svchost.exe mi zauzima 90% CPU-a

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam ovo što ste mi rekli ali mi se javi prozorčić u kome piše:
Were you trying to run CFScript?
The name,CFScript appears to be incorrectly spelt.
I postoji samo opcija OK,ja sam klikno OK i izbacilo me je iz procesa skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kaže da nisi dobro upisao ime file-a.

Probaj opet. Naziv mora biti CFScript (tj. ako su ti prikazane ekstenzije file-ova; CFScript.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo ga uspjeo sam:

mycity.rs/must-login.png


ComboFix 09-12-25.02 - Dijuf 26.12.2009 0:57.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1014.548 [GMT 1:00]
Running from: c:\documents and settings\Dijuf\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dijuf\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\Dijuf\Application Data\fvgqad.dat"
"c:\documents and settings\NetworkService\Application Data\fvgqad.dat"
"c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Downloaded Installations
c:\documents and settings\All Users\Application Data\Downloaded Installations\{3F291A42-80DE-46A2-BFF0-59BCA90E423C}\2057.MST
c:\documents and settings\All Users\Application Data\Downloaded Installations\{3F291A42-80DE-46A2-BFF0-59BCA90E423C}\NokiaPCSuite.msi
c:\documents and settings\Dijuf\Application Data\fvgqad.dat
c:\documents and settings\NetworkService\Application Data\fvgqad.dat
c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-24 23:08 . 2009-12-24 23:08 -------- d--h--w- c:\windows\PIF
2009-12-15 17:01 . 2009-12-16 20:58 -------- d-----w- c:\program files\trend micro
2009-12-12 21:46 . 2009-12-12 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Magix
2009-12-12 21:46 . 2009-12-12 21:46 -------- d-----w- c:\documents and settings\Dijuf\Application Data\MAGIX
2009-12-12 21:46 . 2009-12-12 21:46 -------- d-----w- c:\documents and settings\Dijuf\Local Settings\Application Data\Xara
2009-12-12 21:46 . 2009-12-12 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Xara
2009-12-10 21:42 . 2009-12-10 21:42 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll
2009-12-10 20:51 . 2009-12-10 20:51 -------- d-----w- c:\documents and settings\Dijuf\Application Data\Uniblue
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\documents and settings\Dijuf\Application Data\facemoods.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 23:51 . 2009-10-19 12:26 -------- d-----w- c:\documents and settings\Dijuf\Application Data\Skype
2009-12-25 22:38 . 2009-10-19 12:30 -------- d-----w- c:\documents and settings\Dijuf\Application Data\skypePM
2009-12-23 23:30 . 2008-09-02 22:08 -------- d-----w- c:\program files\File Seeker
2009-12-16 18:31 . 2008-09-02 18:06 104456 ----a-w- c:\documents and settings\Dijuf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 00:52 . 2009-02-15 11:46 -------- d-----w- c:\documents and settings\Dijuf\Application Data\uTorrent
2009-12-10 22:03 . 2009-12-10 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-10 21:42 . 2009-12-10 21:42 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5A6FB34A0F5DAAA4FB1456990536CE44.dll
2009-11-29 23:07 . 2009-10-10 16:15 -------- d-----w- c:\program files\Google
2009-11-05 16:35 . 2009-11-05 16:32 -------- d-----w- c:\program files\PowerFolder.com
2009-10-19 12:30 . 2009-10-19 12:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-10 16:17 . 2008-09-02 21:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-10 16:17 . 2008-09-02 21:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-10 198160]

c:\documents and settings\Dijuf\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [24.8.2008 3:32 308248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 16:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [23.2.2005 16:56 53248]
S1 vdi3mtk2;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vdi3mtk2.sys --> c:\windows\system32\Drivers\vdi3mtk2.sys [?]
S2 gupdate1ca50b44f5471b0;Google Update Service (gupdate1ca50b44f5471b0);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2009 13:04 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [9.9.2008 20:24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [9.9.2008 20:24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [9.9.2008 20:24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [9.9.2008 20:24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [9.9.2008 20:24 83344]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [13.1.2009 2:00 451456]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 10:31 98328]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2008 22:41 682232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.Facemoods.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2215829&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.Facemoods.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2215829&q=
FF - component: c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\extensions\{0c391282-d066-45ec-92ab-a28c6d5bb611}\components\FFExternalAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-26 01:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1767777339-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-12-26 01:02:49
ComboFix-quarantined-files.txt 2009-12-26 00:02
ComboFix2.txt 2009-12-25 22:40

Pre-Run: 32,427,917,312 bytes free
Post-Run: 32,365,694,976 bytes free

- - End Of File - - 0B72956D9F29B77282EC53FAEC3852C6

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nađi sledeći file:

C:\qoobox\quarantine\c\documents and settings\All Users\Application Data\Downloaded Installations\{3F291A42-80DE-46A2-BFF0-59BCA90E423C}\NokiaPCSuite.msi

Koja je veličina file-a (desni klik na njega, Properties)?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Veličina je 28,9MB

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


DeQuarantine::
C:\Qoobox\Quarantine\C\documents and settings\All Users\Application Data\Downloaded Installations
Quit::



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo bi sada trebalo biti čisto.

Postoji li neki konkretan problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada koliko vidim fino radi,svchost.exe mi ne zauzima CPU-a.Jedino još da vas pitam kako da aktivirima automatski da mi se updejtuje antiviru ESET NOD32 je u pitanju?
Hvala prijatelju na pomoći.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Citat:kako da aktivirima automatski da mi se updejtuje antiviru ESET NOD32

Možeš li da odradiš "ručni" update? Ako da, onda otvori temu u forumu Antivirus programi i pitaj kako da podesiš NOD da radi auto update (ja ne koristim taj program i ne znam odgovor).

Ako update uopšte ne radi, onda je problem verovatno u nepostojanju ispravne licence (vidim da koristiš neki fix za te potrebe - zato pretpostavljam da je to u pitanju).
U tom slučaju, jedino što ja mogu da ti kažem je da kupiš licencu ili da instaliraš neki besplatan AV (neka od popularnih besplatnih rešenja su avast!, Avira, AVG, ...).