MyCity » Ambulanta -> Arhiva Ambulante » svchost problem

svchost problem

Napisano na dan: 10.2.2009

svchost problem
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Feb 2009 23:52
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Na zalost jos ranije sam uz pomoc Malwarebytes otklonio neke malwareove, pa vam ne mogu reci tacne nazive, kao ni putanje :/
Uglavnom, simptomi su sledeci: prilikom rada DVD plejera, kao i kod igrica, dolazi do čestog 'bagovanja' racunara na par sekundi. Posmatranjem procesa u task manageru(u toku rada DVD plejera) otkrio sam da (bar) jedan od svchost-ova 'skace' i do 100% processor usage-a.
(Ne znam da li je bitno, al trenutno sam na integrisanoj grafici). AV na racunaru je NOD sada, a kada su pocele nevolje, bio je Kasp. Redovno skeniram sa NODom, Spybotom, Malwarebytes-om, probao sam i Trojan Remover, i ni jedan prog. ne pronalazi malicious programe.
Vi ste mi poslednja nada pre formatiranja sistemske particije Smile
Unapred zahvalan,
Nenad
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:09, on 10.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\The KMPlayer1431\KMPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instalacije\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 6458 bytes

Poslao: 11 Feb 2009 16:09
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Pomenuti problemi ne moraju biti prouzrokovani malware-om (obično i nisu).


Postavljeni log je čist, no izvršićemo još jednu proveru.


Arrow Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.

Poslao: 11 Feb 2009 19:33
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Hvala na ekspeditivnosti!
Log, as follows Smile

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/11 19:25
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000047
Image Path: \Driver\00000047
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FD1000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B03000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA95B6000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\etilqs_7T0mtIf08A0NeO4
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\2WVOOZ5O.G2M\JWKV56PV.QKD\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\2WVOOZ5O.G2M\JWKV56PV.QKD\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf739bb3a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf739bc7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf739bff6

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf739ba18

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf739c0c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf739bf58

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf739c148

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86dcceb0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x868046b0 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x86d86398 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP]
Process: System Address: 0x86d865d0 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86d86c78 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x86d86808 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86d86eb0 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86b90748 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b9d560 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86ba08b8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CREATE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CLOSE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_READ]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_WRITE]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_CLEANUP]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: Npfsȅ䵃䥖犠⬀Ȃఊ祓黈LL, IRP_MJ_SET_SECURITY]
Process: System Address: 0x869560e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CREATE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CLOSE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_READ]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_WRITE]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CLEANUP]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: MsfsЅ瑎䅆뻠⌰Ђఆ义䍔啨켨, IRP_MJ_SET_SECURITY]
Process: System Address: 0x869060e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CREATE]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLOSE]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_READ]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLEANUP]
Process: System Address: 0x869e7218 Size: -

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_PNP]
Process: System Address: 0x869e7218 Size: -

Poslao: 11 Feb 2009 20:15
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda čisto.

Možda da potražiš savete u Windows forumu...

Poslao: 12 Feb 2009 13:27
Idi na vrh
offline
  • Pridružio: 10 Feb 2009
  • Poruke: 6

Doktore, hvala na trudu! Smile

MyCity » Ambulanta -> Arhiva Ambulante » svchost problem

Ko je trenutno na forumu
 

Ukupno su 1115 korisnika na forumu :: 49 registrovanih, 10 sakrivenih i 1056 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Apok, babaroga, bojank, Bokiboks, BRATORIII, ccoogg123, Dimitrije Paunovic, Dimitrise93, flash12, Georgius, gorican, goxin, ILGromovnik, Karla, Lucije Kvint, mackenzie, Marko Marković, MB120mm, mercedesamg, nemkea71, Neutral-M, nuke92, ObelixSRB, opt1, ostoja, Parker, pavlo, Pohovani_00, Polemarchoi, rasok, Rogan33, royst33, sasa87, sevenino, SlaKoj, Srky Boy, Stefan M, Tvrtko I, vathra, voja64, W123, wizzardone, YugoSlav, zbazin, ZetaMan, žeks62, 1107