svchost problem - cpu 100%

svchost problem - cpu 100%

  • Onsite IT Support Engineer
  • Pridružio: 08 Mar 2005
  • Poruke: 1148
  • Gde živiš: Niš

Predpostavljam da ste već upoznati koji su već problemi sa ovim procesom. S obzirom da mi treba što pre rešenje problema, neću moći u ovom trenutku da postujem izveštaje Gmer-a i DDS-a, nego tek u toku noći odnosno jutra. BTW, DDS program u opšte ne mogu da pokrenem jer prijavljuje neku grešku. Gmer u najveće radi i u toku tog skeniranja, Kaspersky je našao još 3 trojanca. Da li je u pitanju gomila virusa koji se rešavaju jedino formatiranjem? Dole sam opisao problem:

- U pitanju je Winxp SP3. Opterećenje u 100% nastaje po povezivanju na internet. Kompjuter je povezan na kablovski internet preko mrežne kartice. Problem je počeo da se ispoljava pre 2 nedelje. Imam instaliran Kaspersky IS koji je, iz Safe moda, obrisao 20-ak trojanaca, ali se problem i dalje javlja.
ProcessExplorer-om sam pokušao da utvrdim koje servise pokreće i isključivao sam ih, ali ni to nije rešilo problem jer se svaki sledeći put veže za neki drugi servis.
Svchost.exe proces kada pokušam da ugasim iz Task Manager-a, pojavi se prozor System Shutdown sa odbrojavanjem unazad od 1 min. Kada taj System Shutdown ugasim iz Command Prompt-a komandom "shutdown /a", svchost više ne opterećuje procesor do narednog restartovanja kompjutera i konektovanja na internet.

Ako imate neku ideju, slobodno napišite da bih to primenio, jer kao što sam rekao prilično mi je hitno.

  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

[Link mogu videti samo ulogovani korisnici]

  • Onsite IT Support Engineer
  • Pridružio: 08 Mar 2005
  • Poruke: 1148
  • Gde živiš: Niš

Evo i izveštaja iz DDS-a i Gmer-a.

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

@ diarno


  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:

Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

  • Onsite IT Support Engineer
  • Pridružio: 08 Mar 2005
  • Poruke: 1148
  • Gde živiš: Niš

ComboFix 10-01-04.01 - EI SM 11.01.2010 0:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.98 [GMT 1:00]
Running from: c:\documents and settings\EI SM\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\EI SM\Application Data\avdrn.dat
c:\documents and settings\EI SM\Application Data\Desktopicon
c:\documents and settings\EI SM\Application Data\Desktopicon\config.ini
c:\documents and settings\EI SM\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\EI SM\My Documents\My Documents.url
c:\documents and settings\EI SM\RavMonLog
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))

2010-01-10 12:21 . 2001-08-23 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-01-10 12:20 . 2004-08-03 21:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2010-01-10 12:19 . 2004-08-03 22:56 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-01-10 12:18 . 2004-08-03 20:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-01-10 12:17 . 2004-08-03 22:56 29696 -c--a-w- c:\windows\system32\dllcache\admexs.dll
2010-01-10 12:14 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-10 12:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-01-10 12:02 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-10 12:02 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-06 10:32 . 2010-01-06 10:32 -------- d-----w- c:\windows\system32\Mira6
2010-01-06 10:31 . 2010-01-06 10:31 -------- d-----w- c:\program files\ScanDrv6
2009-12-29 13:30 . 2009-12-29 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-29 13:29 . 2010-01-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-29 08:57 . 2010-01-05 12:30 134 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-24 08:33 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-23 08:47 . 2009-12-23 09:12 -------- d-----w- c:\program files\Opera 10 Beta

