windows explorer crash vista

windows explorer crash vista

offline
  • nicso 
  • Novi MyCity građanin
  • Pridružio: 13 Jun 2008
  • Poruke: 5

Molim za pomoc, ako je ima
naime vec dva dana moj lt boluje: windows eplorer crashes svaki put kad pokusam da otvorim neki folder, control panel itd.
avg, win defender ne registruju nista neregularno, kao ni boot sa vista dvd- system repair...

imam famozni explorer.exe c:\windows\config\lsass.exe koji ne mogu da eliminisem, kao iregularni lssas.exe u system32
thx

mycity.rs/must-login.png

Dopuna: 13 Jun 2008 23:47

evo i ceo hj log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:06 PM, on 6/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Users\Acer\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D32B13A5-930D-482F-831B-008D95E8A5F3} - C:\Windows\system32\iifCVPfg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvVPgHy.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9172 bytes

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pozdrav,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • nicso 
  • Novi MyCity građanin
  • Pridružio: 13 Jun 2008
  • Poruke: 5

ComboFix 08-06-12.2 - Acer 2008-06-14 1:34:35.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1251.7.1033.18.320 [GMT 2:00]
Running from: C:\Users\Acer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\acKjkUtv.ini
C:\Windows\System32\acKjkUtv.ini2
C:\Windows\System32\gfPVCfii.ini
C:\Windows\System32\gfPVCfii.ini2
C:\Windows\system32\iifCVPfg.dll
C:\Windows\system32\ljJBtutu.dll
C:\Windows\system32\tuvVPgHy.dll
C:\Windows\System32\ututBJjl.ini
C:\Windows\System32\ututBJjl.ini2
C:\Windows\system32\vtUkjKca.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Users\Acer\AppData\Roaming\Uniblue
2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Program Files\Uniblue
2008-06-13 23:59 . 2008-06-13 23:59 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-06-13 23:52 . 2008-06-13 23:52 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$lsdrive$
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$bootdrive$
2008-06-12 16:44 . 2008-06-12 16:44 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-12 15:44 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood
2008-06-12 15:34 . 2008-06-13 20:58 <DIR> d-------- C:\Program Files\HP
2008-06-09 13:53 . 2008-06-09 13:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-09 13:53 . 2008-06-09 13:53 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-05-25 22:16 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood.Tmp
2008-05-25 22:15 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-05-20 16:14 . 2008-05-20 16:14 205 --a------ C:\Windows\pdf2word.INI
2008-05-20 16:12 . 2008-05-20 16:12 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-17 19:45 . 2008-05-18 10:26 <DIR> d-------- C:\Program Files\Notebook Hardware Control
2008-05-17 19:45 . 2008-05-18 10:14 22,528 --a------ C:\Windows\System32\drivers\nhcDriver.sys
2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 23:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\uTorrent
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\GHISLER
2008-06-12 18:35 --------- d-----w C:\Users\Acer\AppData\Roaming\Skype
2008-06-12 18:33 --------- d-----w C:\Users\Acer\AppData\Roaming\skypePM
2008-06-11 18:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-07 14:05 --------- d-----w C:\Users\Acer\AppData\Roaming\foobar2000
2008-05-31 14:26 --------- d-----w C:\Program Files\FlashGet
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-11 12:56 --------- d-----w C:\Users\Acer\AppData\Roaming\AccurateRip
2008-05-04 14:32 --------- d-----w C:\Program Files\foobar2000
2008-05-04 14:22 --------- d-----w C:\Program Files\QuickTime
2008-05-03 11:37 --------- d-----w C:\Users\Acer\AppData\Roaming\iPodSoft
2008-05-03 11:36 --------- d-----w C:\Program Files\iPodSoft
2008-05-03 11:20 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-03 10:25 --------- d-----w C:\Users\Acer\AppData\Roaming\Apple Computer
2008-05-03 10:24 --------- d-----w C:\ProgramData\Apple Computer
2008-05-03 10:24 --------- d-----w C:\Program Files\iTunes
2008-05-03 10:24 --------- d-----w C:\Program Files\iPod
2008-05-03 10:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 10:11 --------- d-----w C:\ProgramData\Apple
2008-04-25 16:27 --------- d-----w C:\Program Files\Launch Manager
