Проблем със svhost.exe

[dimojekov]

от няколко дена през различни интервали от време ми излиза прозорец че Windows не може да намери svhost.exe,

това се случва дори и да не работя със него,проверих в диспечера на задачите и там си ги има стартираните процесите на svhost, Компютъра си работи стабилно и без проблеми но е дразнещо да ми излиза този надпис,Сканирано е със Malwarebytes' Anti-Malware,SUPERAntiSpyware и със Аваст6 Free но не се откриват никакви гадинки.Някакви идеи от какво може да се получава това

[B-boy/StyLe/]

svhost.exe не е svchost.exe.

svhost най-вероятно е вирус.

• Изтеглете DDS: от BleepingComputer.
  
• След изтегляне на файла го запишете (бутон Save => Save as) DDS на вашия десктоп, снимка:
  http://i46.tinypic.com/2exprgh.jpg
  
• След като изтеглите DDS на десктопа, иконката на програмата би трябвало да изглежда така: http://i49.tinypic.com/rvwlll.jpg
  
• Прекратете временно работата на всички скрипт блокиращи приложения, ако има такива или разрешете изпълнението на dds.scr. След това стартирайте DDS с двоен клик на иконката, като потвърдите с Run.
  
• След приключване на работата на DDS копирайте с Copy текста от двата файлови лога, които ще се появят в Notepad: DDS.txt и Attach.txt и ги запазете (бутон Save => Save as) на десктопа.
  

 

Копирайте и поставете съдържанието на DDS.txt и Attach.txt във вашата тема. Моля, не ги прикачвайте!

[dimojekov]

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Dimo at 21:01:37 on 2012-01-07

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3326.2053 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe

C:\WINDOWS\VM305_STI.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\smservices.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Chameleon Clock\ChamClock.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\SoftMaker Office Professional 2012\smash.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

svchost.exe

C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

svchost.exe

C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\iMate\UPServ.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\iMate\UPSmart.EXE

C:\Program Files\FreeCommander\FreeCommander.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = ftp://ftp.radio.ru/pub/

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [HomeAlarm] c:\program files\chameleon clock\ChamClock.exe

uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [sMASH] "c:\program files\softmaker office professional 2012\smash.exe"

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [scheduleTV] c:\program files\gadmei\tvr plus\ScheduleTV.exe

mRun: [bigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [NWEReboot]

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [smservices] c:\windows\system32\smservices.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [RemoteControl11] c:\program files\cyberlink\powerdvd11\PDVD11Serv.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

IE: &Експортиране към Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Свали видеото с Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Свали всички с Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Свали избраните с Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Свали с Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E70541C0-559D-4C94-B04B-5E055534CB19} : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: schannel.dll, credssp.dll, digest.dll

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dimo\application data\mozilla\firefox\profiles\uiive1ij.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=bg

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll

FF - plugin: c:\program files\vdownloader\addons\npVDownloader.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [2011-4-14 308248]

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-4-14 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-4-14 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-4-14 13616]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-26 314456]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-27 218688]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R1 upsmart;upsmart;c:\windows\system32\drivers\upsmart.sys [2011-6-26 6912]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-6-30 158512]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-6-30 91440]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/27 19:08:50];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-8-25 77296]

R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:\program files\common files\abbyy\finereader\11.00\licensing\ce\NetworkLicenseServer.exe [2011-10-12 819976]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-26 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-26 44768]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-9-27 83240]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-9-27 75048]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServerForPDVD11.exe [2011-9-27 292136]

R2 GDMCAP;%GDMCAP.DeviceDesc%;c:\windows\system32\drivers\GDMCAP.sys [2011-6-26 78720]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-27 50704]

R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-9-27 71664]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-24 2255464]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2011-12-6 2208]

R2 UPSmartDB9;UPSmartDB9;c:\program files\imate\upserv.exe upsmartdb9 --> c:\program files\imate\UPServ.exe UPSmartDB9 [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-6-27 119528]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-6-24 104752]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-11-4 116016]

R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2011-6-26 391688]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys --> c:\windows\system32\drivers\vmci.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-16 1691480]

