Vesti

Igrice     ||     Vesti dana na Facebook-u
Trenutni indeks Trenutni indeks Tech deo Opsti deo Vojni deo
Igrice i igre  
Najjeftiniji 042 Internet u Srbiji
Linkujte MyCity sa vašeg sajta/bloga
Digitalni fotoaparati
Mikrotik, Wavearena, Kingnet, SparkLAN, Planet - Exeshop.rs - Wifi Antene, Routerboard, Kamere, Ruteri, Konektori, UTP i LMR Kablovi, Powerline, POE, Napajanja
  
Oglašavajte se na MyCity-ju - pametno i ciljano
 

svchost problem - cpu 100%

  
Indeks -> MyCity forum -> Ambulanta -> svchost problem - cpu 100%
Napisano na dan: 10.1.2010, pogledaj vesti za 10. Jan 2010.
Poslao: 10 Jan 2010 22:40
Talični Tom
Super građanin
 
Pridružio: 08 Mar 2005
Poruke: 1097
Gde živiš: Niš

Blog: Prikazati ime prestupnika

[Povratak na vrh]


Predpostavljam da ste već upoznati koji su već problemi sa ovim procesom. S obzirom da mi treba što pre rešenje problema, neću moći u ovom trenutku da postujem izveštaje Gmer-a i DDS-a, nego tek u toku noći odnosno jutra. BTW, DDS program u opšte ne mogu da pokrenem jer prijavljuje neku grešku. Gmer u najveće radi i u toku tog skeniranja, Kaspersky je našao još 3 trojanca. Da li je u pitanju gomila virusa koji se rešavaju jedino formatiranjem? Dole sam opisao problem:

- U pitanju je Winxp SP3. Opterećenje u 100% nastaje po povezivanju na internet. Kompjuter je povezan na kablovski internet preko mrežne kartice. Problem je počeo da se ispoljava pre 2 nedelje. Imam instaliran Kaspersky IS koji je, iz Safe moda, obrisao 20-ak trojanaca, ali se problem i dalje javlja.
ProcessExplorer-om sam pokušao da utvrdim koje servise pokreće i isključivao sam ih, ali ni to nije rešilo problem jer se svaki sledeći put veže za neki drugi servis.
Svchost.exe proces kada pokušam da ugasim iz Task Manager-a, pojavi se prozor System Shutdown sa odbrojavanjem unazad od 1 min. Kada taj System Shutdown ugasim iz Command Prompt-a komandom "shutdown /a", svchost više ne opterećuje procesor do narednog restartovanja kompjutera i konektovanja na internet.

Ako imate neku ideju, slobodno napišite da bih to primenio, jer kao što sam rekao prilično mi je hitno.
Blog
Poslao: 10 Jan 2010 23:28
diarno
Anti Malware Fighter
Rank 1
 
Pridružio: 15 Jun 2007
Poruke: 3754
Gde živiš: Kragujevac

Blog: Noah Kalina

[Povratak na vrh]


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
Blog
Poslao: 10 Jan 2010 23:47
Talični Tom
Super građanin
 
Pridružio: 08 Mar 2005
Poruke: 1097
Gde živiš: Niš

Blog: Prikazati ime prestupnika

[Povratak na vrh]


Evo i izveštaja iz DDS-a i Gmer-a.

http://www.mycity.rs/Uploads/2942_101265733_DDS.txt

http://www.mycity.rs/Uploads/2942_568471767_Attach.txt



http://www.mycity.rs/Uploads/2942_1776481548_Gmer1.log

http://www.mycity.rs/Uploads/2942_1922371424_Gmer2.log

http://www.mycity.rs/Uploads/2942_1536478610_Gmer3.txt

@ diarno

LOL
Blog
Poslao: 11 Jan 2010 00:00
diarno
Anti Malware Fighter
Rank 1
 
Pridružio: 15 Jun 2007
Poruke: 3754
Gde živiš: Kragujevac

Blog: Noah Kalina

[Povratak na vrh]