2008-04-24 13:15 --------- d-----w C:\Program Files\Reshade
2008-04-19 13:07 --------- d-----w C:\Users\Acer\AppData\Roaming\UseNeXT
2008-04-13 18:15 --------- d-----w C:\Program Files\Save Flash
2008-04-13 12:23 --------- d-----w C:\Users\Acer\AppData\Roaming\Nero
2008-04-13 12:21 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-13 12:18 --------- d-----w C:\ProgramData\Nero
2008-04-13 12:18 --------- d-----w C:\Program Files\Nero
2008-04-13 12:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-13 09:16 --------- d-----w C:\Program Files\Winamp
2008-04-13 09:15 --------- d-----w C:\Users\Acer\AppData\Roaming\Winamp
2007-12-08 20:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-08 20:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-30 13:26 520,192 ----a-w C:\Program Files\WinDjView-0.5.exe
2007-09-28 06:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-04 16:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:47 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" [2007-10-08 14:45 6731312]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 22:45 815104]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-06 22:24 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
--a------ 2006-11-28 18:43 754712 C:\Program Files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-28 18:38 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\rqRJYpoP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-30 21:37 4186112 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"AMTray.exe"="C:\Acer\Empowering Technology\amtray.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2930430713-874102958-4048720246-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C7B8505-2F10-4B3A-8F16-568DE3DA663C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{68923D89-7C43-4575-BE10-6DFC5A6916AB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF6183EA-12E3-4C24-9929-1075EF9A58F9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D6056FDB-AFF5-4F3C-9065-CF5D86B5C691}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E5E499F-6295-4D84-B452-2ABBDD97866E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF311666-4C06-4EF8-8EAF-D49AB8426059}"= UDP:20823:BitComet 20823 TCP
"{EA24A7C7-46A5-4B87-A27B-A9E6BAFB79E9}"= TCP:20823:BitComet 20823 UDP
"TCP Query User{30733A76-0282-4F1C-9989-E0434C452167}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E91CD708-B4A8-4EFA-89E0-4E5A64AE3930}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0E4EC9AB-4A71-4352-804B-72FC7EC816DA}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= UDP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{FCD3C21B-2A3D-44F8-A748-991901A5DD78}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= TCP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{7A8C4780-7839-4B82-B30D-13C852FACFE3}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= UDP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{761E137B-F5F9-4553-8C7E-DA905BAE3131}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= TCP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{1DE65225-580E-4867-8A76-9E42E0F5059B}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{7AD86843-6F21-4979-A74E-19C4E19BF3C8}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{91DC45CB-5145-44B5-BD02-B9B076EBDBC4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B769FCBF-8933-41F9-92AB-39CC83AFBC0B}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{1B876473-4BBE-4FAC-A8D0-DF7B4E1694D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{5577B22C-2F7A-4B97-81E9-1914311753BA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{19DB30D7-DBE5-4633-A029-B06A0120347F}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72C24D2-00CB-464E-92FA-D9FB9B9B1FCC}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{6CFC4B78-4011-4DC7-B17A-FD21E30E22A6}"= Disabled:UDP:13432:BitComet 13432 TCP(ED2K)
"{033B0B05-16BF-4E1C-913E-42811C3CFB2A}"= Disabled:TCP:13432:BitComet 13432 UDP(ED2K)
"{93905F7D-7049-40AA-BA2D-59A5EE82CD08}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C22154B3-F279-4BC1-AA8D-818EC1FBCDC3}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C65A86F2-7578-4ECB-9350-773DC407331E}"= UDP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"{EC7A9F09-33B6-4C59-85F6-049942C774D9}"= TCP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"TCP Query User{B0079BDA-5583-4DA5-BE0D-6FA35FE64EC4}C:\\program files\\emule\\emule.exe"= Disabled:UDP:4662|RPort=4662|C:\program files\emule\emule.exe:eMule
