MyCity » Ambulanta -> Arhiva Ambulante » svchost.exe uzima 50% CPU-a.

svchost.exe uzima 50% CPU-a.

Napisano na dan: 21.12.2009

Strana:
1
2

svchost.exe uzima 50% CPU-a.

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Hosenfefer Poslao: 21 Dec 2009 11:11 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav svima. Nov sam na forumu, ali vas pratim odavno. #1 Posedujem racunar, intel pentium 4, 1gb ram, 160gb hdd, instaliran windows XP (32bitni naravno) sa service pack 2. Od zastite koristim avast 4.8 home edition (apdejtuje se 2 puta dnevno), zone alarm firewall i spybot teatimer. Ne posecujem xxx ili (zabranjeno) sajtove, davno nisam koristio torrent ili limewire i stvarno ne znam gde sam ovo cudo mogao da zapatim. Juce prepodne sam noramalno krstario netom: forumi, erepublik i facebook. Racunar sam iskljucio oko 16h. Upalio sam ga ponovo oko 22h, kada sam primetio da radi sporo, kao i internet. Onda sam video u taskmanageru da mi svchost.exe uzima 50 CPUa. Kada sam isao na end process, restartovao mi je racunar (posle odrojavanja od 60 sek). Skenirao sam ga i avastom i spybotom, ali ne prijavljuju nista. Onda sam startovao spybot i u sistem startup sam video ovo: unchekirao sam ga, da se vise ne dize sa sistemom i obrisao doticni .tmp fajl. Jutros sam upalio racunar i jos uvek mi jede 50% procesora. Inace, raspolazem telekomovim ADSLom rzine 1 mb, mada mi je sada internet usporen. HELP PLEASE!!! #2 DDS (Ver_09-12-01.01) - NTFSx86 Run by vlada at 9:45:54,75 on pon 21.12.2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.392 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 091220-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\vlada\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup StartupFolder: c:\documents and settings\vlada\start menu\programs\startup\siszyd32.exe StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Synchronizer.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\InterVideo WinCinema Manager.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VPN Client.lnk.disabled IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-e511cb286f66093c.spaces.live.com/PhotoUpload/MsnPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\vlada\applic~1\mozilla\firefox\profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\application data\mozilla\firefox\profiles\g5n7nz7b.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\application data\mozilla\firefox\profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2007-8-24 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2007-8-24 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-8-2 127768] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-2 395080] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-9-1 138680] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-9-1 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-9-1 352920] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\drivers\dig_ts.sys --> c:\windows\system32\drivers\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2007-2-3 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064] =============== Created Last 30 ================ 2009-12-20 10:36:14 4 ----a-w- c:\docume~1\vlada\applic~1\avdrn.dat 2009-12-17 10:52:32 54156 ---ha-w- c:\windows\QTFont.qfn 2009-12-17 10:52:32 1409 ----a-w- c:\windows\QTFont.for 2009-12-15 14:22:29 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare 2009-12-15 12:01:18 0 d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01:01 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-15 11:40:57 0 d-----w- c:\program files\common files\BioWare 2009-12-10 15:03:04 0 d-----w- c:\program files\Steinberg 2009-12-10 15:03:03 0 d-----w- c:\program files\FruityLoops 3.56 2009-12-06 10:24:26 60 ---h--w- c:\windows\popcreg.dat 2009-12-05 11:56:04 22 ----a-w- c:\windows\popcinfot.dat 2009-12-05 11:55:24 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games 2009-12-05 11:54:42 0 d-----w- c:\program files\PopCap Games ==================== Find3M ==================== 2009-12-21 08:45:01 59789344 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-21 00:19:55 704528 --sha-w- c:\windows\system32\drivers\fidbox.idx 2001-11-23 04:08:20 712704 ----a-w- c:\windows\inf\other\AUDIO3D.DLL ============= FINISH: 9:47:39,59 =============== mycity.rs/must-login.png #3 GMER mi puca 10 sekundi nakon startovanja, pa sam skinuo ROOTREPEAL mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 21 Dec 2009 18:45 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Hosenfefer Poslao: 21 Dec 2009 19:29 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 21 Dec 2009 19:23 ComboFix 09-12-20.08 - vlada 21.12.2009 19:01:04.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.511 [GMT 1:00] Running from: c:\documents and settings\vlada\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 091221-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\vlada\Application Data\avdrn.dat c:\documents and settings\vlada\Start Menu\Programs\Startup\siszyd32.exe C:\LOG.TXT C:\VDM19.tmp . ((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))))) . 2009-12-15 14:22 . 2009-12-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-15 11:40 . 2009-12-15 11:59 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-10 15:03 . 2009-12-10 15:03 -------- d-----w- c:\program files\Steinberg 2009-12-10 15:03 . 2009-12-10 15:06 -------- d-----w- c:\program files\FruityLoops 3.56 2009-12-06 10:24 . 2009-12-18 19:01 60 ---h--w- c:\windows\popcreg.dat 2009-12-05 11:56 . 2009-12-18 19:01 22 ----a-w- c:\windows\popcinfot.dat 2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-12-05 11:54 . 2009-12-05 11:55 -------- d-----w- c:\program files\PopCap Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-21 18:12 . 2009-08-02 08:23 59938848 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-21 18:08 . 