Procesor zauzet sa 100% svojih resursa... Molim pomoc!

Vidio sam dvije slicne teme, ali nijedna mi nije dala odgovor na moj problem, pa sam bio prinudjen otvoriti novi topic...
Imam slijedeci problem...
Kada upalim racunar sve se ponasa normalno i on radi kako bi trebalo... Kada se konektujem na internet, takodje sve funkcionise besprijekorno,ali... Cim pokrenem neki od browsera (Mozzila, Opera, IE) i posjetim bilo koju stranicu sem google-a, procesor momentalno pocinje da radi sa 100% svojih resursa... Pogasio sam sve one programe koji bi ga mogli tako "zaposliti" (od automatskog win update, do AV-a, firewall-a,... U task menageru vidim da rade samo sistemski fajlovi i ne mogu da dokucim sta ga ovako maltretira), provjerio sam temperaturu procesora misleci da sa kulerom nesto nije u redu, te je i temperatura normalna... Restartovanje nista ne pomaze i sve radi super dok ne pokrenem browser...
Da li je neko imao slican problem i da li neko zna neko rjesenje?
Hvala unaprijed!

Skini HiJackThis, uradi sken, i okachi log ovde na temi (kopiraj sa tekstualnog fajla na sledeci svoj post) radi analize.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:02, on 12.4.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe
O4 - HKLM\..\Run: [Service Host] C:\DOCUME~1\DAVORS~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\FreeRAM XP Pro 1.4\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B27F0BF-0F0B-4DF4-8019-D788087DD180}: NameServer = 80.65.162.101 217.199.128.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe

--
End of file - 5371 bytes

Hm. Log izgleda cisto. Skini Combofix, odradi scan (ne diraj racunar dok Combofix skenira) i posle toga okachi i Combofix log ovde radi analize. Hocu da budem siguran da se ovo ne desava zbog nekog malware-a.

@Binary Mind,izdalo te oko sokolovo

Imas dva parazita ovdje:
O4 - HKLM\..\Run: [Service Host] C:\DOCUME~1\DAVORS~1\LOCALS~1\Temp\svchost.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\system32\svchost..exe

@davor.stankovic
Ukloni sve te SpeedUpMyPC,RegistryBooster,FreeRAM i sl. programe jer od njih nemas apsolutno
nikakve koristi nego vise stete ili eventualno samo placebo efekt.
Usput,ako imas neku beta verziju nod-a,i on hoce zezati,ali vjerojatnije je da je virus.

---

Uhhh, jedva sam pronasao ovaj topic, poprilicno ste ga ususkali :D

@Flash411... Hvala na ovim savjetima, poslusacu sve sto si rekao, a sto se tice nod-a... Nije u pitanju beta verzija.
I hvala Binary Mind na pomoci!
Pozdrav!

JBG. Umoran sam k'o pas I meni nekad nesto promakne. U svakom slucju ima nas vise pa se mozemo dopunjavati

Evo ga rijesen problem
Uradio sam sve kako ste rekli i sada je sve u najboljem redu

HVALA jos jednom i eto, ne znam kako da Vam uzvratim...
Mozda jednom virtualnom pivom, ili cokoladom, ne znam...

Za svaki slucaj odradi Combofix scan ako nisi i okachi i njegov log. Mozda su ostatci malware-a ostali.

OVo sam odradio odmah nakon sto si me to savjetovao (prvi put), pa sam nakon toga obrisao i ove programe "smetala"...

