Trans-Lucky Posted November 29, 2008 Report Share Posted November 29, 2008 Zakacio sam neku viruscinu i imam problem sa svchost.exe.Naime vidite koliko ih ima i jako mi usporavaju i rad u realnom vremenu i boot...NOD32 je nasao nesto,obrisao,ali i dalje je ostao ovaj problem. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:17:55 PM, on 11/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TC UP\totalcmd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Tools\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing) O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Tools\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{67A2091E-2C6F-4D75-A536-9A4C7D353BF1}: NameServer = 172.31.1.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{D0FD02BB-0638-4BAA-872D-0D91F56429FE}: NameServer = 82.117.194.2 82.117.194.3 O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing) O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\Tools\Matlab7\webserver\bin\win32\matlabserver.exe O23 - Service: FTP Publishing (MSFtpsvc) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) -- End of file - 4696 bytes Posle toga sam nasao ovo na netu : You have hardly anything starting up, are you sure your infected? Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Now then reboot your computer in Safe Mode by doing the following: * Restart your computer * Before the Windows loading icon appears, tap the F8 key repeatedly. * Instead of Windows loading as normal, the Advanced Options Menu should appear. * Select the option to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard). * Finally add the contents of the Report.txt and a NEW Hijackthis log in your next post. http://computerhelpforum.org/forum/lofiver...php?t18211.html Ali je problem sledece prirode ta arhiva nece da se pokrene a i kad udjem u safe mode,zabode mi komp...I kad stisnem ctrl+alt+del nece da izadje task menadzer...Jel ima neko ideju za resenje ovoga? Hvala. Ah da kad idem na end proces i ugasim svchost.exe komp mi se restartuje,tj pokaze se ono kao kod onog w32 blasta 60sekundi pa reboot. I ponekad mi u mozili otvori neku stranu za neki pro-scan kurac palac... Connection Interrupted The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again. Kad hocu da otvorim neke strane Quote Svenevideći Link to comment Share on other sites More sharing options...
voodoo_ Posted November 29, 2008 Report Share Posted November 29, 2008 Probaj da nabaciš ovo: http://portableapps.com/apps/utilities/clamwin_portable na USB na čistom kompu sa najnovijim definicijama pa sredi mašinu s USB-a. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.