Preporucio bih ti da uradis ono sto sam ovde preporucio drugom korisniku sa slicnim problemom (a i da koristis search opciju, inace ;-) )...

Uradio sam kao sto si mi rekao, i fazon je u to me sto kada sam na desktopu nista se ne desava sve je ok ali kao sto sam rekao imam all cpu meter gadget skinut sa microsofta i fora je npr screensaver se ukljuci i sve izgleda ok kada pomerim misa normalno da bi nesto radio i ss se iskljuci tog momenta je sve ok ali do tog momenta na gadgetu stoji da su oba procesora radila 100%, to je samo primer, e sad da li me gadget zeza ili je nesto drugo upitanju, i sad sinoc sam pustio malwarebytes i evo loga
Malwarebytes' Anti-Malware 1.43
Verzija baze podataka: 3488
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3.1.2010 22:19:09
mbam-log-2010-01-03 (22-19-09).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\|)
Skeniranih objekata: 243995
Proteklo vreme: 34 minute(s), 29 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 1
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 1
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-4850781914-3986876880-237803151-9262\nissan.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)

Ako te jos uvek zeza, mozemo dublje da zavirimo. Isprati uputstva.

Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Iskopiraj mi DDS.txt log file.

Skini Gmer http://www2.gmer.net/download.php
Pokreni dvoklikom
Sacekaj da izvrsi inicijalno skeniranje
Zatim klikni Scan
Kad zavrsi skeniranje, klikni Save i sacuvaj log na desktopu pod nazivom Gmer1
Ukoliko je log veliki iskopiraj ga na http://pastebin.com/
Klikni send i iskopiraj link ovde na forumu.

Ovo mi govori da mozda imas neke nezeljene goste na racunaru - neko ili nesto je pokusao da spreci koriscenje MBAM-a na tvom racunaru tako sto je preusmerio izvrsavanje mbamservice.exe na neki drugi fajl.

A sto se CPU gadgeta i Process Explorera tice, pustis Process Explorer da radi u prvom planu, pustis da se ukljuci screen saver, i kada ga prekines pogledaj odmah da li u PE vidis da je neki od procesa na 100% - svi svchostovi su uglavnom na pocetku spiska, pa potrazi tamo. Proces koji se upravo ugasio obelezen je crvenom bojom a onaj koji se upravo pokrenuo zelenom, i u Options > Difference Highlight Duration mozes podesiti koliko sekundi ce stajati obavestenje na ekranu da se proces pokrenuo ili ugasio, tako da ako ti je default vrednost prekratka, ti promeni na neku vecu, i verovatno ces videti da li se jos nesto pokrece sa screen saverom i koliko jede resursa.

@ Kristi

DDS (Ver_09-12-01.01) - NTFSx86
Run by Drazic at 10:07:43,64 on pon 04.01.2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.1427 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Eset\nod32kui.exe
C:\Users\Drazic\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Drazic\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [googletalk] c:\users\drazic\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: PnkBstrA.exe - rundll32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\drazic\appdata\roaming\mozilla\firefox\profiles\chsjddm6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\users\drazic\appdata\roaming\mozilla\firefox\profiles\chsjddm6.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-9-28 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-17 235344]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-9-28 549256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-29 1021256]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-22 48128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-25 19160]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-7-6 906368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GarenaPEngine;GarenaPEngine;c:\users\drazic\appdata\local\temp\SEL85F7.tmp [2009-12-23 25616]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2010-01-03 13:29:25 0 d-----w- C:\Fraps
2010-01-03 13:26:36 0 d-----w- c:\program files\IObit
2010-01-01 11:41:29 0 d-----w- c:\programdata\BioWare
2010-01-01 11:36:43 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-30 20:54:38 0 d-----w- c:\programdata\Apple Computer
2009-12-30 20:53:59 0 d-----w- c:\programdata\Apple
2009-12-30 12:13:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-30 12:13:24 0 d-----w- c:\users\drazic\appdata\roaming\SUPERAntiSpyware.com
2009-12-30 12:13:24 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-27 09:19:25 0 d-----w- c:\programdata\Google
2009-12-21 09:16:00 65536 --sha-w- c:\users\drazic\ntuser.dat{0a67949c-ee11-11de-b77b-806e6f6e6963}.TM.blf
2009-12-21 09:16:00 524288 --sha-w- c:\users\drazic\ntuser.dat{0a67949c-ee11-11de-b77b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-12-21 09:16:00 524288 --sha-w- c:\users\drazic\ntuser.dat{0a67949c-ee11-11de-b77b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2009-12-21 09:14:14 0 --sha-w- c:\users\drazic\NTUSER.DAT_tureg_new.LOG2
2009-12-21 09:14:14 0 --sha-w- c:\users\drazic\NTUSER.DAT_tureg_new.LOG1
2009-12-20 06:19:42 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-20 06:19:39 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-20 06:19:39 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-12-20 06:19:21 0 d-----w- c:\program files\TuneUp Utilities 2010
2009-12-19 21:53:54 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-19 21:51:04 0 d-----w- c:\windows\PCHEALTH
2009-12-19 21:49:35 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-19 21:48:56 0 d-----w- c:\programdata\Microsoft Help
2009-12-17 09:37:37 0 d-----w- c:\program files\common files\BioWare
2009-12-11 14:51:44 0 d-----w- c:\program files\Ventrilo
2009-12-11 14:51:42 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-12-09 17:43:45 0 d-----w- c:\users\drazic\appdata\roaming\Activision
2009-12-09 17:42:38 0 d-sh--w- c:\windows\ftpcache
2009-12-09 17:41:38 290 ----a-w- c:\windows\game.ini
2009-12-09 08:03:07 0 d-----w- c:\programdata\Media Center Programs