ComboFix 08-04-12.4 - Davor Stankovic 2008-04-13 0:49:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.138 [GMT 2:00]
Running from: C:\Documents and Settings\Davor Stankovic\Desktop\ComboFix.exe
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 21:36 . 2008-04-12 21:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 21:23 . 2008-04-11 21:23 <DIR> d-------- C:\Program Files\Lavalys
2008-04-11 21:14 . 2008-04-11 21:14 <DIR> d-------- C:\Program Files\SiSoftware
2008-04-10 22:12 . 2008-04-11 20:58 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\Uniblue
2008-04-10 22:11 . 2008-04-11 20:57 <DIR> d-------- C:\Program Files\Uniblue
2008-04-09 23:59 . 2008-04-11 21:00 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\Hide IP NG
2008-04-08 09:24 . 2008-04-09 15:48 <DIR> d-------- C:\Program Files\Net Tools
2008-04-06 00:47 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-06 00:46 . 2008-04-06 00:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-05 18:46 . 2008-04-05 18:46 62 --a------ C:\WINDOWS\MyProg.ini
2008-04-05 18:15 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-04-05 17:53 . 2008-04-08 00:25 32 --a------ C:\WINDOWS\go
2008-04-04 21:20 . 2008-04-04 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 00:26 . 2008-04-04 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-04-04 00:25 . 2008-04-04 00:25 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\GRETECH
2008-04-03 00:16 . 2008-04-03 00:16 51,712 --a------ C:\WINDOWS\wc98pp.dll
2008-04-02 19:33 . 2008-04-02 19:33 78 --a------ C:\WINDOWS\AbsoluteTelnet.trg
2008-04-02 19:32 . 2008-04-02 19:55 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\AbsoluteTelnet
2008-03-29 00:56 . 2008-04-02 23:39 <DIR> d-------- C:\tmp99
2008-03-16 22:47 . 2008-03-16 22:48 <DIR> d-------- C:\Program Files\WWW File Share Pro
2008-03-16 22:47 . 2000-12-05 19:30 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-03-16 22:47 . 2000-10-26 18:01 45,056 --a------ C:\WINDOWS\system32\NTSVC.OCX
2008-03-16 00:42 . 2008-03-25 17:28 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\BSplayer Pro
2008-03-16 00:41 . 2008-03-16 00:41 <DIR> d-------- C:\Program Files\Webteh
2008-03-14 00:40 . 2008-03-14 00:40 332 --a------ C:\WINDOWS\desctemp.dat
2008-03-13 23:49 . 2008-03-21 17:07 32 --a------ C:\WINDOWS\0
2008-03-13 23:49 . 2008-03-13 23:49 0 --a------ C:\WINDOWS\system32\0
2008-03-13 23:42 . 2004-12-22 02:32 369,024 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-03-13 23:42 . 2004-12-22 02:32 184,320 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2008-03-13 10:24 . 2008-03-21 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-13 10:18 . 2007-12-01 01:26 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 22:22 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\uTorrent
2008-04-10 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 13:46 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Skype
2008-04-09 13:24 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\skypePM
2008-04-05 17:19 --------- d-----w C:\Program Files\TrueTransparency
2008-04-03 22:32 --------- d-----w C:\Program Files\GetRight
2008-04-03 22:30 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-03 22:30 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\GetRight
2008-04-03 22:21 --------- d-----w C:\Program Files\Gabest
2008-03-21 10:08 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-03-13 21:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-10 22:02 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Thinstall
2008-03-07 23:37 --------- d-----w C:\Program Files\uTorrent
2008-03-06 10:17 --------- d-----w C:\Program Files\Macromedia

Nadjeno je jos ostataka koje je Combofix izbrisao. Ovo nije ceo log. Fali mnogo toga. Probaj ponovo.

Evo novog log-a:

