Problem sa svchost.exe

Imam problem sa svchost.exe koji mi iskoriscenost procesora vuce na 100 procenta kada se ulogujem na net.
Uradio sam kao sto je napisano u poruci i dostavljam vam kopirani sadrzaj kako bi resio, ako je moguce, problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:34 PM, on 2/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Telenor Internet\Telenor Internet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Sale\Desktop\Hijack This\Mojeime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www2.gotomeeting.com/s...3/106404016/100000000009730742
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: netuza32.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88E03E5-EE10-41EA-9CF2-89977E63FA81}: NameServer = 217.65.192.1 217.65.192.52
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5880 bytes


_{[Ovu poruku je menjao valjan dana 23.02.2010. u 14:26 GMT+1]}

---

Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt


_{[Ovu poruku je menjao valjan dana 23.02.2010. u 14:26 GMT+1]}

Ovo sam dobio



As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.


::

I sad sta?

---

Ma sacekaj da prodje to skeniranje, mozes da sacekas 1 min.

Ovo sam dobio


DDS (Ver_09-12-01.01) - NTFSx86
Run by Sale at 14:25:49.39 on Tue 02/23/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_04
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.428 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Telenor Internet\Telenor Internet.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sale\Desktop\DDS prog\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://www2.gotomeeting.com/s...3/106404016/100000000009730742
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\sale\start menu\programs\startup\netuza32.exe
StartupFolder: c:\documents and settings\sale\start menu\programs\startup\siszyd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A88E03E5-EE10-41EA-9CF2-89977E63FA81} = 217.65.192.1 217.65.192.52
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sale\applic~1\mozilla\firefox\profiles\1yaces8n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={7CB2414D-3996-0058-8736-B26586947497}&q=
FF - plugin: c:\documents and settings\sale\application data\mozilla\firefox\profiles\1yaces8n.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-21 21:36:45 0 d-----w- c:\program files\Macromedia
2010-02-21 21:23:48 103 ----a-w- c:\windows\pro.INI
2010-02-19 19:15:15 0 d-----w- c:\program files\VideoLAN
2010-02-19 00:19:03 0 d-----w- c:\program files\Comodo
2010-02-04 17:53:16 0 d-----w- c:\docume~1\sale\applic~1\GetRightToGo
2010-02-04 17:51:58 0 d-----w- c:\windows\Freecorder
2010-02-04 17:49:33 0 d-----w- c:\windows\Applian FLV Player
2010-02-04 13:10:00 0 d-----w- c:\program files\BadBoy Media