==================== Find3M ====================

2009-12-30 13:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 14:48:46 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-03 14:48:46 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-23 11:20:24 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-23 11:20:15 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-21 09:30:06 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-17 15:39:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-17 15:01:05 22328 ----a-w- c:\users\drazic\appdata\roaming\PnkBstrK.sys
2009-11-17 15:00:46 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-07 09:39:05 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-06 09:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05:36 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05:34 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-16 10:19:38 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-10-15 11:44:20 809560 ----a-r- c:\windows\system32\tmpE56C.tmp
2009-10-15 11:44:20 809560 ----a-r- c:\windows\system32\tmpE52D.tmp
2009-10-14 07:42:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-09-28 14:18:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-28 14:21:11 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:08:17,47 ===============

http://pastebin.com/m7f8cef4c

@ Valjan
Sad cu da pokusam pa cu javiti rezultate


_{[Ovu poruku je menjao dsteva dana 04.01.2010. u 10:23 GMT+1]}

Ne znam Veljan uradio sam kao sto si rekao i jedino sto je stalo je screensaver ali mi je cudno da mi screensaver trosi 90% procesora a inace imam Intel Pentium Dual core na 2.0 Gh

Hmm, cudno, ajde pusti combofix da vidimo sta ce on da kaze.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ugasi AV i obavezno ga pokreni sa desktopa.
Yes \ ok za sve sto te pita.
Iskopiraj log kad zavrsi skeniranje.

