Možda tražite i:
Provera - Hijack this - log file
hijack this log-provera
Hijack log
hijack this log file vcrt80

MyCity » Ambulanta -> Arhiva Ambulante » HiJack log

HiJack log

Napisano na dan: 20.6.2009

HiJack log

Sledeća strana

Pagination

Odgovori

bozovic47 Poslao: 20 Jun 2009 12:15 Idi na vrh
offline bozovic47 Novi MyCity građanin Pridružio: 20 Jun 2009 Poruke: 2	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Postovani, Kompjuter mi je od nedavno veoma spor, iako neradi nijedan servis. NOD32 ne nalazi viruse. Defragmentizacija, uradjena. Upomoc!!!!!!!!!!!! Unapred zahvalan, Zoran Bozovic mycity.rs/must-login.png Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:37 AM, on 6/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Zoran\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O17 - HKLM\System\CCS\Services\Tcpip\..\{A73662E1-01DC-440F-9885-5963A2D4D2B0}: NameServer = 192.168.1.4 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9f0f18c0d087e) (gupdate1c9f0f18c0d087e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 3440 bytes

Profil

magna86 Poslao: 20 Jun 2009 20:20 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav log je cist i nema tragova infekcije. Idemo na dodatnu proveru. Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

bozovic47 Poslao: 21 Jun 2009 13:23 Idi na vrh
offline bozovic47 Novi MyCity građanin Pridružio: 20 Jun 2009 Poruke: 2	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-20.04 - Zoran 06/21/2009 12:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1549 [GMT 2:00] Running from: c:\documents and settings\Zoran\My Documents\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Zoran\RavMonLog c:\windows\system32\Ati2evxx.dll c:\windows\system32\kr_done1 H:\desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ICF -------\Service_ICF ((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 ))))))))))))))))))))))))))))))) . 2009-06-20 07:36 . 2009-06-20 20:14 -------- d-----w- c:\program files\Analog Clock 2009-06-20 06:57 . 2009-06-20 07:02 -------- d-----w- c:\program files\ClocX 2009-06-19 16:46 . 2009-06-19 17:04 -------- d-----w- c:\documents and settings\Zoran\Application Data\GeoSetter 2009-06-19 16:45 . 2009-06-19 16:46 -------- d-----w- c:\program files\GeoSetter 2009-06-19 07:31 . 2009-06-19 07:37 -------- d-----w- c:\documents and settings\Zoran\Application Data\TuFuse Pro 2009-06-19 07:30 . 2009-06-19 07:30 -------- d-----w- c:\program files\TuFusePro 2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\documents and settings\Zoran\ErrorLogs 2009-06-18 12:42 . 2009-06-18 14:20 914512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\windows\system32\XPSViewer 2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\program files\MSBuild 2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\program files\Reference Assemblies 2009-06-18 12:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-06-18 12:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-18 12:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-18 12:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-06-18 12:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-18 12:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-06-18 12:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-18 12:26 . 2009-06-18 12:26 -------- d--h--r- C:\AHCache 2009-06-18 11:47 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-06-18 11:47 . 2009-06-18 11:47 -------- d-----w- c:\program files\Windows Media Connect 2 2009-06-18 11:45 . 2009-06-18 11:46 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-06-18 11:45 . 2009-06-18 11:45 -------- d-----w- c:\windows\system32\LogFiles 2009-06-10 20:16 . 2009-06-10 20:16 -------- d-----w- c:\program files\Raw Therapee 2009-06-10 19:59 . 2009-06-10 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-06-09 16:49 . 2009-06-09 16:50 -------- d-----w- c:\program files\Exifer 2009-06-08 16:59 . 2007-03-20 12:49 2781184 ----a-w- c:\documents and settings\Zoran\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll 2009-06-08 16:51 . 2009-06-08 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-06 14:40 . 2009-06-06 14:40 -------- d-----w- c:\program files\Anything3D Corp 2009-06-06 13:51 . 2009-06-06 13:51 -------- d-----w- c:\program files\PhotomatixPro3 2009-06-04 17:34 . 2009-06-04 17:34 -------- d-----w- c:\program files\Microsoft 2009-06-04 17:28 . 2009-06-04 17:28 -------- d-----w- c:\documents and settings\Zoran\.idl 2009-06-04 16:55 . 2009-06-04 16:55 7680 ----a-w- c:\documents and settings\Zoran\Application Data\Thinstall\ArcSoft Panorama Maker 4 Pro\4000002500002i\ArcRegister.exe 2009-06-04 16:55 . 2009-06-04 16:55 -------- d-----w- c:\documents and settings\Zoran\Application Data\Thinstall 2009-06-04 16:18 . 2009-06-04 16:18 -------- d-----w- c:\documents and settings\Zoran\Local Settings\Application Data\ArcSoft 2009-06-04 16:18 . 2009-06-04 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2009-06-04 16:18 . 2009-06-04 16:55 -------- d-----w- c:\program files\Common Files\ArcSoft 2009-06-04 16:18 . 2009-06-04 16:20 -------- d-----w- c:\documents and settings\Zoran\Application Data\ArcSoft 2009-06-02 16:02 . 2009-06-02 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2009-05-28 19:47 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Zoran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-27 18:09 . 2009-05-27 18:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-27 17:55 . 2009-06-19 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-05-26 16:20 . 2009-05-26 16:20 -------- d-----w- c:\program files\Media Player Classic 2009-05-23 16:26 . 2009-05-23 16:26 -------- d-----w- c:\documents and settings\Zoran\Application Data\WinBatch 2009-05-23 16:22 . 2009-05-23 16:50 -------- d-----w- c:\documents and settings\Zoran\Application Data\Moon Calculator 2009-05-23 16:22 . 2009-05-23 16:22 -------- d-----w- c:\program files\Moon Phase Calculator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 09:27 . 2009-06-09 16:52 30 ----a-w- c:\program files\Exiferupdate.ini 2009-06-19 15:26 . 2009-01-17 16:50 -------- d-----w- c:\program files\Google 2009-06-18 13:55 . 2009-01-18 14:17 -------- d-----w- c:\documents and settings\Zoran\Application Data\Uniblue 2009-06-18 13:36 . 2008-05-27 13:14 76176 ----a-w- c:\documents and settings\Zoran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-11 20:36 . 2008-05-27 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-10 19:59 . 2008-05-27 13:44 -------- d-----w- c:\program files\Eset 2009-06-08 17:21 . 2008-05-27 14:27 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-07 10:25 . 2009-02-08 16:05 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-06-07 10:24 . 2009-02-08 16:06 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT 2009-06-06 14:40 . 2008-05-27 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-04 16:55 . 2008-12-21 16:07 -------- d-----w- c:\program files\ArcSoft 2009-06-04 16:10 . 2008-07-03 10:05 249856 ------w- c:\windows\Setup1.exe 2009-06-02 15:54 . 2009-01-10 17:49 -------- d-----w- c:\program files\QuickTime 2009-05-28 19:46 . 2009-03-14 13:29 -------- d-----w- c:\program files\Helicon Focus 2009-05-23 18:16 . 2009-04-19 11:22 -------- d-----w- c:\program files\RegiStax 5 2009-05-23 18:15 . 2009-02-21 16:45 -------- d-----w- c:\program files\easyHDR 2009-05-18 15:59 . 2008-06-30 18:51 -------- d-----w- c:\program files\CCleaner 2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-29 18:42 . 2009-04-29 18:40 -------- d-----w- c:\program files\MultiRes 2009-04-29 18:40 . 2009-04-29 18:39 -------- d-----w- c:\program files\Radeon Omega Drivers v2.5.36b 2009-04-29 18:39 . 2009-04-29 18:40 724992 ----a-w- c:\windows\iun6002.exe 2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-23 19:28 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\Zoran\Application Data\DriverCure 2009-04-23 19:28 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\program files\ParetoLogic 2009-04-17 18:17 . 2009-04-17 18:17 6 ----a-w- C:\tw0001.dat 2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-09 13:21 . 2009-04-09 13:21 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-04-09 13:18 . 2009-04-09 13:18 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-04-09 13:10 . 2009-04-09 13:10 113960 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_69525f90.exe 2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_4ae13d6c.exe 2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_2cd672ae.exe 2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_294823.exe 2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_18be6784.exe 2008-12-31 10:26 . 2008-12-31 10:22 1538327 ----a-w- c:\program files\ai30ps_setup.exe 2008-12-21 09:09 . 2008-12-21 09:02 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe 2007-07-18 23:35 . 2007-07-18 19:03 158 ----a-w- c:\program files\Compression.ini 2008-11-20 19:39 . 2008-11-20 19:38 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{35B2861B-2B26-4691-9FF0-09083722C736}"= "c:\windows\system32\RadExe.dll" [2004-03-25 147456] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Zoran^Start Menu^Programs^Startup^Nikon Monitor.lnk] path=c:\documents and settings\Zoran\Start Menu\Programs\Startup\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "\\\\zeus\\c$\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "\\\\ace\\c$\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16408:TCP"= 16408:TCP:NortonAV "15372:TCP"= 15372:TCP:NortonAV "13910:TCP"= 13910:TCP:NortonAV "16249:TCP"= 16249:TCP:NortonAV "17755:TCP"= 17755:TCP:NortonAV "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/9/2009 3:21 PM 94360] R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [4/9/2009 3:19 PM 731840] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056] R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [5/27/2008 3:23 PM 176256] S2 DTA FDL-PCI Driver;DTA FDL-PCI Driver;c:\windows\system32\drivers\windrvr.sys [12/31/2008 1:45 PM 161880] S2 gupdate1c9f0f18c0d087e;Google Update Service (gupdate1c9f0f18c0d087e);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2009 5:20 PM 133104] S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [5/28/2008 3:32 PM 10880] . Contents of the 'Scheduled Tasks' folder 2009-04-23 c:\windows\Tasks\DriverCure.job - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 19:07] 2009-06-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 15:20] 2009-04-23 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] 2009-04-23 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: {A73662E1-01DC-440F-9885-5963A2D4D2B0} = 192.168.1.4 FF - ProfilePath - . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-21 13:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3004) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll c:\windows\system32\browselc.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe . ************************************************************************ . Completion time: 2009-06-21 13:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-21 11:06 Pre-Run: 17,192,394,752 bytes free Post-Run: 17,113,845,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 229 --- E O F --- 2009-06-18 14:20 Uh, ovo je bilo tesko. Hvala na odgovoru. Jutros sam ukljucio PC i odmah otvorio Task Manager, performance. Celih 7 minuta PC je nesto "vrteo", CPU je radio i do 100%, povremeno, i onda, na kraju, sve se smirilo na oko 200MB. Dali ovo znaci da neki silni servisi ili/i programi se "podizu" toliko dugo? Opet hvala na pomoci Boza

Profil

magna86 Poslao: 22 Jun 2009 17:58 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj mi sledeci fajl: C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.dll.vir i posalji mi ga preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » HiJack log

Ko je trenutno na forumu

Ukupno su 955 korisnika na forumu :: 21 registrovanih, 4 sakrivenih i 930 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bato, dane007, darkojbn, Djokislav, Fog of War, goxin, havoc995, kybonacci, mikki jons, Milos82, nemkea71, Nikolaa11, novator, pein, Sir Budimir, slonic_tonic, sovanova95, Tas011, vaso1, wizzardone, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by