==================== Find3M ====================

2010-02-15 18:24:00 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-02-06 23:22:08 8 ----a-w- c:\docume~1\sale\applic~1\avdrn.dat
2009-05-11 14:46:10 32501 -c-ha-w- c:\program files\uputstvo.GID
2009-05-11 14:45:55 3038 -c--a-w- c:\program files\GRESKE.DBF
2009-05-11 14:45:55 122240 -c--a-w- c:\program files\tauruser.FPT
2009-05-09 23:11:10 3209 -c--a-w- c:\program files\tauruser.DBF
2009-05-03 07:33:34 18385 -c--a-w- c:\program files\log.txt
2009-05-03 07:33:06 118254 -c--a-w- c:\program files\setdokum.DBF
2009-05-03 07:22:22 4608 -c--a-w- c:\program files\VALUTA.CDX
2009-05-02 06:53:38 1011041 -c--a-w- c:\program files\head.APP
2009-05-02 06:53:34 2299663 -c--a-w- c:\program files\kaskom.APP
2009-05-02 06:53:28 1963157 -c--a-w- c:\program files\int.APP
2009-05-02 06:53:24 758990 -c--a-w- c:\program files\kamate.APP
2009-05-02 06:53:24 611153 -c--a-w- c:\program files\vir.APP
2009-05-02 06:53:22 705435 -c--a-w- c:\program files\kurs.APP
2009-05-02 06:53:20 2584162 -c--a-w- c:\program files\plate.APP
2009-05-02 06:53:16 1963291 -c--a-w- c:\program files\os.APP
2009-03-04 11:07:32 1867 -c--a-w- c:\program files\plapar.DBF
2009-03-04 11:07:30 6656 -c--a-w- c:\program files\setdokum.cdx
2009-02-14 14:35:16 3072 -c--a-w- c:\program files\LOZINKA.CDX
2009-02-14 14:35:16 2533 -c--a-w- c:\program files\lozinka.DBF
2009-01-11 13:09:30 45746 -c--a-w- c:\program files\svidok.DBF
2009-01-11 13:09:30 11776 -c--a-w- c:\program files\SVIDOK.CDX
2009-01-03 09:19:40 9216 -c--a-w- c:\program files\porvre.CDX
2009-01-03 09:19:40 2069 -c--a-w- c:\program files\porvre.dbf
2009-01-02 12:47:18 5445 -c--a-w- c:\program files\main.dbf
2009-01-02 12:47:06 1221 -c--a-w- c:\program files\godina.dbf
2008-12-25 21:33:34 584 -c--a-w- c:\program files\RADMESTO.DBF
2008-12-25 21:33:34 10752 -c--a-w- c:\program files\RADMESTO.CDX
2008-12-04 07:43:26 7680 -c--a-w- c:\program files\SEKTORI.CDX
2008-12-04 07:43:26 1203 -c--a-w- c:\program files\sektori.DBF
2008-12-04 07:43:18 488 -c--a-w- c:\program files\lozinka2.DBF
2008-12-04 07:43:18 3072 -c--a-w- c:\program files\lozinka2.cdx
2008-11-16 21:15:02 520 -c--a-w- c:\program files\lozinka3.dbf
2008-11-16 21:11:10 7680 -c--a-w- c:\program files\lozinka3.cdx
2008-10-31 14:39:02 7680 -c--a-w- c:\program files\POREZ.CDX
2008-10-31 14:39:02 1045 -c--a-w- c:\program files\POREZ.DBF
2008-08-26 15:49:24 13824 -c--a-w- c:\program files\MAIN.CDX
2008-03-16 08:38:10 11108376 -c--a-w- c:\program files\uputstvo.hlp
2008-02-21 13:48:36 4608 -c--a-w- c:\program files\sashema.cdx
2008-02-21 13:48:30 40777 -c--a-w- c:\program files\SASHEMA.DBF
2007-12-14 15:03:10 7680 -c--a-w- c:\program files\KURS.CDX
2007-12-14 15:03:10 687 -c--a-w- c:\program files\kurs.DBF
2007-12-14 15:02:50 4799 -c--a-w- c:\program files\virmani.DBF
2007-11-15 19:17:52 1057 -c--a-w- c:\program files\nalepi.DBF
2007-11-15 00:09:42 5632 -c--a-w- c:\program files\OSNOVE.CDX
2007-11-15 00:09:42 15302 -c--a-w- c:\program files\osnove.DBF
2007-06-16 14:37:16 10068 -c--a-w- c:\program files\uputstvo.cnt
2007-05-31 14:48:12 123 -c--a-w- c:\program files\osnovek.DBF