E sad evo loga od PE screensaver nije bio ukljucen
Process PID CPU Description Company Name
System Idle Process 0 45.70
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 420 Windows Session Manager Microsoft Corporation
csrss.exe 504 Client Server Runtime Process Microsoft Corporation
wininit.exe 564 Windows Start-Up Application Microsoft Corporation
services.exe 612 Services and Controller app Microsoft Corporation
svchost.exe 804 Host Process for Windows Services Microsoft Corporation
nvvsvc.exe 864 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation
nvvsvc.exe 1420 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation
svchost.exe 904 Host Process for Windows Services Microsoft Corporation
svchost.exe 1012 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1264 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1052 Host Process for Windows Services Microsoft Corporation
dwm.exe 2260 0.77 Desktop Window Manager Microsoft Corporation
svchost.exe 1096 Host Process for Windows Services Microsoft Corporation
taskeng.exe 5692 Task Scheduler Engine Microsoft Corporation
jusched.exe 5532 Java(TM) Platform SE binary Sun Microsystems, Inc.
svchost.exe 1248 Host Process for Windows Services Microsoft Corporation
svchost.exe 1464 Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1580 Spooler SubSystem App Microsoft Corporation
svchost.exe 1608 Host Process for Windows Services Microsoft Corporation
svchost.exe 1732 Host Process for Windows Services Microsoft Corporation
MDM.EXE 1768 Machine Debug Manager Microsoft Corporation
nod32krn.exe 1804 NOD32 Kernel Service Eset
nod32kui.exe 2752 NOD32 Control Center GUI Eset
nvSCPAPISvr.exe 1872 Stereo Vision Control Panel API Server NVIDIA Corporation
TuneUpUtilitiesService32.exe 1916 TuneUp Utilities Service TuneUp Software
TuneUpUtilitiesApp32.exe 2232 TuneUp Utilities TuneUp Software
UpdateCenterService.exe 1972 NVIDIA Update Center Service NVIDIA
taskhost.exe 2272 Host Process for Windows Tasks Microsoft Corporation
mbamservice.exe 2600 Malwarebytes' Anti-Malware Malwarebytes Corporation
wmpnetwk.exe 3480 Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 3728 Host Process for Windows Services Microsoft Corporation
svchost.exe 3412 49.57 Host Process for Windows Services Microsoft Corporation
lsass.exe 636 Local Security Authority Process Microsoft Corporation
lsm.exe 644 Local Session Manager Service Microsoft Corporation
csrss.exe 576 Client Server Runtime Process Microsoft Corporation
winlogon.exe 700 Windows Logon Application Microsoft Corporation
explorer.exe 2328 Windows Explorer Microsoft Corporation
googletalk.exe 2808 Google Talk Google
uTorrent.exe 2872 µTorrent BitTorrent, Inc.
sidebar.exe 2928 0.77 Windows Desktop Gadgets Microsoft Corporation
procexp.exe 3612 2.32 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ielowutil.exe 2108 Internet Low-Mic Utility Tool Microsoft Corporation

Predjes misem preko ovog svchosta, pa ti se u tooltipu pojave servisi koje on opsluzuje, ili dvokliknes na njega, pa odes na karticu Services, pa vidis tu koji su servisi u pitanju (kako god ti lakse)...

E sad je problem sto je sve ok ali hocu da probam sa ComboFixom ali ne mogu da ubijem Nod32krn.exe kako prekinem proces on se tako ponovo pojavi

Desni klik na ikonicu pored sata, pa izaberi iz Threat Protection - AMON
Destikliraj File system monitor (AMON) enabled

Uradio ali me jos nesto muci kad ukljucim Process Explorer ima proces mbamservice.exe i kad hocu da ga prekinem ne dozvoljava mi a kad pokrenem Proces Explorer kao admin nema ga
Edit>reseno i evo loga

_{[Ovu poruku je menjao dsteva dana 04.01.2010. u 13:01 GMT+1]}

Mozes da deinstaliras Combofix

start\ run\ Combofix /Uninstall ok

Ovo je cist racunar.

Probaj sa reinstalacijom malwarebytesa.

pogledaj u kom rezimu ti radi komp : PIO ili DMA mode?

Kristi nemam pojima uradio sam to cak sam i ponovo podigao sistem i opet isto, a shollim radi u PIO modu, koliko shvatam da vecinu vremena radi 100% trebalo bi da se extra greje ali to kod mene nije slucaj, vama svima hvala na pomoci, ako jos neko ima neku ideju tu sam :)

E pa prijatelju zato ti i kuca toliko CPU jer sve sto radi, pa i obican screensaver, radi preko CPU a ne direktno preko meorije. Jer sve ovo sto ti pricaju su budalastine
Verujmi mozes da pokusavas 300 cuda ali ako je PIO mode nista ti nece vredeti.
Uzmi i OBAVEZNO ga prebaci u DMA mode. Nemam neko iskustvo sa windows 7 , ALI PREDPOSTAVLJAM DA SE RADI NA ISTI NACIN KAO U WIN XP :
-idi na my computer desnim klikom i
-device manager i nadji gde ti je instaliran IDE driver
-dvoklik levim tasterom na primari IDE channel
-pa na ADVANCED SETTINGS
-i tu pokiusaj da ga prebacis u ULTRA DMA MODE