S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-07 12:27:58 -------- d-----w- c:\program files\!Quick Screen Capture

2012-01-07 12:27:58 -------- d-----w- C:\MyCaptures

2012-01-04 21:29:06 -------- d-----w- c:\documents and settings\dimo\local settings\application data\Adobe

2012-01-04 21:28:54 -------- d-----w- c:\documents and settings\dimo\application data\ABBYY

2012-01-04 21:26:12 -------- d-----w- c:\program files\common files\ABBYY

2012-01-04 21:25:30 -------- d-----w- c:\program files\ABBYY FineReader 11

2012-01-04 21:25:30 -------- d-----w- c:\documents and settings\dimo\local settings\application data\ABBYY

2012-01-04 21:25:30 -------- d-----w- c:\documents and settings\all users\application data\ABBYY

2012-01-04 21:24:35 -------- d-----w- c:\program files\MSXML 6.0

2011-12-31 10:15:49 -------- d-----w- c:\documents and settings\dimo\application data\AIMP3

2011-12-31 10:15:37 -------- d-----w- c:\program files\AIMP3

2011-12-29 22:15:58 -------- d-----w- c:\documents and settings\dimo\local settings\application data\CometNetwork

2011-12-29 22:15:58 -------- d-----w- c:\documents and settings\dimo\application data\CometNetwork

2011-12-29 22:15:46 -------- d-----w- c:\program files\CometBird

2011-12-27 21:59:54 -------- d-----w- C:\videodvdmaker

2011-12-27 21:59:54 -------- d-----w- c:\documents and settings\dimo\application data\Video DVD Maker FREE

2011-12-27 21:58:54 -------- d-----w- c:\program files\Video DVD Maker

2011-12-27 21:56:52 -------- d-----w- c:\program files\DVDStyler

2011-12-27 20:36:06 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2011-12-27 20:36:06 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2011-12-27 20:36:06 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2011-12-27 20:36:06 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2011-12-22 08:19:34 -------- d-----w- c:\documents and settings\dimo\local settings\application data\Chromium

2011-12-22 08:19:28 -------- d-----w- c:\program files\SRWare Iron

2011-12-20 18:57:51 -------- d-----w- c:\program files\uTorrent

2011-12-20 18:12:11 -------- d-----w- c:\documents and settings\dimo\application data\BSplayer PRO

2011-12-20 15:39:53 -------- d-----w- c:\documents and settings\all users\application data\Microinvest

2011-12-20 15:39:36 -------- d-----w- c:\windows\XSxS

2011-12-20 15:39:36 -------- d-----w- c:\program files\Xenocode

2011-12-20 15:39:36 -------- d-----w- c:\documents and settings\dimo\local settings\application data\Xenocode

2011-12-20 15:12:11 -------- d-----w- c:\documents and settings\dimo\fontconfig

2011-12-20 15:11:15 -------- d-----w- c:\documents and settings\dimo\.smplayer

2011-12-20 15:10:50 -------- d-----w- c:\program files\SMPlayer

2011-12-20 14:37:04 -------- d-----w- c:\program files\SopCast

2011-12-20 14:14:56 -------- d-----w- c:\program files\Microinvest

2011-12-19 15:47:30 -------- d--h--w- c:\windows\PIF

2011-12-16 22:58:14 -------- d-----w- c:\documents and settings\dimo\application data\VDownloader

2011-12-16 22:58:12 -------- d-----w- c:\documents and settings\dimo\local settings\application data\VDownloader

2011-12-16 22:57:50 -------- d-----w- c:\program files\WinPcap

2011-12-16 22:57:49 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

2011-12-16 22:57:49 -------- d-----w- C:\ProgramData

2011-12-16 22:57:45 -------- d-----w- c:\program files\VDownloader

2011-12-16 18:19:07 359016 ----a-w- c:\windows\vncutil.exe

2011-12-16 18:19:05 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll

2011-12-16 18:19:05 129640 ----a-w- c:\windows\RtkAudioService.exe

2011-12-16 18:19:05 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll

2011-12-16 18:19:03 21736 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT

2011-12-16 18:19:03 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys

2011-12-16 18:19:01 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys

2011-12-15 04:02:45 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-12-15 04:02:45 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-12-15 04:02:45 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-12-14 16:50:43 -------- d-----w- c:\documents and settings\dimo\local settings\application data\Google

2011-12-13 00:51:12 -------- d-----w- c:\program files\ComNet

2011-12-12 13:37:30 -------- d-----w- c:\windows\SSuite Office Installations

2011-12-10 17:05:18 -------- d-----w- c:\documents and settings\dimo\application data\eM Client for SoftMaker

.

==================== Find3M ====================

.

2012-01-04 17:29:52 6 ----a-w- c:\documents and settings\dimo\application data\engine.tmp

2011-12-13 16:27:30 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-12-13 09:01:00 1698408 ----a-w- c:\windows\RtlExUpd.dll

2011-12-10 13:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-06 09:45:27 2208 ----a-w- c:\windows\system32\drivers\nxsIO32.sys

2011-12-05 13:49:12 20065384 ----a-w- c:\windows\RTHDCPL.EXE

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-26 07:00:16 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-26 07:00:16 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 19:46:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 03:50:16 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-11-04 19:19:40 919552 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:19:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:42:02 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-11-04 11:42:02 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-11-04 11:42:02 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-11-04 11:42:02 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-11-04 11:42:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2011-11-01 16:05:38 1289216 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 15:03:56 6328832 ----a-w- c:\documents and settings\dimo\application data\engine.bin

2011-10-31 15:03:53 746232 ----a-w- c:\documents and settings\dimo\application data\engine2.bin

2011-10-31 15:03:53 614648 ----a-w- c:\documents and settings\dimo\application data\engine3.bin

2011-10-31 15:03:53 1031680 ----a-w- c:\documents and settings\dimo\application data\analyzer.bin

2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:38:37 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:33 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-25 12:01:01 385024 ----a-w- c:\windows\system32\html.iec

2011-10-18 11:12:37 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 21:04:24,34 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 26.6.2011 г. 20:36:53

System Uptime: 07.1.2012 г. 13:58:43 (8 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 49 GiB total, 18,392 GiB free.

D: is FIXED (NTFS) - 1397 GiB total, 670,163 GiB free.

E: is FIXED (NTFS) - 249 GiB total, 107,704 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is CDROM ()

M: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP238: 16.12.2011 г. 20:19:00 - Installed Realtek High Definition Audio Driver

RP239: 18.12.2011 г. 00:03:14 - Контролна точка на системата

RP240: 19.12.2011 г. 00:24:58 - Контролна точка на системата

RP241: 20.12.2011 г. 01:29:46 - Контролна точка на системата

RP242: 21.12.2011 г. 02:30:58 - Контролна точка на системата

RP243: 21.12.2011 г. 22:14:32 - Revo Uninstaller's restore point - AbiWord 2.9.2

RP244: 21.12.2011 г. 22:16:32 - Revo Uninstaller's restore point - CookingBook

RP245: 21.12.2011 г. 22:18:48 - Revo Uninstaller's restore point - GOM Player

RP246: 21.12.2011 г. 22:20:19 - Revo Uninstaller's restore point - foobar2000 v1.1.10

RP247: 21.12.2011 г. 22:22:03 - Revo Uninstaller's restore point - Apple Software Update

RP248: 21.12.2011 г. 22:23:40 - Revo Uninstaller's restore point - Microinvest Validator (remove only)

RP249: 21.12.2011 г. 22:25:30 - Revo Uninstaller's restore point - SMS version 3.0.5.0

RP250: 21.12.2011 г. 22:40:58 - Revo Uninstaller's restore point - Vtune 7.16

RP251: 21.12.2011 г. 22:46:08 - Revo Uninstaller's restore point - Opera 11.51

RP252: 21.12.2011 г. 23:12:16 - Revo Uninstaller's restore point - vloader-bg 1.59