ComboFix 08-04-12.4 - Davor Stankovic 2008-04-13 13:06:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.111 [GMT 2:00]
Running from: C:\Documents and Settings\Davor Stankovic\Desktop\ComboFix.exe
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\TEMP\1.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 21:36 . 2008-04-12 21:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 22:12 . 2008-04-13 01:02 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\Uniblue
2008-04-09 23:59 . 2008-04-11 21:00 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\Hide IP NG
2008-04-08 09:24 . 2008-04-09 15:48 <DIR> d-------- C:\Program Files\Net Tools
2008-04-06 00:47 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-06 00:46 . 2008-04-06 00:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-05 18:46 . 2008-04-05 18:46 62 --a------ C:\WINDOWS\MyProg.ini
2008-04-05 18:15 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-04-05 17:53 . 2008-04-08 00:25 32 --a------ C:\WINDOWS\go
2008-04-04 21:20 . 2008-04-04 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 00:26 . 2008-04-04 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-04-04 00:25 . 2008-04-04 00:25 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\GRETECH
2008-04-03 00:16 . 2008-04-03 00:16 51,712 --a------ C:\WINDOWS\wc98pp.dll
2008-04-02 19:33 . 2008-04-02 19:33 78 --a------ C:\WINDOWS\AbsoluteTelnet.trg
2008-04-02 19:32 . 2008-04-02 19:55 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\AbsoluteTelnet
2008-03-29 00:56 . 2008-04-02 23:39 <DIR> d-------- C:\tmp99
2008-03-16 22:47 . 2008-03-16 22:48 <DIR> d-------- C:\Program Files\WWW File Share Pro
2008-03-16 22:47 . 2000-12-05 19:30 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-03-16 22:47 . 2000-10-26 18:01 45,056 --a------ C:\WINDOWS\system32\NTSVC.OCX
2008-03-16 00:42 . 2008-03-25 17:28 <DIR> d-------- C:\Documents and Settings\Davor Stankovic\Application Data\BSplayer Pro
2008-03-14 00:40 . 2008-03-14 00:40 332 --a------ C:\WINDOWS\desctemp.dat
2008-03-13 23:49 . 2008-03-21 17:07 32 --a------ C:\WINDOWS\0
2008-03-13 23:49 . 2008-03-13 23:49 0 --a------ C:\WINDOWS\system32\0
2008-03-13 23:42 . 2004-12-22 02:32 369,024 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-03-13 23:42 . 2004-12-22 02:32 184,320 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2008-03-13 10:24 . 2008-03-21 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-13 10:18 . 2007-12-01 01:26 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:07 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\uTorrent
2008-04-10 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 13:46 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Skype
2008-04-09 13:24 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\skypePM
2008-04-03 22:30 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-03 22:30 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\GetRight
2008-03-21 10:08 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-03-13 21:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-10 22:02 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Thinstall
2008-03-07 23:37 --------- d-----w C:\Program Files\uTorrent
2008-03-06 10:17 --------- d-----w C:\Program Files\Macromedia
2008-03-03 23:23 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\GetRightToGo
2008-03-01 14:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 14:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 01:32 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Azureus
2008-03-01 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-25 23:37 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\RhinoSoft.com
2008-02-25 23:09 --------- d-----w C:\Program Files\ImTOO
2008-02-25 22:22 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-25 21:32 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\PC Suite
2008-02-25 21:32 --------- d-----w C:\Documents and Settings\Davor Stankovic\Application Data\Nokia
2008-02-25 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-25 21:30 --------- d-----w C:\Program Files\DIFX
2008-02-25 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-24 00:34 --------- d-----w C:\Program Files\FileZilla
2008-02-17 12:49 --------- d-----w C:\Program Files\%temp&
2008-01-27 12:01 3,221,948 ----a-w C:\WINDOWS\Novak Djokovic GRAND SLAM 2007.scr
2008-01-18 23:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 01:26 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 16:05 1410304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-01 01:26 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera 9.5 beta\\opera.exe"=
"C:\\Program Files\\WWW File Share Pro\\WWWFileSharePro.exe"=
"C:\\Program Files\\WWW File Share Pro\\Plugins\\Chat Room\\ChatRoom.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 09:48]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 13:54]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 13:10:13
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\DOCUME~1\DAVORS~1\LOCALS~1\Temp\catchme.dll
.
Completion time: 2008-04-13 13:11:20
ComboFix-quarantined-files.txt 2008-04-13 11:11:06
ComboFix2.txt 2008-04-12 22:58:45
Pre-Run: 613,646,336 bytes free
Post-Run: 603,049,984 bytes free
.
2008-04-10 09:23:14 --- E O F ---