2007-05-18 17:28:38 216 -c--a-w- c:\program files\config.fpw
2007-05-17 14:08:42 488 -c--a-w- c:\program files\OpisArtikla.dbf
2007-05-17 14:08:42 3072 -c--a-w- c:\program files\opisartikla.CDX
2007-05-17 13:46:02 512 -c--a-w- c:\program files\OpisArtikla.FPT
2007-04-27 21:28:58 488 -c--a-w- c:\program files\storez.dbf
2007-04-27 21:28:58 3072 -c--a-w- c:\program files\storez.cdx
2007-04-26 12:13:32 3072 -c--a-w- c:\program files\grupestolova.cdx
2007-04-18 07:35:10 1340 -c--a-w- c:\program files\posprint.dbf
2007-04-18 07:34:36 6144 -c--a-w- c:\program files\posprint.cdx
2007-04-09 09:27:46 712 -c--a-w- c:\program files\posreta.dbf
2007-04-09 09:27:46 4608 -c--a-w- c:\program files\posreta.cdx
2006-12-07 15:48:44 3072 -c--a-w- c:\program files\plakonta.cdx
2006-12-07 15:48:42 1008 -c--a-w- c:\program files\plakonta.dbf
2006-08-05 06:40:04 907 -c--a-w- c:\program files\racuni.DBF
2006-08-05 06:40:04 6144 -c--a-w- c:\program files\racuni.CDX
2006-07-06 07:09:48 552 -c--a-w- c:\program files\retaSfile.dbf
2006-07-06 07:09:48 4608 -c--a-w- c:\program files\retaSfile.CDX
2006-05-15 07:01:40 4608 -c--a-w- c:\program files\napomene.cdx
2006-05-15 06:52:06 488 -c--a-w- c:\program files\napomene.dbf
2005-11-06 00:35:20 7680 -c--a-w- c:\program files\KASE.CDX
2005-11-06 00:35:20 1275 -c--a-w- c:\program files\kase.DBF
2005-10-20 07:05:28 12969 -c--a-w- c:\program files\opstina.dbf
2005-10-20 07:04:34 8192 -c--a-w- c:\program files\opstina.cdx
2005-06-15 19:57:54 520 -c--a-w- c:\program files\slaves.DBF
2005-06-15 19:57:54 3072 -c--a-w- c:\program files\SLAVES.CDX
2005-04-30 06:26:00 921 -c--a-w- c:\program files\krac.dbf
2005-04-30 06:26:00 6144 -c--a-w- c:\program files\krac.cdx
2005-02-04 18:37:08 7680 -c--a-w- c:\program files\JM.CDX
2005-02-04 18:37:08 604 -c--a-w- c:\program files\JM.DBF
2005-01-08 20:57:26 12515 -c--a-w- c:\program files\posta.dbf
2005-01-08 20:57:26 10752 -c--a-w- c:\program files\posta.cdx
2004-04-05 12:34:38 19840 -c--a-w- c:\program files\Servuser.FPT
2004-04-05 12:34:38 1405 -c--a-w- c:\program files\Servuser.DBF
2004-03-27 09:00:38 1360 -c--a-w- c:\program files\SETFIN.DBF
2003-10-23 14:54:48 1494 -c--a-w- c:\program files\proglocw.DBF
2003-10-06 14:37:36 80 -c--a-w- c:\program files\SETUP.DBF
2003-05-27 21:47:32 2858 -c--a-w- c:\program files\oapp.dbf
2003-05-27 08:08:28 3072 -c--a-w- c:\program files\OAPP.CDX
2003-02-22 22:16:00 193 -c--a-w- c:\program files\TIPCENE.DBF
2003-02-22 14:25:00 6144 -c--a-w- c:\program files\TIPCENE.CDX
2002-11-24 09:38:46 2386 -c--a-w- c:\program files\REVAL.DBF
2002-10-10 14:02:24 3072 -c--a-w- c:\program files\LABPICT.CDX
2002-10-10 14:02:24 1569 -c--a-w- c:\program files\LABPICT.DBF
2002-09-23 15:30:56 5632 -c--a-w- c:\program files\racveza.CDX
2002-09-23 15:30:48 1277 -c--a-w- c:\program files\racveza.DBF
2002-09-02 20:28:22 530 -c--a-w- c:\program files\POREZN.DBF
2002-07-04 21:07:16 12288 -c--a-w- c:\program files\imenik.CDX
2002-04-30 09:04:42 3072 -c--a-w- c:\program files\REVAL.CDX
2002-04-17 10:59:42 292 -c--a-w- c:\program files\CLEAN.BAT
2002-02-24 09:33:10 4608 -c--a-w- c:\program files\ZEMLJA.CDX
2002-02-24 09:33:08 6144 -c--a-w- c:\program files\RACSHEMA.CDX