RP253: 21.12.2011 г. 23:14:07 - Software Distribution Service 3.0

RP254: 23.12.2011 г. 00:26:35 - Контролна точка на системата

RP255: 24.12.2011 г. 02:23:07 - Контролна точка на системата

RP256: 25.12.2011 г. 04:19:14 - Контролна точка на системата

RP257: 26.12.2011 г. 04:31:04 - Контролна точка на системата

RP258: 27.12.2011 г. 05:52:11 - Контролна точка на системата

RP259: 28.12.2011 г. 07:22:10 - Контролна точка на системата

RP260: 29.12.2011 г. 08:52:10 - Контролна точка на системата

RP261: 30.12.2011 г. 10:08:08 - Контролна точка на системата

RP262: 31.12.2011 г. 11:05:28 - Контролна точка на системата

RP263: 01.1.2012 г. 01:35:25 - Software Distribution Service 3.0

RP264: 02.1.2012 г. 02:04:19 - Контролна точка на системата

RP265: 03.1.2012 г. 02:32:10 - Контролна точка на системата

RP266: 04.1.2012 г. 03:45:38 - Контролна точка на системата

RP267: 04.1.2012 г. 23:24:33 - Installed MSXML 6.0 Parser

RP268: 04.1.2012 г. 23:25:23 - Инсталиран ABBYY FineReader 11 Corporate Edition.

RP269: 06.1.2012 г. 02:35:45 - Контролна точка на системата

RP270: 07.1.2012 г. 02:40:07 - Контролна точка на системата

.

==== Installed Programs ======================

.

!Quick Screen Capture 2.1

Домашен Кулинар FX

Архиватор WinRAR

µTorrent

Български интерфейс за Nero 7 premium 7.5.9.0

Български интерфейс за WinAmp 5.5

Пакет за езиков интерфейс на Windows

2007 Microsoft Office Suite Service Pack 2 (SP2)

A4 TECH USB PC Camera V

ABBYY FineReader 11 Corporate Edition

Acronis True Image Workstation

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11

AIDA64 Extreme Edition v1.85

AIMP3

Ant Movie Catalog

ArcSoft PhotoImpression

avast! Free Antivirus

AVIConverter 3.0

calibre

Catalog Max 1.62

CCleaner

Chameleon Clock 3.6

CometBird 8.0 (x86 bg)

CoreAAC

CyberLink PowerDVD 11

DAEMON Tools Lite

DesignSpark PCB

DesignSpark PCB Version 3.0

DjVu Solo 3.1

DVDStyler v2.1

EAGLE 5.10.0

eM Client

eMule

EPSON Copy Utility

EPSON Photo Print

EPSON Smart Panel

EPSON TWAIN 5

ExpressPCB

FileZilla Client 3.5.0

FlyDS (remove only)

FormatFactory 2.60

Foxit Reader

Free Download Manager 3.8 BETA 2

FreeCommander 2009.02b

Gigabyte Raid Configurer

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

ICE Book Reader Professional v9.0.6 Russian

iMate

ImgBurn

Java Auto Updater

Java 6 Update 29

K-Lite Mega Codec Pack 7.1.0

Lexmark Software Uninstall

LinuxLive USB Creator

Lizardtech DjVu Control

Malwarebytes Anti-Malware, версия 1.60.0.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (Bulgarian) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Bulgarian) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Bulgarian) 2007

Microsoft Office InfoPath MUI (Bulgarian) 2007

Microsoft Office OneNote MUI (Bulgarian) 2007

Microsoft Office Outlook MUI (Bulgarian) 2007

Microsoft Office PowerPoint MUI (Bulgarian) 2007

Microsoft Office Proof (Bulgarian) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Russian) 2007

Microsoft Office Proofing (Bulgarian) 2007

Microsoft Office Publisher MUI (Bulgarian) 2007

Microsoft Office Shared MUI (Bulgarian) 2007

Microsoft Office Word MUI (Bulgarian) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Bulgarian) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 9.0.1 (x86 bg)

MPEG2 Codec(libmpeg2/mad)

