Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
casa verde 2024

Intrerupator cu N - doza doar cu ...

Incalzire casa fara gaz/lemne

Incalzire in pardoseala etapizata
 Suprataxa card energie?!

Cum era nivelul de trai cam din a...

probleme cu ochelarii

Impozite pe proprietati de anul v...
 teava rezistenta panou apa calda

Acces in Curte din Drum National

Sub mobila de bucatarie si sub fr...

Rezultat RMN
 Numar circuite IPAT si prindere t...

Pareri brgimportchina.ro - teapa ...

Lucruri inaintea vremurilor lor

Discuții despre TVR Sport HD.
 

svchost.exe mananca CPU 100%. virus?

- - - - -
  • Please log in to reply
44 replies to this topic

#1
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006
Din cate am mai inteles, poate fi virus, dar nu sigur. Asa ca va atasez un log HiJackThis poate ma ajutati.

Mersi

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:59, on 10.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\imapi.exe
D:\oracle\app\product\11.2.0\dbhome_1\bin\nmesrvc.exe
C:\Program Files\SpeedFan\speedfan.exe
c:\oracle\middle~1\oracle~2\ccr\bin\nmz.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\app\product\11.2.0\dbhome_1\perl\bin\perl.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Sorin\Local Settings\Application Data\Yahoo\Widget Engine\Unzipped\SimpleMonitor.widget\SimpleMonitor-1.0.5.widget\Contents\resources\exe\SimpleMonitor.exe
C:\Program Files\PLSQL Developer\plsqldev.exe
D:\oracle\app\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
D:\oracle\app\product\11.2.0\dbhome_1\bin\emagent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\app\product\11.2.0\dbhome_1\jdk\bin\java.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.159.1713.0.exe
C:\WINDOWS\system32\MpSigStub.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-861567501-790525478-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1340458597843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://roger:8889/fo...iator/jinit.exe
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) - http://javadl-esd.su...indows-i586.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleJobSchedulerORCL - Unknown owner - d:\oracle\app\product\11.2.0\dbhome_1\Bin\extjob.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOH1036244575c_oracle_middleware_asinst_1ConfigurationManager - Unknown owner - c:\oracle\middle~1\oracle~2\ccr\bin\nmz.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: Oracle Process Manager (asinst_1) (OracleProcessManager_asinst_1) - Unknown owner - C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - d:\oracle\app\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10737 bytes

#2
dorurad

dorurad

    Motanel foarte pufos

  • Grup: Senior Members
  • Posts: 5,791
  • Înscris: 31.10.2010
Ai dezactivat auto update-urile windows-ului? :D

#3
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006
Nu Posted Image E cu verde acolo la Automatic Updates

Edited by Talkabout, 10 October 2013 - 18:17.


#4
Bursul

Bursul

    alias Petrov, zilier in DE

  • Grup: Senior Members
  • Posts: 51,279
  • Înscris: 30.10.2003
svchost inseamna multe. Da jos process explorer si vedem mai exact cine ce face. http://technet.micro...s/bb896653.aspx

#5
Macinca

Macinca

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 29.10.2010
stiam ca svchost e unul din serviciile de rulare a netului..insa  de foarte multe ori acesta e virus iar daca inchidem serviciul din task manager se restarteza si pc-ul , fa o scanare pentru siguranta ta

#6
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006
cu mallware bytes am sa scanez, full. e ok?

#7
Macinca

Macinca

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 29.10.2010

View PostTalkabout, on 10 octombrie 2013 - 19:05, said:

cu mallware bytes am sa scanez, full. e ok?
as spune  ca e una dintre variantele "usoare"..totusi iti recomand ceva mai complex .. un bitdefender? sau kaspersky chiar eset?..... ramane la latitudinea ta alegerea :)

#8
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009
Ruleaza din nou HiJackThis.
Bifeaza si da fix la:

Quote

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

Da un scan cu SUPERAntiSpyware, sau Malwarebytes AntiMalware si posteaza logul aici.

#9
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006
am scanat cu SUPERAntiSpyware si mallwarebytes, am dat inlaturare/curatare la tot ce a gasit. noul log:

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 10:19:37, on 12.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\System32\svchost.exe
D:\oracle\app\product\11.2.0\dbhome_1\bin\nmesrvc.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
c:\oracle\middle~1\oracle~2\ccr\bin\nmz.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Sorin\Local Settings\Application Data\Yahoo\Widget Engine\Unzipped\SimpleMonitor.widget\SimpleMonitor-1.0.5.widget\Contents\resources\exe\SimpleMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\app\product\11.2.0\dbhome_1\perl\bin\perl.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\app\product\11.2.0\dbhome_1\jdk\bin\java.exe
D:\oracle\app\product\11.2.0\dbhome_1\bin\emagent.exe
d:\oracle\app\product\11.2.0\dbhome_1\bin\ORACLE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1340458597843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://roger:8889/fo...iator/jinit.exe
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) - http://javadl-esd.su...indows-i586.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleJobSchedulerORCL - Unknown owner - d:\oracle\app\product\11.2.0\dbhome_1\Bin\extjob.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOH1036244575c_oracle_middleware_asinst_1ConfigurationManager - Unknown owner - c:\oracle\middle~1\oracle~2\ccr\bin\nmz.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - D:\oracle\app\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: Oracle Process Manager (asinst_1) (OracleProcessManager_asinst_1) - Unknown owner - C:\Oracle\Middleware\Oracle_FRHome1\opmn\bin\opmn.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - d:\oracle\app\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 9231 bytes