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer




Kada preuzimanje programa bude završeno:
  1. deaktiviraj zaštitni softver (uputstvo);
  2. zatvori pokrenute programe;
  3. dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:
  • proveriti postoji li novija verzija programa:
    • klikni Yes ako bude ponuđeno preuzimanje iste.
  • prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
    • klikni Yes kako bi proces bio nastavljen.
  • ako Recovery Console nije instalirana, ponuditi instalaciju:
    • obavezno prihvati klikom na Yes i isprati postupak.
  • postaviti/dati određeni broj upita/obaveštenja:
    • prihvati klikom na Yes ili OK.
  • po potrebi, restartovati Windows (više puta);
  • na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
  1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
  2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
  3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:
  • Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
  • Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
Blog
Poslao: 11 Jan 2010 00:59
Talični Tom
Super građanin
 
Pridružio: 08 Mar 2005
Poruke: 1097
Gde živiš: Niš

Blog: Prikazati ime prestupnika

[Povratak na vrh]


ComboFix 10-01-04.01 - EI SM 11.01.2010 0:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.98 [GMT 1:00]
Running from: c:\documents and settings\EI SM\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\EI SM\Application Data\avdrn.dat
c:\documents and settings\EI SM\Application Data\Desktopicon
c:\documents and settings\EI SM\Application Data\Desktopicon\config.ini
c:\documents and settings\EI SM\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\EI SM\My Documents\My Documents.url
c:\documents and settings\EI SM\RavMonLog
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\msa.exe
c:\windows\system32\driVERs\tpbrvar.sys
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_tpbrvar
-------\Service_tpbrvar


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 12:21 . 2001-08-23 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-01-10 12:20 . 2004-08-03 21:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2010-01-10 12:19 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-01-10 12:18 . 2004-08-03 20:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-01-10 12:17 . 2004-08-03 22:56 29696 -c--a-w- c:\windows\system32\dllcache\admexs.dll
2010-01-10 12:14 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-10 12:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-01-10 12:02 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-06 10:32 . 2010-01-06 10:32 -------- d-----w- c:\windows\system32\Mira6
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\program files\ScanDrv6
2009-12-29 13:30 . 2009-12-29 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-29 13:29 . 2010-01-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-29 08:57 . 2010-01-05 12:30 134 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-24 08:33 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-23 08:47 . 2009-12-23 09:12 -------- d-----w- c:\program files\Opera 10 Beta

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:43 . 2010-01-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-10 19:17 . 2008-08-22 11:27 -------- d-----r- c:\program files\mail
2010-01-10 18:33 . 2010-01-10 18:33 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-10 18:33 . 2010-01-10 18:33 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-10 18:33 . 2010-01-10 18:33 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-10 18:31 . 2010-01-10 18:31 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-10 12:45 . 2010-01-10 12:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-10 12:45 . 2010-01-10 12:45 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-10 12:43 . 2010-01-10 12:43 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-10 12:38 . 2008-11-24 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 12:12 . 2004-01-03 12:09 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-08 17:08 . 2008-07-03 15:41 -------- d-----w- c:\program files\Yahoo!
2010-01-08 13:45 . 2009-12-01 13:46 -------- d-----w- c:\documents and settings\EI SM\Application Data\MahJong Suite
2010-01-08 12:02 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\EI SM\Application Data\SolSuite
2010-01-06 15:07 . 2009-02-25 14:41 -------- d-----w- c:\documents and settings\EI SM\Application Data\BitTorrent
2010-01-06 13:14 . 2008-07-02 08:16 -------- d-----r- c:\program files\stevan
2010-01-06 10:25 . 2004-01-05 01:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:30 . 2010-01-05 12:30 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2010-01-05 10:44 . 2009-10-01 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-12-29 13:34 . 2008-12-03 08:30 -------- d-----w- c:\documents and settings\EI SM\Application Data\Simply Super Software
2009-12-29 13:33 . 2008-10-29 14:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 09:33 . 2004-01-05 01:09 -------- d-----w- c:\program files\Eset
2009-12-29 08:56 . 2009-12-29 08:56 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-24 10:20 . 2009-10-07 05:58 -------- d-----w- c:\program files\Unlocker
2009-12-22 11:45 . 2009-12-22 11:45 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:14 . 2009-03-19 09:06 -------- d-----w- c:\program files\Common Files\Real
2009-12-08 14:43 . 2008-02-29 07:42 72584 ----a-w- c:\documents and settings\EI SM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 13:49 . 2009-12-01 13:45 -------- d-----w- c:\program files\MahJong Suite
2009-12-01 13:46 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2009-12-01 12:00 . 2009-12-01 12:00 24575 ----a-w- c:\windows\system32\Mpwinapppiobas69.dat
2009-10-20 19:34 . 2009-10-20 19:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-14 20:18 . 2009-10-14 20:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-03-13 09:24 . 2009-03-13 09:23 9914224 ----a-w- c:\program files\winamp5551_full_emusic-7plus_en-us.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-07 10:18 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Keyboard Driver\StartAutorun.exe" [2007-03-06 212992]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe
backup=c:\windows\pss\siszyd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13833:TCP"= 13833:TCP:NortonAV
"15736:TCP"= 15736:TCP:NortonAV