MSVC90_x86

MSXML 6.0 Parser

National Instruments Software

Nero 7 Premium

NI EULA Depot

NI Help Assistant

NI LabVIEW Real-Time FIFO for Runtime

NI LabVIEW Run-Time Engine 8.2.1

NI LabWindows/CVI 8.1 Run-Time Engine

NI License Manager

NI Logos 4.7

NI Math Kernel Libraries

NI MDF Support

NI Multisim Analog Devices Edition 10.0

NI Service Locator

NI TDMS

NI Uninstaller

NI USI 1.4.1

Nokia Connectivity Cable Driver

Nokia PC Suite

Notepad++

NVIDIA Control Panel 280.26

NVIDIA Graphics Driver 280.26

NVIDIA HD Audio Driver 1.2.23.3

NVIDIA Install Application

NVIDIA nView 135.94

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Update 1.4.28

NVIDIA Update Components

Oracle VM VirtualBox 4.1.6

PC Connectivity Solution

Personal Video Database 0.9.9.10

PowerISO

QuickTime

REALTEK GbE & FE Ethernet PCI-E NIC Driver

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Revo Uninstaller 1.92

RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

ScanToWeb

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB941569)

Skype™ 4.2

SMPlayer 0.6.9

SoftMaker Office Professional 2012

SopCast 3.4.7

SpeedFan (remove only)

Spider Player 2.5.3

SRWare Iron 16.0.950.0

Subtitle Workshop 2.51

SUPERAntiSpyware Free Edition

TeamViewer 6

The KMPlayer (remove only)

TVR PLUS

Uninstall BG Phonetic

Unlocker 1.9.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

VDownloader 3.6.943

Video DVD Maker v3.32.0.80

VobSub v2.23 (Remove Only)

VP-EYE

WebFldrs XP

Winamp

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Media Format Runtime

WinPcap 4.1.1

WinPic800

Xilisoft Video Converter Ultimate 6

.

==== Event Viewer Messages From Past Week ========

.

06.1.2012 г. 22:58:38, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D.

06.1.2012 г. 22:58:18, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.

06.1.2012 г. 22:57:58, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.

06.1.2012 г. 22:57:38, error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\D.

06.1.2012 г. 17:23:36, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 000E2E3158C5 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

[B-boy/StyLe/]

Проверете файла c:\windows\system32\smservices.exe на този адрес: VirusTotal и публикувайте линк към резултатите.

Ако вече е анализиран натиснете Re-analyse.

 

 

Следвайте следната инструкция за работа със SystemLook:

Изтеглете SystemLook и запазете програмата на десктопа.

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  
• Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
   
  

  :filefind
  svhost.exe
  :regfind
  svhost
  

  
  

• Кликнете на бутона Look, за да започне сканирането.
  
• Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
  

[dimojekov]

Програмата даде Dont send

[B-boy/StyLe/]

А къде е резултата от VirusTotal ?

 

Проверете файла c:\windows\system32\smservices.exe на този адрес: VirusTotal и публикувайте линк към резултатите.

Ако вече е анализиран натиснете Re-analyse.

[dimojekov]

File name:

smservices.exe

 

Submission date:

2012-01-07 22:50:50 (UTC)

 

Current status:

finished

 

Result:

0 /43 (0.0%)

[B-boy/StyLe/]

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

http://i46.tinypic.com/2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

http://i46.tinypic.com/29eqjuq.jpg

 

 

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

 

 

 

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

 

 

 

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

 

 

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

• 
  *Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.
  

http://i46.tinypic.com/33wr6us.jpg

 

 

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

 

 

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

http://i45.tinypic.com/m9lvnk.jpg

 

 

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

 

 

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

http://i49.tinypic.com/157m978.jpg

 

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

[dimojekov]

Благодаря ви,но реших проблема като просто изтрих smservices.exe под Safe Mode

явно проблема е бил от него

[B-boy/StyLe/]

И аз така се съмнявах и затова исках да го взема за анализ, но както и да е.

 

Отворете notepad и с copy/paste въведете следната информация:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smservices"=-

 

Запазете файла с името fix.reg.

Ще излгежда така - http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Стартирайте файла и изберете YES на диалоговия прозорец.

Приятен ден и безопасно сърфиране !