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-01-10 23:43 . 2010-01-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-10 19:17 . 2008-08-22 11:27 -------- d-----r- c:\program files\mail
2010-01-10 18:33 . 2010-01-10 18:33 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-10 18:33 . 2010-01-10 18:33 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-10 18:33 . 2010-01-10 18:33 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-10 18:33 . 2010-01-10 18:33 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\\sys\i386\5.1\klif.sys
2010-01-10 18:31 . 2010-01-10 18:31 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\oeas.dll
2010-01-10 18:31 . 2010-01-10 18:31 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\fssync.dll
2010-01-10 18:31 . 2010-01-10 18:31 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\kloehk.dll
2010-01-10 18:31 . 2010-01-10 18:31 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\mzvkbd3.dll
2010-01-10 18:31 . 2010-01-10 18:31 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\sys\i386\5.1\klif.sys
2010-01-10 12:45 . 2010-01-10 12:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-10 12:45 . 2010-01-10 12:45 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-10 12:43 . 2010-01-10 12:43 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-10 12:38 . 2008-11-24 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-10 12:12 . 2004-01-03 12:09 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-08 17:08 . 2008-07-03 15:41 -------- d-----w- c:\program files\Yahoo!
2010-01-08 13:45 . 2009-12-01 13:46 -------- d-----w- c:\documents and settings\EI SM\Application Data\MahJong Suite
2010-01-08 12:02 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\EI SM\Application Data\SolSuite
2010-01-06 15:07 . 2009-02-25 14:41 -------- d-----w- c:\documents and settings\EI SM\Application Data\BitTorrent
2010-01-06 13:14 . 2008-07-02 08:16 -------- d-----r- c:\program files\stevan
2010-01-06 10:25 . 2004-01-05 01:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:30 . 2010-01-05 12:30 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2010-01-05 10:44 . 2009-10-01 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-12-29 13:34 . 2008-12-03 08:30 -------- d-----w- c:\documents and settings\EI SM\Application Data\Simply Super Software
2009-12-29 13:33 . 2008-10-29 14:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 09:33 . 2004-01-05 01:09 -------- d-----w- c:\program files\Eset
2009-12-29 08:56 . 2009-12-29 08:56 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-24 10:20 . 2009-10-07 05:58 -------- d-----w- c:\program files\Unlocker
2009-12-22 11:45 . 2009-12-22 11:45 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:14 . 2009-03-19 09:06 -------- d-----w- c:\program files\Common Files\Real
2009-12-08 14:43 . 2008-02-29 07:42 72584 ----a-w- c:\documents and settings\EI SM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 13:49 . 2009-12-01 13:45 -------- d-----w- c:\program files\MahJong Suite
2009-12-01 13:46 . 2009-02-27 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2009-12-01 12:00 . 2009-12-01 12:00 24575 ----a-w- c:\windows\system32\Mpwinapppiobas69.dat
2009-10-20 19:34 . 2009-10-20 19:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010\English\setup.exe
2009-10-14 20:18 . 2009-10-14 20:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-03-13 09:24 . 2009-03-13 09:23 9914224 ----a-w- c:\program files\winamp5551_full_emusic-7plus_en-us.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-07 10:18 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-07 2166296]


"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"KMCONFIG"="c:\program files\Keyboard Driver\StartAutorun.exe" [2007-03-06 212992]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe

[HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\EI SM\Start Menu\Programs\Startup\Styler.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

"13833:TCP"= 13833:TCP:NortonAV
"15736:TCP"= 15736:TCP:NortonAV

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard Driver\KMWDSrv.exe [5.4.2007 9:29 208896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.9.2008 10:57 717296]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{B0365857-F491-44B3-B308-29148F05E447}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:31]
------- Supplementary Scan -------
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D13DDA9E-007A-4F07-909F-B5774E2B7A10} =
FF - ProfilePath - c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\
FF - prefs.js: - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\EI SM\Application Data\Mozilla\Firefox\Profiles\1rnt9wd3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Explorer_Run-smile - c:\program files\Applications\wcs.exe
MSConfigStartUp-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-GroupManager - c:\program files\Windows Vista Sidebar for XP with Proper Installation\groupmanager.exe
MSConfigStartUp-LREC75DND7 - c:\docume~1\EISM~1\LOCALS~1\Temp\c.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
MSConfigStartUp-sysgif32 - c:\windows\TEMP\~TME.tmp
MSConfigStartUp-TE_RegProtect - c:\program files\Anti Trojan Elite\TERegPct.exe
MSConfigStartUp-VResLab - c:\program files\VResLab\VResLab.exe


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-01-11 00:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1214440339-725345543-1003\Software\SecuROM\License information*]
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2824)
------------------------ Other Running Processes ------------------------
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Keyboard Driver\KMConfig.exe
c:\program files\Keyboard Driver\KMProcess.exe
Completion time: 2010-01-11 00:53:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 23:53

Pre-Run: bytes free
Post-Run: 28.747.067.392 bytes free

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 96989FF5FB771B3F2A9A781ECEBE94BD

  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

c:\documents and settings\EI SM\Start Menu\Programs\Startup\siszyd32.exe

[-HKLM\~\startupfolder\C:^Documents and Settings^EI SM^Start Menu^Programs^Startup^siszyd32.exe]

Snimiti na Desktop fajl iz Notepada kao "CFScript"

Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu

Ukupno su 1457 korisnika na forumu :: 15 registrovanih, 3 sakrivenih i 1439 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: colji, comi, Lj_ubo, Marko Marković, Meklejn, mige84, Milo97, N.e.m.a.nj.a., PrincipL, Romibrat, Saša31LPB, sova72, tachinni, TRZH92, UAV operator