MyCity » Ambulanta -> Arhiva Ambulante » svchost problem

svchost problem

Napisano na dan: 10.2.2009

svchost problem
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Feb 2009 23:52
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Na zalost jos ranije sam uz pomoc Malwarebytes otklonio neke malwareove, pa vam ne mogu reci tacne nazive, kao ni putanje :/
Uglavnom, simptomi su sledeci: prilikom rada DVD plejera, kao i kod igrica, dolazi do čestog 'bagovanja' racunara na par sekundi. Posmatranjem procesa u task manageru(u toku rada DVD plejera) otkrio sam da (bar) jedan od svchost-ova 'skace' i do 100% processor usage-a.
(Ne znam da li je bitno, al trenutno sam na integrisanoj grafici). AV na racunaru je NOD sada, a kada su pocele nevolje, bio je Kasp. Redovno skeniram sa NODom, Spybotom, Malwarebytes-om, probao sam i Trojan Remover, i ni jedan prog. ne pronalazi malicious programe.
Vi ste mi poslednja nada pre formatiranja sistemske particije Smile
Unapred zahvalan,
Nenad
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:09, on 10.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\The KMPlayer1431\KMPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instalacije\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 6458 bytes



Poslao: 11 Feb 2009 16:09
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Pomenuti problemi ne moraju biti prouzrokovani malware-om (obično i nisu).


Postavljeni log je čist, no izvršićemo još jednu proveru.


Arrow Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.



Poslao: 11 Feb 2009 19:33
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Hvala na ekspeditivnosti!
Log, as follows Smile

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/11 19:25
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000047
Image Path: \Driver\00000047
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FD1000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B03000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA95B6000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\etilqs_7T0mtIf08A0NeO4
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\2WVOOZ5O.G2M\JWKV56PV.QKD\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\2WVOOZ5O.G2M\JWKV56PV.QKD\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf739bb3a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf739bc7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf739bff6

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf739ba18

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf739c0c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf739bf58

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf739c148

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CREATE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CLOSE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_READ]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_WRITE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CLEANUP]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_SET_SECURITY]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CREATE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CLOSE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_READ]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_WRITE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CLEANUP]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_SET_SECURITY]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CREATE]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLOSE]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_READ]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLEANUP]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_PNP]
Process: System Address: 0x869e7218 Size: -

Poslao: 11 Feb 2009 20:15
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda čisto.

Možda da potražiš savete u Windows forumu...

Poslao: 12 Feb 2009 13:27
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Doktore, hvala na trudu! Smile

MyCity » Ambulanta -> Arhiva Ambulante » svchost problem

Ko je trenutno na forumu
 

Ukupno su 1496 korisnika na forumu :: 62 registrovanih, 9 sakrivenih i 1425 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, ajo baba, Aristotle2002, Asparagus, Asteker, Bbbggg1979, Chainsaw, Cirkon, cuvarkuca, d.arsenal321, Devil city 1989, djonsule, djordjemiklusev, DLazić, dolinalima, g_g, glados, goranvas, gost321, Igritelj, ivan1973, Jecmendo, Jeremiah, Kajzer Soze, komenski, Krusarac, Limeni91, littlebunny, MaschinenPistole, mercedesamg, milenko crazy north, Milometer, miso2709, N.e.m.a.nj.a., nebidrag, nenad81, nenaddz, Novakomp, novator, paja69, PedjaDikovic, PenzosGSP, pera bager, Permaldar, Piani Jazzer, pisac12, PNNG, pobeda, rovac, sap, shadower78, Siti2, slowhand, takini, taomaster, Topaz9, VJ, vladom6, Vlajman1957, XBMC, Zanimljivo