-isro tako uradis i za SECONDARY IDE CHANNEL

Pa restartujes komp...........ako nece ni posle toga onda pokusaj da disinstaliras ceo ide driver pa restartuj komp!!!
Ako ni to nece ici cemo GRUBO preko registra!!!NEMOZE KOMP DA BUDE PAMETNIJI OD NAS AKO NECE MILOM ONDA CE SILOM ;-D

E sad samo mi reci koji samo sam ovde nasao

Ajde pa javi.Bas me zanima da li se isto radi i u windows 7.Pozz

Menjao sam post gore aj pogledaj sliku pa mi javi

Vidim da je drugacije nego na WIN XP .Po mom misljenju PRIMARY IDE bi trebao da bude ovaj ata 0 (neki od ova 3), dok SECONDARY ata 1 (isto neki od ova 3). Al ti pokusaj da otvoris sve na onaj nacin koji sam ti prethodno pobjasnio i svugde gde pise PIO mode ti ga promeni na ULTRA DMA MODE pa onda restartuj komp.Pa javi

E sad cak ni u biosu ne mogu da promenim da radi u dma modu cak nemam ni opciju da ga prebacim u dma mod

Prelistaj ih sve .... od prvog do poslednjeg...jer tamo gde ti nista ne pise - taj nije aktivan...nego kako si ti uvideo da ti komp radi u PIO modu kao sto si mi ranije rekao??

Da li je u pitanju standardni Vindovsov skrin sejver ili si ti instalirao neki svoj? Da li si pokusao da odaberes drugi skrin sejver. Ja sam imao neke koji su bili zahtevniji od 3d igrice. Da li su ventilatori bucniji kad se ukljuci skrin sejver?

Ma instalirao sam neki svoj ali mi je na Visti normalno radio , i ventilatori normalno rade, a da radi u PIO modu sam video u biosu barem tako pise i nema opcija da se promeni u bilo sta drugo.

Idi u Windows Registry tako sto ces uraditi sledece:

Start>Run>upises regedit> odnavigiras do sledece vrednsti:


Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}



Tu ces naci podkljuceve kao sto su npr. 0000, 0001, 0002. Podkljuc 0001 bi trabalo da bude od primarnog IDE kanala, dok bi podkljuc 0002 trebalo da bude od sekundarnog (provera se vrsi u DriverDesc string vrednosti pritiskom na istu). U oba ova podkljuca ces naci DWORD vrednosti MasterIdDataChecksum i SlaveIdDataChecksum. Te DWORD vrednosti treba skroz maknuti (delete) za svaki uredjaj koji je spor i restartovati racunar posle toga. To bi trebalo resiti problem.


!!!TO TI JE ZA WINDOWS XP TREBALO BI DA BUDE ISTO I ZA WINDOWS 7. PROVERI DA LI POSTOJE TI KLJUCEVI U REGISTRU!!!

Postoje kljucevi ali ih ima vise i ne mogu da nadjem MasterIdDataChecksum i SlaveIdDataChecksum ali evo pa pogledaj

Nedavno sam na nekoliko mašina sasvim slučajno otkrio da sporadični problem sa "zakucavanjem na 100% zauzeća procesora" nastaje nakon pokretanja nekih programa (konkretno MS Excel), koji i nakon zatvaranja samog programa i dalje zadržava izvršni fajl (EXCEL.EXE) rezidentnim u memoriji!!???
Jednostavnim "ubijanjem tog procesa" se zauzeće procesora momentalno vraća u normalu (5-15%)!

Još uvek pokušavam da pronađem šta je uzrok ovakvom ponašanju, pošto se ne dešava svaki put i ne mogu da uočim nikakvu pravilnost kod ove pojave!?

E upravo je to kod mene problem mada ne znam sta je uzrok i najsitnije programe kada pokrenem procesor se zakuca na 90%, znam samo da mi se to nije desavalo ranije, npr dok sam imao Vistu pa cak i 7 do skoro, pre neki dan sam ponovo dizao sistem i opet isto, mada kao sto shollim rece komp mi radi u pio modu ali pretpostavljam da je tako radio i pre ovoga, tako da stvarno nemam ideju zasto se ovo desava, mislio sam da nisam kojim slucajem zapatio nesto zato sam i postovao ovde ali izgleda da to nije slucaj, tako da ako ima ko da zna u cemu je problem opet kazem tu sam, poz i hvala svima na pomoci!!!