============= FINISH: 14:30:15.56 ===============

u jednom je to.... a u drugom


UNLESS SPECIFICALLY

INSTRUCTED, DO NOT POST

THIS LOG.
IF REQUESTED, ZIP IT UP

& ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP

Professional
Boot Device:

\Device\HarddiskVolume1
Install Date: 4/15/2009

10:38:19 AM
System Uptime: 2/23/2010

12:44:31 PM (2 hours

ago)

Motherboard: Dell Inc. |

| 0UW744
Processor: Mobile AMD

Sempron(tm) Processor

3500+ | Socket M2/S1G1 |

1795/200mhz

==== Disk Partitions

========================

=

C: is FIXED (NTFS) - 20

GiB total, 10.913 GiB

free.
D: is FIXED (NTFS) - 36

GiB total, 6.782 GiB

free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device

Manager Items

=============

==== Installed Programs

======================

18 Wheels of Steel Pedal

to the Metal
Adobe Download Manager
Adobe Flash Player 10

ActiveX
Adobe Flash Player 10

Plugin
Adobe Reader 8.1.3
AMD Processor Driver
ATI - Software Uninstall

Utility
ATI Catalyst Control

Center
ATI Display Driver
AviSynth 2.5
BlueSoleil
Broadcom 440x 10/100

Integrated Controller
BSPlayer
Codec 8.3e
Comodo Dragon
Conexant HDA D110 MDC

V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
DNJ Recnik 1.00
Eagle Family USB ADSL
ffdshow [rev 2019]

[2008-06-22]
Free FLV Player
GoToMeeting 4.1.0.366
GSpot Codec Information

Appliance
High Definition Audio

Driver Package -

KB835221
HijackThis 2.0.2
Hotfix for Windows XP

(KB915800-v4)
Hotfix for Windows XP

(KB915865)
Hotfix for Windows XP

(KB954708)
Java(TM) 6 Update 4
K-Lite Codec Pack 2.35

Full
MagicMap 1.0
Microsoft .NET Framework

1.1
Microsoft Application

Error Reporting
Microsoft Office 2003

programski dodatak za

preslovljavanje
Microsoft Office Access

MUI (English) 2007
Microsoft Office Access

Setup Metadata MUI

(English) 2007
Microsoft Office

Enterprise 2007
Microsoft Office Excel

MUI (English) 2007
Microsoft Office Groove

MUI (English) 2007
Microsoft Office Groove

Setup Metadata MUI

(English) 2007
Microsoft Office

InfoPath MUI (English)

2007
Microsoft Office OneNote

MUI (English) 2007
Microsoft Office Outlook

MUI (English) 2007
Microsoft Office

PowerPoint MUI (English)

2007
Microsoft Office Proof

(English) 2007
Microsoft Office Proof

(French) 2007
Microsoft Office Proof

(Spanish) 2007
Microsoft Office

Proofing (English) 2007
Microsoft Office

Publisher MUI (English)

2007
Microsoft Office Shared

MUI (English) 2007
Microsoft Office Shared

Setup Metadata MUI

(English) 2007
Microsoft Office Word

MUI (English) 2007
Microsoft Software

Update for Web Folders

(English) 12
Microsoft Visual C++

2005 Redistributable
Mozilla Firefox (3.0.18)
Nero 6 Ultra Edition
NOD32 antivirus system
NOD32 FiX v2.1
Power-Tarot
PowerDVD
QuickTime
SigmaTel Audio
Synaptics Pointing

Device Driver
Telenor Internet
TopStyle Lite (Version

3.0)
VLC media player 1.0.5
WebFldrs XP
Windows Driver Package -

Ricoh Company

Memorystick Host

Controller (07/09/2005

1.00.01.12)
Windows Driver Package -

Ricoh Company MMC Host

Controller (07/14/2005

1.00.00.06)
Windows Driver Package -

Ricoh Company xD-Picture

Card/SmartMedia Host

Controller (07/14/2005

1.00.02.04)
Windows Imaging

Component
Windows Installer 3.1

(KB893803)
Windows Search 4.0
Windows XP srpski

interfejs paket -

latinica
WinHTTrack Website

Copier 3.43-7
WinRAR archiver
ZoneAlarm Pro

==== End Of File

========================

===


je li to to?

