svchost problem - cpu 100%

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Predpostavljam da ste već upoznati koji su već problemi sa ovim procesom. S obzirom da mi treba što pre rešenje problema, neću moći u ovom trenutku da postujem izveštaje Gmer-a i DDS-a, nego tek u toku noći odnosno jutra. BTW, DDS program u opšte ne mogu da pokrenem jer prijavljuje neku grešku. Gmer u najveće radi i u toku tog skeniranja, Kaspersky je našao još 3 trojanca. Da li je u pitanju gomila virusa koji se rešavaju jedino formatiranjem? Dole sam opisao problem:

- U pitanju je Winxp SP3. Opterećenje u 100% nastaje po povezivanju na internet. Kompjuter je povezan na kablovski internet preko mrežne kartice. Problem je počeo da se ispoljava pre 2 nedelje. Imam instaliran Kaspersky IS koji je, iz Safe moda, obrisao 20-ak trojanaca, ali se problem i dalje javlja.
ProcessExplorer-om sam pokušao da utvrdim koje servise pokreće i isključivao sam ih, ali ni to nije rešilo problem jer se svaki sledeći put veže za neki drugi servis.
Svchost.exe proces kada pokušam da ugasim iz Task Manager-a, pojavi se prozor System Shutdown sa odbrojavanjem unazad od 1 min. Kada taj System Shutdown ugasim iz Command Prompt-a komandom "shutdown /a", svchost više ne opterećuje procesor do narednog restartovanja kompjutera i konektovanja na internet.

Ako imate neku ideju, slobodno napišite da bih to primenio, jer kao što sam rekao prilično mi je hitno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo i izveštaja iz DDS-a i Gmer-a.

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

@ diarno

LOL

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-01-04.01 - EI SM 11.01.2010 0:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.98 [GMT 1:00]
Running from: c:\documents and settings\EI SM\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\EI SM\Application Data\avdrn.dat
c:\documents and settings\EI SM\Application Data\Desktopicon
c:\documents and settings\EI SM\Application Data\Desktopicon\config.ini
c:\documents and settings\EI SM\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\EI SM\My Documents\My Documents.url
c:\documents and settings\EI SM\RavMonLog
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\msa.exe
c:\windows\system32\driVERs\tpbrvar.sys
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_tpbrvar
-------\Service_tpbrvar


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 12:21 . 2001-08-23 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-01-10 12:20 . 2004-08-03 21:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2010-01-10 12:19 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-01-10 12:18 . 2004-08-03 20:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-01-10 12:17 . 2004-08-03 22:56 29696 -c--a-w- c:\windows\system32\dllcache\admexs.dll
2010-01-10 12:14 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-10 12:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-01-10 12:02 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-06 10:32 . 2010-01-06 10:32 -------- d-----w- c:\windows\system32\Mira6
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\program files\ScanDrv6
2009-12-29 13:30 . 2009-12-29 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-29 13:29 . 2010-01-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-29 08:57 . 2010-01-05 12:30 134 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-24 08:33 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-23 08:47 . 2009-12-23 09:12 -------- d-----w- c:\program files\Opera 10 Beta

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:43 . 2010-01-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-10 19:17 . 2008-08-22 11:27 -------- d-----r- c:\program files\mail
2010-01-10 18:33 . 2010-01-10 18:33 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-10 18:33 . 2010-01-10 18:33 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-10 18:33 . 2010-01-10 18:33 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-10 18:31 . 2010-01-10 18:31 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-10 12:45 . 2010-01-10 12:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-10 12:45 . 2010-01-10 12:45 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-10 12:43 . 2010-01-10 12:43 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-10 12:38 . 2008-11-24 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 12:12 . 2004-01-03 12:09 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-08 17:08 . 2008-07-03 15:41 -------- d-----w- c:\program files\Yahoo!
2010-01-08 13:45 . 2009-12-01 13:46 -------- d-----w- c:\documents and settings\EI SM\Application Data\MahJong Suite
2010-01-08 12:02 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\EI SM\Application Data\SolSuite
2010-01-06 15:07 . 2009-02-25 14:41 -------- d-----w- c:\documents and settings\EI SM\Application Data\BitTorrent
2010-01-06 13:14 . 2008-07-02 08:16 -------- d-----r- c:\program files\stevan
2010-01-06 10:25 . 2004-01-05 01:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:30 . 2010-01-05 12:30 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2010-01-05 10:44 . 2009-10-01 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-12-29 13:34 . 2008-12-03 08:30 -------- d-----w- c:\documents and settings\EI SM\Application Data\Simply Super Software
2009-12-29 13:33 . 2008-10-29 14:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 09:33 . 2004-01-05 01:09 -------- d-----w- c:\program files\Eset
2009-12-29 08:56 . 2009-12-29 08:56 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-24 10:20 . 2009-10-07 05:58 -------- d-----w- c:\program files\Unlocker
2009-12-22 11:45 . 2009-12-22 11:45 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:14 . 2009-03-19 09:06 -------- d-----w- c:\program files\Common Files\Real
2009-12-08 14:43 . 2008-02-29 07:42 72584 ----a-w- c:\documents and settings\EI SM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 13:49 . 2009-12-01 13:45 -------- d-----w- c:\program files\MahJong Suite
2009-12-01 13:46 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2009-12-01 12:00 . 2009-12-01 12:00 24575 ----a-w- c:\windows\system32\Mpwinapppiobas69.dat
2009-10-20 19:34 . 2009-10-20 19:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-14 20:18 . 2009-10-14 20:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-03-13 09:24 . 2009-03-13 09:23 9914224 ----a-w- c:\program files\winamp5551_full_emusic-7plus_en-us.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-07 10:18 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Keyboard Driver\StartAutorun.exe" [2007-03-06 212992]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe
backup=c:\windows\pss\siszyd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13833:TCP"= 13833:TCP:NortonAV
"15736:TCP"= 15736:TCP:NortonAV

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard Driver\KMWDSrv.exe [5.4.2007 9:29 208896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.9.2008 10:57 717296]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{B0365857-F491-44B3-B308-29148F05E447}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D13DDA9E-007A-4F07-909F-B5774E2B7A10} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Explorer_Run-smile - c:\program files\Applications\wcs.exe
MSConfigStartUp-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-GroupManager - c:\program files\Windows Vista Sidebar for XP with Proper Installation\groupmanager.exe
MSConfigStartUp-LREC75DND7 - c:\docume~1\EISM~1\LOCALS~1\Temp\c.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
MSConfigStartUp-sysgif32 - c:\windows\TEMP\~TME.tmp
MSConfigStartUp-TE_RegProtect - c:\program files\Anti Trojan Elite\TERegPct.exe
MSConfigStartUp-VResLab - c:\program files\VResLab\VResLab.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1214440339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:76,28,f9,56,78,79,f4,f2,76,fd,3a,99,66,7e,16,23,55,59,17,c9,9f,
b9,d7,fd,f4,2a,c6,93,72,67,ee,88,ec,20,09,6b,81,01,9d,b4,3d,d3,8b,f1,d6,7f,\
"rkeysecu"=hex:6d,a2,e8,9c,5e,2e,67,ed,3d,52,f2,a8,3b,11,cc,10
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Keyboard Driver\KMConfig.exe
c:\program files\Keyboard Driver\KMProcess.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-11 00:53:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 23:53

Pre-Run: 27.052.118.016 bytes free
Post-Run: 28.747.067.392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 96989FF5FB771B3F2A9A781ECEBE94BD

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\pss\siszyd32.exeStartup
c:\windows\system32\fjhdyfhsn.bat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13833:TCP"=-
"15736:TCP"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.