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard Driver\KMWDSrv.exe [5.4.2007 9:29 208896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.9.2008 10:57 717296]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{B0365857-F491-44B3-B308-29148F05E447}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D13DDA9E-007A-4F07-909F-B5774E2B7A10} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Explorer_Run-smile - c:\program files\Applications\wcs.exe
MSConfigStartUp-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-GroupManager - c:\program files\Windows Vista Sidebar for XP with Proper Installation\groupmanager.exe
MSConfigStartUp-LREC75DND7 - c:\docume~1\EISM~1\LOCALS~1\Temp\c.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
MSConfigStartUp-sysgif32 - c:\windows\TEMP\~TME.tmp
MSConfigStartUp-TE_RegProtect - c:\program files\Anti Trojan Elite\TERegPct.exe
MSConfigStartUp-VResLab - c:\program files\VResLab\VResLab.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1214440339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:76,28,f9,56,78,79,f4,f2,76,fd,3a,99,66,7e,16,23,55,59,17,c9,9f,
b9,d7,fd,f4,2a,c6,93,72,67,ee,88,ec,20,09,6b,81,01,9d,b4,3d,d3,8b,f1,d6,7f,\
"rkeysecu"=hex:6d,a2,e8,9c,5e,2e,67,ed,3d,52,f2,a8,3b,11,cc,10
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Keyboard Driver\KMConfig.exe
c:\program files\Keyboard Driver\KMProcess.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-11 00:53:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 23:53

Pre-Run: 27.052.118.016 bytes free
Post-Run: 28.747.067.392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 96989FF5FB771B3F2A9A781ECEBE94BD
Blog
Poslao: 11 Jan 2010 18:40
diarno
Anti Malware Fighter
Rank 1
 
Pridružio: 15 Jun 2007
Poruke: 3754
Gde živiš: Kragujevac

Blog: Noah Kalina

[Povratak na vrh]


Otvoriti Notepad i iskopirati sledeci tekst:

Kod:
File::
c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\pss\siszyd32.exeStartup
c:\windows\system32\fjhdyfhsn.bat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13833:TCP"=-
"15736:TCP"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Blog


 Napiši novu temu  Odgovori na poruku Strana 1 od 1  

(Registrovanim korisnicima se NE prikazuju reklame)


Srodne teme:
Forum Tema Datum
Windows svchost.exe NETWORK SERVICES CPU 100% [reseno] 01 Nov 2009 17:02
Windows Problem sa USB-ovima - CPU Usage 100% 13 Okt 2007 10:07
Ambulanta svchost.exe uzima 50% CPU-a. 21 Dec 2009 11:11
Arhiva Ambulante CPU Usage 100% 08 Okt 2009 13:21
Ambulanta CPU 100% 29 Dec 2009 20:37
Arhiva Ambulante IE -> CPU 100% 25 Dec 2007 08:48
Windows firefox cpu 100% 15 Mar 2009 23:27
Aplikacije Nero i 100% CPU Usage [reseno] 22 Okt 2007 19:35
Zaštita od virusa kerio fw 100% cpu.. 24 Mar 2005 17:57
Windows CPU 100% 14 Avg 2009 23:18


Vesti Nis music


 Ko je trenutno na forumu 
Ukupno su 82 korisnika na forumu :: 2 Registrovanih, 0 Sakrivenih i 80 Gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., Žan Klod vam dam
Najjeftiniji 042 Internet u Srbiji



Based on phpBB
 Creative Commons License eXTReMe Tracker
This work is licensed under a Creative Commons License.
Stranica generisana za 0.076 sec
[0.064004 sec (user time) + 0.004 sec (system time)]
Skripta zauzela u memoriji: 1.952.800 bajta
Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Najnovije poruke - Sitemap - Vojska - DIS - Igrice