---

Skini Avenger http://swandog46.geekstogo.com/avenger2/download.php na desktop i raspakuj ga u folder.
Pokreni Avenger i iskopiraj sledeci tekst u beli prozor programa:



Klikni Execute, pa dva puta Yes
Doci ce do restarta i kad zavrsi izbacice log, koji ces iskopirati ovde.

Skinuo sam program ali pri pokretanju pise
Windows nema pristupa navedenom uredjaju. Mozda nemate odgovarajuce dozvole za pristupanje ovoj stavki.

A i Zone alarm mi prijavljuje da je to maliciozni softver.

Sta onda?

p.s. hvala za prethodne odgovore i brzinu istih

---

Obriši ih sam. Otkrij skrivene fajlove, idi na tu lokaciju i obriši ih. Naravno, pošto su aktivni (ili bar jedan od njih) neće ti dozvoliti, pa ti uradi jednu od sledećih radnji:
1. Instaliraj Unlocker. Nakon instalacije, desni klik na problematični fajl i izaberi Unlock ili još bolje Delete. Ili...
2. Kada ti svchost.exe zakuca na 100% ubij ga u Device Manager-u. Nažalost, tada će sistem početi da odbrojava 60s do restarta. Brzo pokreni Command Promt i otkucaj shutdown -a. Time ćeš zaustaviti odbrojavanje i moći ćeš ručno obrisati te fajlove. Ako nisi brz na tastaturi ti pripremi komandu za opozivanje restarta pa kada ubiješ svchost.exe samo pređi u taj prozor i udari enter.

Na koji god način da obrišeš te fajlove moraš da obrišeš i jedan beč fajl u C:\Windows\system32\. Ime mu je glupavo, nešto kao fjhd???.bat. I on je skriven.

Svaki antimalware alat ce AV prijaviti kao maliciozan, sto on u stvari nije.
Ovo ti je firmin racunar, da li si ti administrator?

Obrisao sam ih... dopustio mi je da ih obrisem kao sto si prvo naveo.
Ali cu za svaki slucaj da skinem unlocker, nikad se ne zna...
Hvala puno... hteo sam da po.izdim danas...
:)



Ma kakav administrator, daleko sam ja od toga ... :))
firma mi je instalirala programe samo... nego da nisu oni nesto "stavili" zajedno sa windowsom, mozda nenamerno, moze li to ili ne?
Valjda nisu...nadam se... ali nikad se ne zna...
Inace dok ovo pisem, nema vise zauzeca od 100 procenata...tako da je valjda gotovo... naravno UZ VASU POMOC...
HVALA VAM LJUDI VELIKO...

I naravno veliki pozdrav

Sasa

---

Moze, zato te i zeza. Skloni te dokumente sa C, nemoj to da drzis na sistemskoj particiji.

A koje dokumente da sklonim a da ne ugrozim sistem?
Imaju neki dokumenti u program files vezani za kasu, poreze i ostalo... ali nisu u posebnom folderu neko su rastrkani pored ostalih foldera... da ne mislis na njih (video sam ih i ja ali nisam smeo da ih obrisem jer ne znam mozda su neki sto trebaju, ne znam) ?

Sasa

---

Mi odavde još manje znamo. Ne briši ništa za šta nisi 100% siguran. Ako onesposobiš kasu ko će biti kriv? Oni koji su je instalirali, ti ili mi sa foruma? Niko ti nije ništa namerno stavio, taj virus se pojavio npr. u novembru, decembru prošle godine i sam je došao.

Nisam mislio da li radis kao administrator, nego na admin privilegije i da ne mozes nista da instaliras. To se odnosilo na onaj program koji si pokusao da pokrenes. Nemoj nista da brises, sto je trebalo obrisali smo.

OK, verovatno cu ja biti kriv... :))
Hvala puno.



OK, necu nista da brisem... Hvala tebi i drugima na svemu... Ponovo se malo smejem... hehehe
Veliki pozdrav

Sasa

---