#10
kodiak

kodiak

    Senior Member

  • Grup: Validating
  • Posts: 6,307
  • Înscris: 15.01.2007
Opreste serviciul DNS si pune-l pe off, sa nu-ti porneasca o data cu windows-ul !

#11
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009

View PostTalkabout, on 12 octombrie 2013 - 09:21, said:

am scanat cu SUPERAntiSpyware si mallwarebytes, am dat inlaturare/curatare la tot ce a gasit.

Posteaza cele doua loguri, te rog.

#12
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006

View Postkodiak, on 12 octombrie 2013 - 13:37, said:

Opreste serviciul DNS si pune-l pe off, sa nu-ti porneasca o data cu windows-ul !

Ce-i ala, si cum fac asta?

#13
cioclopica

cioclopica

    Senior Member

  • Grup: Senior Members
  • Posts: 2,441
  • Înscris: 07.05.2006
http://www.technibbl...pu-memory-leak/

#14
kodiak

kodiak

    Senior Member

  • Grup: Validating
  • Posts: 6,307
  • Înscris: 15.01.2007
Ai aici un mic tutorial ! Se si vede in una din  poze serviciul DNS client !
Pui serviciul ala pe disabled!
http://www.jasonn.co...s_on_windows_xp

Edited by kodiak, 12 October 2013 - 19:41.


#15
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006

View PostMhG_40, on 12 octombrie 2013 - 13:46, said:


Posteaza cele doua loguri, te rog.

Mallwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Versiunea bazei de date: v2013.10.12.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sorin :: ROGER [administrator]
12.10.2013 19:46:56
mbam-log-2013-10-12 (19-46-56).txt
Modul de scanare: Scanare completa (C:\|D:\|)
Optiuni de scanare activate: Memorie | Pornire | Registru | Sistemul fisierelor | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Optiuni de scanare dezactivate: P2P
Obiecte scanate: 1015279
Timp trecut: 20 ore, 47 minute,
Procese din Memorie detectate: 0
(Nu au fost detectate obiecte malicioase)
Module de Memorie detectate: 0
(Nu au fost detectate obiecte malicioase)
Chei de Registru detectate: 0
(Nu au fost detectate obiecte malicioase)
Valori de Registru detectate: 0
(Nu au fost detectate obiecte malicioase)
Date din Registru detectate: 0
(Nu au fost detectate obiecte malicioase)
Foldere detectate: 0
(Nu au fost detectate obiecte malicioase)
Fisiere detectate: 0
(Nu au fost detectate obiecte malicioase)
(sfarsit)

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/15/2013 at 08:29 AM
Application Version : 5.6.1040
Core Rules Database Version : 10828
Trace Rules Database Version: 8640
Scan type    : Complete Scan
Total Scan Time : 07:59:59
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned   : 722
Memory threats detected   : 0
Registry items scanned    : 38554
Registry threats detected : 0
File items scanned     : 323759
File threats detected : 15
Adware.Tracking Cookie
C:\Documents and Settings\Sorin\Cookies\I4U1A65A.txt [ /ad.yieldmanager.com ]
static.mediafax.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PU7C2YW ]
static1.mediadirect.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PU7C2YW ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.mediafax.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.mediafax.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.mediafax.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
www.mediafax.ro [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\SORIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZZQXXM0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\SORIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

View Postkodiak, on 12 octombrie 2013 - 19:38, said:

Ai aici un mic tutorial ! Se si vede in una din  poze serviciul DNS client !
Pui serviciul ala pe disabled!
http://www.jasonn.co...s_on_windows_xp

Am reusit, mersi!

#16
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006
Deci sunt ok logurile? ce-s chestiile alea ce mi le-a gasit superantispyware?

#17
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009

View PostTalkabout, on 16 octombrie 2013 - 20:07, said:

Deci sunt ok logurile? ce-s chestiile alea ce mi le-a gasit superantispyware?

https://ro.wikipedia.org/wiki/Cookie

#18
Talkabout

Talkabout

    Senior Member

  • Grup: Senior Members
  • Posts: 5,668
  • Înscris: 20.09.2006

View PostMhG_40, on 16 octombrie 2013 - 20:34, said:


Stiu ce-i ala cookie, dar de ce le gaseste SUPERAntiSpyware ca adware tracking cookie? doar sunt.. cookie-uri! cam oricine cred ca are cookie-uri :)

Anunturi

Second Opinion Second Opinion

Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale.

Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate