HiJack log

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Postovani,

Kompjuter mi je od nedavno veoma spor, iako neradi nijedan servis.

NOD32 ne nalazi viruse.

Defragmentizacija, uradjena.

Upomoc!!!!!!!!!!!!
Unapred zahvalan, Zoran Bozovic
[Link mogu videti samo ulogovani korisnici]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:37 AM, on 6/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Zoran\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200
O17 - HKLM\System\CCS\Services\Tcpip\..\{A73662E1-01DC-440F-9885-5963A2D4D2B0}: NameServer = 192.168.1.4
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f0f18c0d087e) (gupdate1c9f0f18c0d087e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3440 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav
log je cist i nema tragova infekcije. Idemo na dodatnu proveru.

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-06-20.04 - Zoran 06/21/2009 12:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1549 [GMT 2:00]
Running from: c:\documents and settings\Zoran\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Zoran\RavMonLog
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\kr_done1
H:\desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Service_ICF


((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-20 07:36 . 2009-06-20 20:14 -------- d-----w- c:\program files\Analog Clock
2009-06-20 06:57 . 2009-06-20 07:02 -------- d-----w- c:\program files\ClocX
2009-06-19 16:46 . 2009-06-19 17:04 -------- d-----w- c:\documents and settings\Zoran\Application Data\GeoSetter
2009-06-19 16:45 . 2009-06-19 16:46 -------- d-----w- c:\program files\GeoSetter
2009-06-19 07:31 . 2009-06-19 07:37 -------- d-----w- c:\documents and settings\Zoran\Application Data\TuFuse Pro
2009-06-19 07:30 . 2009-06-19 07:30 -------- d-----w- c:\program files\TuFusePro
2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\documents and settings\Zoran\ErrorLogs
2009-06-18 12:42 . 2009-06-18 14:20 914512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\program files\MSBuild
2009-06-18 12:42 . 2009-06-18 12:42 -------- d-----w- c:\program files\Reference Assemblies
2009-06-18 12:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-18 12:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-18 12:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-18 12:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-18 12:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-18 12:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-18 12:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-18 12:26 . 2009-06-18 12:26 -------- d--h--r- C:\AHCache
2009-06-18 11:47 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-18 11:47 . 2009-06-18 11:47 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 11:45 . 2009-06-18 11:46 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-18 11:45 . 2009-06-18 11:45 -------- d-----w- c:\windows\system32\LogFiles
2009-06-10 20:16 . 2009-06-10 20:16 -------- d-----w- c:\program files\Raw Therapee
2009-06-10 19:59 . 2009-06-10 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-09 16:49 . 2009-06-09 16:50 -------- d-----w- c:\program files\Exifer
2009-06-08 16:59 . 2007-03-20 12:49 2781184 ----a-w- c:\documents and settings\Zoran\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2009-06-08 16:51 . 2009-06-08 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 14:40 . 2009-06-06 14:40 -------- d-----w- c:\program files\Anything3D Corp
2009-06-06 13:51 . 2009-06-06 13:51 -------- d-----w- c:\program files\PhotomatixPro3
2009-06-04 17:34 . 2009-06-04 17:34 -------- d-----w- c:\program files\Microsoft
2009-06-04 17:28 . 2009-06-04 17:28 -------- d-----w- c:\documents and settings\Zoran\.idl
2009-06-04 16:55 . 2009-06-04 16:55 7680 ----a-w- c:\documents and settings\Zoran\Application Data\Thinstall\ArcSoft Panorama Maker 4 Pro\4000002500002i\ArcRegister.exe
2009-06-04 16:55 . 2009-06-04 16:55 -------- d-----w- c:\documents and settings\Zoran\Application Data\Thinstall
2009-06-04 16:18 . 2009-06-04 16:18 -------- d-----w- c:\documents and settings\Zoran\Local Settings\Application Data\ArcSoft
2009-06-04 16:18 . 2009-06-04 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-06-04 16:18 . 2009-06-04 16:55 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-04 16:18 . 2009-06-04 16:20 -------- d-----w- c:\documents and settings\Zoran\Application Data\ArcSoft
2009-06-02 16:02 . 2009-06-02 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-05-28 19:47 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Zoran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-27 18:09 . 2009-05-27 18:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-27 17:55 . 2009-06-19 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-26 16:20 . 2009-05-26 16:20 -------- d-----w- c:\program files\Media Player Classic
2009-05-23 16:26 . 2009-05-23 16:26 -------- d-----w- c:\documents and settings\Zoran\Application Data\WinBatch
2009-05-23 16:22 . 2009-05-23 16:50 -------- d-----w- c:\documents and settings\Zoran\Application Data\Moon Calculator
2009-05-23 16:22 . 2009-05-23 16:22 -------- d-----w- c:\program files\Moon Phase Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 09:27 . 2009-06-09 16:52 30 ----a-w- c:\program files\Exiferupdate.ini
2009-06-19 15:26 . 2009-01-17 16:50 -------- d-----w- c:\program files\Google
2009-06-18 13:55 . 2009-01-18 14:17 -------- d-----w- c:\documents and settings\Zoran\Application Data\Uniblue
2009-06-18 13:36 . 2008-05-27 13:14 76176 ----a-w- c:\documents and settings\Zoran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 20:36 . 2008-05-27 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 19:59 . 2008-05-27 13:44 -------- d-----w- c:\program files\Eset
2009-06-08 17:21 . 2008-05-27 14:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-07 10:25 . 2009-02-08 16:05 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-06-07 10:24 . 2009-02-08 16:06 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-06-06 14:40 . 2008-05-27 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 16:55 . 2008-12-21 16:07 -------- d-----w- c:\program files\ArcSoft
2009-06-04 16:10 . 2008-07-03 10:05 249856 ------w- c:\windows\Setup1.exe
2009-06-02 15:54 . 2009-01-10 17:49 -------- d-----w- c:\program files\QuickTime
2009-05-28 19:46 . 2009-03-14 13:29 -------- d-----w- c:\program files\Helicon Focus
2009-05-23 18:16 . 2009-04-19 11:22 -------- d-----w- c:\program files\RegiStax 5
2009-05-23 18:15 . 2009-02-21 16:45 -------- d-----w- c:\program files\easyHDR
2009-05-18 15:59 . 2008-06-30 18:51 -------- d-----w- c:\program files\CCleaner
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 18:42 . 2009-04-29 18:40 -------- d-----w- c:\program files\MultiRes
2009-04-29 18:40 . 2009-04-29 18:39 -------- d-----w- c:\program files\Radeon Omega Drivers v2.5.36b
2009-04-29 18:39 . 2009-04-29 18:40 724992 ----a-w- c:\windows\iun6002.exe
2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 19:28 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\Zoran\Application Data\DriverCure
2009-04-23 19:28 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-23 19:27 . 2009-04-23 19:27 -------- d-----w- c:\program files\ParetoLogic
2009-04-17 18:17 . 2009-04-17 18:17 6 ----a-w- C:\tw0001.dat
2009-04-17 09:58 . 2004-08-03 21:17 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-03 22:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 13:21 . 2009-04-09 13:21 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-04-09 13:18 . 2009-04-09 13:18 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-04-09 13:10 . 2009-04-09 13:10 113960 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_69525f90.exe
2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_4ae13d6c.exe
2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_2cd672ae.exe
2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_294823.exe
2009-03-28 15:24 . 2009-03-28 15:24 1078 ----a-r- c:\documents and settings\Zoran\Application Data\Microsoft\Installer\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_18be6784.exe
2008-12-31 10:26 . 2008-12-31 10:22 1538327 ----a-w- c:\program files\ai30ps_setup.exe
2008-12-21 09:09 . 2008-12-21 09:02 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2007-07-18 23:35 . 2007-07-18 19:03 158 ----a-w- c:\program files\Compression.ini
2008-11-20 19:39 . 2008-11-20 19:38 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= "c:\windows\system32\RadExe.dll" [2004-03-25 147456]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zoran^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\Zoran\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"\\\\zeus\\c$\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"\\\\ace\\c$\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16408:TCP"= 16408:TCP:NortonAV
"15372:TCP"= 15372:TCP:NortonAV
"13910:TCP"= 13910:TCP:NortonAV
"16249:TCP"= 16249:TCP:NortonAV
"17755:TCP"= 17755:TCP:NortonAV
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/9/2009 3:21 PM 94360]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [4/9/2009 3:19 PM 731840]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [5/27/2008 3:23 PM 176256]
S2 DTA FDL-PCI Driver;DTA FDL-PCI Driver;c:\windows\system32\drivers\windrvr.sys [12/31/2008 1:45 PM 161880]
S2 gupdate1c9f0f18c0d087e;Google Update Service (gupdate1c9f0f18c0d087e);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2009 5:20 PM 133104]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [5/28/2008 3:32 PM 10880]
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 19:07]

2009-06-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 15:20]

2009-04-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-04-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {A73662E1-01DC-440F-9885-5963A2D4D2B0} = 192.168.1.4
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-21 13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2009-06-21 13:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-21 11:06

Pre-Run: 17,192,394,752 bytes free
Post-Run: 17,113,845,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

229 --- E O F --- 2009-06-18 14:20
Uh, ovo je bilo tesko. Hvala na odgovoru.
Jutros sam ukljucio PC i odmah otvorio Task Manager, performance.
Celih 7 minuta PC je nesto "vrteo", CPU je radio i do 100%, povremeno,
i onda, na kraju, sve se smirilo na oko 200MB. Dali ovo znaci da neki silni servisi ili/i programi se "podizu" toliko dugo?

Opet hvala na pomoci
Boza

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upload-uj mi sledeci fajl:
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.dll.vir

i posalji mi ga preko sledeceg linka:
[Link mogu videti samo ulogovani korisnici]