Mozda zarazen

Mozda zarazen

offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Napisano: 27 Okt 2011 8:46

Pre par dana hteo sam da radim re-install sistema.Razlog:Dugo paljenje,rusenje programa (not responding),usporen rad svih programa,100% cpu usage je cesta pojava.Medjutim imam toliko vaznih podataka a i nemam vremena da se bakcem sa tim pa sa se obratim vama....
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Neo at 8:00:38 on 2011-10-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1024.89 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET licni zaštitni zid *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Invisible Browsing\servers\IBService.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.rs/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\neo\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\PrivacyProvider.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{ED068AE7-3165-4C8F-9E74-603602E789A8} : DhcpNameServer = 89.216.1.40 89.216.1.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 173.212.255.178 embedded.garena.com
Hosts: 173.212.255.178 embedded.garenanow.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - App Deck Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\neo\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\neo\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\neo\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-10-13 21624]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-17 21992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-5-27 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 IBService;IBService;c:\program files\invisible browsing\servers\IBService.exe [2011-9-8 45056]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-4 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-2 22216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-6 230912]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-2-1 20328]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PrivacyProvider;PrivacyProvider;c:\windows\system32\PrivacyProvider.exe [2011-9-8 2740224]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-2 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-2 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2011-10-26 09:27:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bcba24bc-382b-40d0-964d-ed6d2524c1f6}\offreg.dll
2011-10-25 15:37:41 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bcba24bc-382b-40d0-964d-ed6d2524c1f6}\mpengine.dll
2011-10-20 17:32:45 -------- d-----w- c:\users\neo\.system32
2011-10-20 10:32:17 -------- d-----w- c:\program files\DotAlicious Gaming Client
2011-10-13 11:06:01 -------- d-----w- c:\program files\HWiNFO32
2011-10-12 06:13:05 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 06:13:03 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 06:13:02 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 06:11:24 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 06:11:23 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-10 19:09:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
.
==================== Find3M ====================
.
2011-09-22 18:15:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-08 21:48:39 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-09-08 21:48:36 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2011-09-04 10:10:45 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 16:34:21 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 8:01:32.47 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 27 Okt 2011 18:51

Ako neko moze da protumaci ove logove pls Wink

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav.

Cist si Smile

Btw, mozes li mi reci sadrzaj ovog foldera :

Citat:c:\users\neo\.system32

offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Napisano: 27 Okt 2011 19:12

Ne mogu ga pronaci.

Dopuna: 27 Okt 2011 19:15

Umalo zaboravih puno hvala Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ukljuci prikaz skrivenih fajlova u Total Comanderu, ili Windows Exploreru pa onda potrazi. Ako ga nema, nista strasno.

Problem mozes resiti tako sto ces skinuti System Explorer ili Process Explorer i utvrditi koji proces ti "jede" procesor. Ili otvori temu u windows podforumu.

Ko je trenutno na forumu
 

Ukupno su 1388 korisnika na forumu :: 25 registrovanih, 5 sakrivenih i 1358 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aramis s, Areal84, Bane san, bestguarder, cifra, Djokislav, FileFinder, Georgius, indja, jackreacher011011, krkalon, ladro, laki_bb, maCvele, Mi lao shu, Milometer, Oscar2, Parker, SlaKoj, stegonosa, vathra, vlad the impaler, Volkhov-M, W123, zzapNDjuric99