c79-d736da1adb6d}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini File exists
%UserProfile%\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|| "MCShield Monitor" "MyCity" C:\Program Files\MCShield\mcshieldrtm.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||||| "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File exists
|||| "OODefragTray" "O&O Software GmbH" C:\WINDOWS\system32\oodtray.exe File exists
"ZoneAlarm" "Check Point Software Technologies LTD" C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ABBYY FineReader 10 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.10.0) "ABBYY" C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe File exists
|||||| "Ati HotKey Poller" (Ati HotKey Poller) "ATI Technologies Inc." C:\WINDOWS\system32\Ati2evxx.exe File exists
|||||| "ATK Keyboard Service" (ATKKeyboardService) "ASUSTeK COMPUTER INC." C:\WINDOWS\ATKKBService.exe File exists
|||||| "CLHNServiceForPowerDVD" (CLHNServiceForPowerDVD) C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe File exists
|||||| "CyberLink PowerDVD 11.0 Monitor Service" (CyberLink PowerDVD 11.0 Monitor Service) "CyberLink" C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe File exists
|||||| "CyberLink PowerDVD 11.0 Service" (CyberLink PowerDVD 11.0 Service) "CyberLink" C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe File exists
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe File exists
"F-Secure Dll Hoster" (fshoster) "F-Secure Corporation" C:\Program Files\F-Secure\fshoster32.exe File exists
"F-Secure Management Agent" (FSMA) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
"Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jqs.exe File exists
|||||| "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\GROOVE.EXE File exists
|||||| "NMSAccess" (NMSAccess) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information
|||||| "O&O Defrag" (O&O Defrag) "O&O Software GmbH" C:\WINDOWS\system32\oodag.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Office Software Protection Platform" (osppsvc) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
"TrueVector Internet Monitor" (vsmon) "Check Point Software Technologies LTD" C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe File exists
|||||| "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
"WRSVC" (WRSVC) "C:\Program Files\Webroot\WRSA.exe" -service File not found
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "AtiExtEvent" "ATI Technologies Inc." C:\WINDOWS\system32\Ati2evxx.dll File exists

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru



 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
77.243.20.*



+89 Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 12:31 - pre 147 meseci
Nisi ispratio upustsvo, rekao sam ti da prikačiš .html log. Prikači ga uz novu poruku.
Odradi ponovo analizu i kada se proces završi klikni na Save Log. Sačuvaj ga na Desktop, zatim prikači ovde.
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

mirotovorac
student
Banjaluka

Član broj: 185666
Poruke: 31
*.teol.net.



Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 13:26 - pre 147 meseci
lele sta napravi
Prikačeni fajlovi
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
77.243.22.*



+89 Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 14:55 - pre 147 meseci
U pitanju je rootkit. Isključi System Restore. Desni klik na ikonicu Computer pa Properties.
Na listi sa leve strane odaberi System Properties.
Pod karticom System Protection obeleži Local Disk C i klikni na Configure.
Selektuj opciju Turn off system protection i potvrdi sa Ok.

Preuzmi Kaspersky Virus Removal Tool.
Restartuj Windows i pritiskaj taster F8.
U meniju odaberi opciju Safe Mode.
Pokreni Kaspersky Virus Removal Tool 2011.
Štikliraj "I accept the license agreement" i klikni na Start.
Kada se program startuje, odaberi opciju Settings i pod karticom Scan scope štikliraj sve objekte.
Pod karticom Action obelezi Select action i proveri da li su štiklirane opcije:
*Disinfect;
*Delete if disinfection fails;

Zatim u gornjem levom uglu odaberi karticu Automatic Scan.
Klikni na Start scanning da bi pokrenuo skeniranje.
Proces će potrajati. Nakon završenog skeniranja restartuj Windows.



A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

mirotovorac
student
Banjaluka

Član broj: 185666
Poruke: 31
*.teol.net.



Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 18:54 - pre 147 meseci
prikazuje vecinom fajlove slicne ovome

7.TMP TROJAN.AGENT
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
77.243.20.*



+89 Profil

icon Re: Problem sa svchost.exe milioniti put23.02.2012. u 20:07 - pre 147 meseci
Obriši sve pomoću tog alata. Dostavi nakon toga novi log, ponovo pokreni OSAM Autorun Manager i odradi analizu.
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

mirotovorac
student
Banjaluka

Član broj: 185666
Poruke: 31
*.teol.net.



Profil

icon Re: Problem sa svchost.exe milioniti put26.02.2012. u 10:45 - pre 147 meseci
poz!
Resio sam se virusa, ali ne uz pomoc kasperskog samog jel me je za dva dana ispatio. Kada bi presao 60% resetuje se komp i opet ispocetka moram startati skeniranje.

onda sam i aktivirio malwarebytes uz pomoc njih sam uspio skinuti ostale viruse, a glavni sam uspio skinuti uz pomoc ovoga linka http://www.youtube.com/watch?v=yzZNcmOnjYA.

S Kasperskim sam nasao sve viruse kao i sa malwarebytes ali mi nije samo jasno sto ih nisu mogli ukloniti sa kompa.
Mogao sam ih iskljuciti iz procesa ali prilikom resetovanja opet se pojave.

aadrive32.exe
zabero
trojan.win32.Jorik.Tedroo.uv
pxdcdr.exe

premda mi nije jasno zasto je ovaj zadnji virus.

nije mi jasan proces ali4eyw1, nema ga nigdje u direktorijumu


Hvala na pomoci!
Prikačeni fajlovi
 
Odgovor na temu

[es] :: Zaštita :: Problem sa svchost.exe milioniti put

Strane: 1 2

[ Pregleda: 14775 | Odgovora: 31 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.