2009-08-02 08:23 706496 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-12-21 17:40 . 2007-02-04 00:49 10 ----a-w- c:\windows\popcinfo.dat 2009-12-20 10:36 . 2009-12-20 10:36 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat 2009-12-15 22:55 . 2007-02-05 21:14 -------- d-----w- c:\documents and settings\vlada\Application Data\Skype 2009-12-15 14:02 . 2007-02-19 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-12 20:28 . 2008-11-19 18:01 -------- d-----w- c:\documents and settings\vlada\Application Data\Winamp 2009-12-12 20:20 . 2008-11-19 18:01 -------- d-----w- c:\program files\Winamp 2009-12-12 18:13 . 2008-01-09 22:12 -------- d-----w- c:\documents and settings\vlada\Application Data\uTorrent 2009-12-11 10:15 . 2007-02-03 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-24 23:54 . 2007-09-01 19:08 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-01 19:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-01 19:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-01 11:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-01 11:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-01 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-01 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-01 19:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-01 19:08 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-24 13:43 . 2007-02-04 15:35 -------- d-----w- c:\program files\Planplus 2009-11-21 22:23 . 2008-07-31 18:44 -------- d-----w- c:\documents and settings\vlada\Application Data\LimeWire 2009-11-21 10:30 . 2009-11-21 10:31 48640 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-11-21 10:28 . 2009-11-21 10:29 1364992 ----a-w- c:\windows\Internet Logs\xDB11.tmp 2009-11-21 10:28 . 2009-11-21 10:29 781312 ----a-w- c:\windows\Internet Logs\xDB10.tmp 2009-11-19 15:41 . 2007-11-19 11:46 177024 ----a-w- c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\FlashGot.exe 2009-11-16 13:06 . 2009-11-16 13:07 1358336 ----a-w- c:\windows\Internet Logs\xDBF.tmp 2009-11-14 19:12 . 2009-11-14 19:12 2314335 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-14 19:08 . 2009-10-10 18:10 -------- d-----w- c:\program files\Microsoft 2009-11-09 21:02 . 2009-11-09 21:03 51200 ----a-w- c:\windows\Internet Logs\xDBE.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1349632 ----a-w- c:\windows\Internet Logs\xDBD.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1688576 ----a-w- c:\windows\Internet Logs\xDBC.tmp 2009-11-08 18:06 . 2009-11-08 18:06 -------- d-----w- c:\program files\Sega 2009-10-25 22:10 . 2007-02-04 15:05 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-09 10:14 . 2009-10-09 10:15 150016 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2009-10-09 10:14 . 2009-10-09 10:15 1425408 ----a-w- c:\windows\Internet Logs\xDBA.tmp 2009-10-09 10:13 . 2009-10-09 10:15 1424896 ----a-w- c:\windows\Internet Logs\xDBB.tmp 2009-10-02 10:49 . 2009-10-02 10:50 758784 ----a-w- c:\windows\Internet Logs\xDB8.tmp . ------- Sigcheck ------- [-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2007-8-31 1746] Adobe Reader Synchronizer.lnk.disabled [2007-2-18 1788] InterVideo WinCinema Manager.lnk.disabled [2007-2-3 1781] Logitech Desktop Messenger.lnk.disabled [2007-2-3 1885] VPN Client.lnk.disabled [2007-8-10 2447] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE "PCTVOICE"=pctspk.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" "PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "sysgif32"=c:\windows\TEMP\~TM43.tmp [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Games\\KKND Krossfire\\Kknd2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.8.2007 11:07 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.8.2007 11:07 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 12:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 12:03 20560] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys --> c:\windows\system32\DRIVERS\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 12:53 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [3.2.2007 17:53 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 12:19 23064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab FF - ProfilePath - c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{2D7E38A6-A604-45AE-9A87-4F5F25760650} - (no file) Notify-AtiExtEvent - (no file) AddRemove-Seven Kingdoms AA Patch - c:\program files\7kingdoms\Uninst.isu AddRemove-Seven Kingdoms AA Update - c:\program files\7kingdoms\Uninst.isu ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-21 19:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x871A4690]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7552fc3 \Driver\ACPI -> ACPI.sys @ 0xf747dcb8 \Driver\atapi -> 0x871a4690 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9 ParseProcedure -> ntoskrnl.exe @ 0x8057e98a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9 ParseProcedure -> ntoskrnl.exe @ 0x8057e98a Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3344) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\windows\system32\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\TGTSoft\StyleXP\StyleXPService.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\PnkBstrA.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************ . Completion time: 2009-12-21 19:18:47 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-21 18:18 Pre-Run: 15.792.218.112 bytes free Post-Run: 15.873.949.696 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5 - - End Of File - - C71335D0E07898962F7E9EAB6A4ABE7A Dopuna: 21 Dec 2009 19:29 Vidim da je u pitanju siszyd32.exe , koga je Combofix uspesno obrisao, ljubi ga batica. svchost.exe vise ne uzima 50% CPU-a, racunar radi normalno, kao i internet. 1)Da li treba jos nesto da odradim? 2)Posto vidim da je ovaj worm napravio pravu pandemiju i da je 90% racunara koji se javaljaju ovde zarazeno sa njim, molim za savet, kako da izbegnem ponovnu zarazu.

Profil

Bogdan-Tc Poslao: 21 Dec 2009 21:03 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Preuzmi DeFogger sa sledećeg linka... http://www.jpshortstuff.247fixes.com/Defogger.exe Pokreni ga dvoklikom na ikonicu; Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable; Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes; Po završetku rada programa DeFogger isprati sledeće uputstvo. Korak 2. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat c:\windows\TEMP\~TM43.tmp Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "sysgif32"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Hosenfefer Poslao: 22 Dec 2009 11:01 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-12-21.04 - vlada 22.12.2009 10:40:38.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.662 [GMT 1:00] Running from: c:\documents and settings\vlada\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\vlada\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 091222-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat" "c:\windows\TEMP\~TM43.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Thunderbird\plc4.dll c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat . ((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 ))))))))))))))))))))))))))))))) . 2009-12-15 14:22 . 2009-12-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\windows\system32\AGEIA 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-15 12:01 . 2009-12-15 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-15 11:40 . 2009-12-15 11:59 -------- d-----w- c:\program files\Common Files\BioWare 2009-12-10 15:03 . 2009-12-10 15:03 -------- d-----w- c:\program files\Steinberg 2009-12-10 15:03 . 2009-12-10 15:06 -------- d-----w- c:\program files\FruityLoops 3.56 2009-12-06 10:24 . 2009-12-18 19:01 60 ---h--w- c:\windows\popcreg.dat 2009-12-05 11:56 . 2009-12-18 19:01 22 ----a-w- c:\windows\popcinfot.dat 2009-12-05 11:55 . 2009-12-05 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-12-05 11:54 . 2009-12-05 11:55 -------- d-----w- c:\program files\PopCap Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-22 09:46 . 2009-08-02 08:23 60217376 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-22 09:45 . 2007-02-19 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-12-22 09:29 . 2009-08-02 08:23 708800 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-12-21 21:11 . 2007-02-04 00:49 10 ----a-w- c:\windows\popcinfo.dat 2009-12-15 22:55 . 2007-02-05 21:14 -------- d-----w- c:\documents and settings\vlada\Application Data\Skype 2009-12-12 20:28 . 2008-11-19 18:01 -------- d-----w- c:\documents and settings\vlada\Application Data\Winamp 2009-12-12 20:20 . 2008-11-19 18:01 -------- d-----w- c:\program files\Winamp 2009-12-12 18:13 . 2008-01-09 22:12 -------- d-----w- c:\documents and settings\vlada\Application Data\uTorrent 2009-12-11 10:15 . 2007-02-03 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-24 23:54 . 2007-09-01 19:08 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-09-01 19:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-09-01 19:08 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-04-01 11:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-04-01 11:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-09-01 19:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-09-01 19:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-09-01 19:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-09-01 19:08 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-24 13:43 . 2007-02-04 15:35 -------- d-----w- c:\program files\Planplus 2009-11-21 22:23 . 2008-07-31 18:44 -------- d-----w- c:\documents and settings\vlada\Application Data\LimeWire 2009-11-21 10:30 . 2009-11-21 10:31 48640 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-11-21 10:28 . 2009-11-21 10:29 1364992 ----a-w- c:\windows\Internet Logs\xDB11.tmp 2009-11-21 10:28 . 2009-11-21 10:29 781312 ----a-w- c:\windows\Internet Logs\xDB10.tmp 2009-11-19 15:41 . 2007-11-19 11:46 177024 ----a-w- c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\FlashGot.exe 2009-11-16 13:06 . 2009-11-16 13:07 1358336 ----a-w- c:\windows\Internet Logs\xDBF.tmp 2009-11-14 19:12 . 2009-11-14 19:12 2314335 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-14 19:08 . 2009-10-10 18:10 -------- d-----w- c:\program files\Microsoft 2009-11-09 21:02 . 2009-11-09 21:03 51200 ----a-w- c:\windows\Internet Logs\xDBE.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1349632 ----a-w- c:\windows\Internet Logs\xDBD.tmp 2009-11-09 18:15 . 2009-11-09 18:16 1688576 ----a-w- c:\windows\Internet Logs\xDBC.tmp 2009-11-08 18:06 . 2009-11-08 18:06 -------- d-----w- c:\program files\Sega 2009-10-25 22:10 . 2007-02-04 15:05 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-09 10:14 . 2009-10-09 10:15 150016 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2009-10-09 10:14 . 2009-10-09 10:15 1425408 ----a-w- c:\windows\Internet Logs\xDBA.tmp 2009-10-09 10:13 . 2009-10-09 10:15 1424896 ----a-w- c:\windows\Internet Logs\xDBB.tmp 2009-10-02 10:49 . 2009-10-02 10:50 758784 ----a-w- c:\windows\Internet Logs\xDB8.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-12-21_18.10.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-22 09:30 . 2009-12-22 09:30 16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2007-8-31 1746] Adobe Reader Synchronizer.lnk.disabled [2007-2-18 1788] InterVideo WinCinema Manager.lnk.disabled [2007-2-3 1781] Logitech Desktop Messenger.lnk.disabled [2007-2-3 1885] VPN Client.lnk.disabled [2007-8-10 2447] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE "PCTVOICE"=pctspk.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" "PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Games\\KKND Krossfire\\Kknd2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 12:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 12:03 20560] S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys --> c:\windows\system32\DRIVERS\dig_ts.sys [?] S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys --> c:\windows\system32\drivers\dig_v.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 12:53 25832] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [3.2.2007 17:53 6400] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 12:19 23064] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24.8.2007 11:07 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24.8.2007 11:07 5248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites IE: E&xport to Microsoft Excel IE: Open in new background tab IE: Open in new foreground tab FF - ProfilePath - c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\vlada\Application Data\Mozilla\Firefox\Profiles\g5n7nz7b.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . Completion time: 2009-12-22 10:48:53 ComboFix-quarantined-files.txt 2009-12-22 09:48 ComboFix2.txt 2009-12-21 18:18 Pre-Run: 15.862.140.928 bytes free Post-Run: 15.820.312.576 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5 - - End Of File - - FE936313770C2FF10D303A53D21AB47F

Profil

Bogdan-Tc Poslao: 22 Dec 2009 15:54 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronnađi i Zip_uj ili rar_uj sledeći file: `C:\Qoobox\Quarantine\C\program files\Mozilla Thunderbird\plc4.dll.vir` Uradi upload tog file_a koji si arhivirao preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Hosenfefer Poslao: 22 Dec 2009 16:57 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovan.

Profil

Bogdan-Tc Poslao: 22 Dec 2009 17:42 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DeQuarantine:: C:\Qoobox\Quarantine\C\program files\Mozilla Thunderbird\plc4.dll.vir Quit::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Hosenfefer Poslao: 27 Dec 2009 10:34 Idi na vrh
offline Hosenfefer Novi MyCity građanin Pridružio: 21 Dec 2009 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se sto me nije bilo par dana, ali bio sam prezauzet. C:\Qoobox\Quarantine\C\program files\Mozilla Thunderbird\plc4.dll.vir -> C:\program files\Mozilla Thunderbird\plc4.dll ( 34416 bytes )

Profil

Bogdan-Tc Poslao: 27 Dec 2009 10:57 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » svchost.exe uzima 50% CPU-a.

Ko je trenutno na forumu

Ukupno su 837 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 833 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: deimos25, goxin, Shilok, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by