"UDP Query User{0A23E160-43AD-45E4-830A-C579DD550A60}C:\\program files\\emule\\emule.exe"= Disabled:TCP:4672|RPort=4672|C:\program files\emule\emule.exe:eMule
"{38CD4506-774C-4A48-98C6-F780A5F494C8}"= UDP:4661:eMule_TCP
"{C895E320-D6D6-4CF2-B1D7-6D011738E6D3}"= TCP:4671:eMule_UDP
"TCP Query User{FE44BB13-17CC-43B4-AC09-5C34D9E69BA7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D375DBE-1A7C-4885-A11D-C73998595E49}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{86600D13-F8CE-4009-BCF9-51D4D88C819E}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{45BAC60A-BD3C-4C7C-A29B-478BC632C7A8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6A4C3621-E55B-43A7-9C51-69D46530D2DA}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{B5CFA248-1E27-41B8-B818-049BE4A74C28}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{74108549-1948-4D8C-BBB4-CAA7484A629C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B058D2E8-4B44-4685-9730-B29F3B007003}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A2CC92A-6C8D-4E6B-A000-BA54D93CBF78}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{BADBB368-7707-4497-B4DE-5F203E116741}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{11811E9A-7757-4BD4-BC55-ABF8F475E42C}C:\\users\\acer\\desktop\\radni\\emule.exe"= UDP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"UDP Query User{D49D88DF-C3F1-45CD-87FC-49CF52E3D02C}C:\\users\\acer\\desktop\\radni\\emule.exe"= TCP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"{E7A5B225-5AE8-49F1-B634-E0F1593198A5}"= UDP:23076:BitComet 23076 TCP
"{C6BCDF76-1972-4068-AA83-D79A13CF0D29}"= TCP:23076:BitComet 23076 UDP
"{E150F738-5CC1-4345-A700-98B432B56929}"= UDP:14339:BitComet 14339 TCP(ED2K)
"{636A7A0F-1152-49A5-8599-BEC615333944}"= TCP:14339:BitComet 14339 UDP(ED2K)
"TCP Query User{98E7D89C-4E3C-4496-BBB8-C20A1F544C14}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= UDP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"UDP Query User{DFFF0A1F-CA15-4410-B67A-81881B8C688E}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= TCP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"TCP Query User{0E47C26C-1406-4ACA-8868-709413B1C9E8}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{6C5AEAB4-08BC-4F5F-840D-B8FB8C608C8A}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{3E29ED62-D79D-45FB-9A85-E1E4C905BDEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{97237A73-92ED-4D7F-AB39-B4C4D39C4B0F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{151B3652-B1B6-44D5-B264-17AE65090AB2}"= UDP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{B6C82BCE-16DD-47CB-B9FF-D0FA9B2FC5E5}"= TCP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{4A9ADAD2-8953-4757-9763-7D0A7B5FCBBB}"= UDP:119:usenext_tcp
"TCP Query User{A4ED4996-AE4C-4BE4-8BBF-6B204BFB1E80}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{126C7AB4-8C66-428B-8752-1D2200DF3064}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{EE31C583-32B4-408E-A091-E8E71920A228}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{D61872CE-F917-4368-97D8-31867FFEFA0C}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AB249E4-17BB-4DFD-A7DE-C848360A705C}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{28CB1C53-FC3C-4042-A6AE-B8E034355FB3}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{F5E40BFA-D52D-48F8-9305-95629EFD1711}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{019143D2-202A-4E8D-817A-6A90F6D109F9}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{8F66B6DF-41C9-457F-A646-4EFB1CE01D17}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C81B434-1413-47A2-A39E-29FFE9E7EEBC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0F9E2B0F-6EEE-4173-B9E5-FE471A842F9E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8E07E683-2149-4618-B488-F2C9C53D4105}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{89F826F5-3DCA-4024-B50E-7F8DD68A08C1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DAA268DF-35FB-4F18-9862-1F3D1F759CFF}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 OsaFsLoc;OsaFsLoc;C:\Windows\system32\drivers\OsaFsLoc.sys [2006-12-28 14:17]
R2 osaio;osaio;C:\Windows\system32\drivers\osaio.sys [2006-11-06 16:48]
R2 osanbm;osanbm;C:\Windows\system32\drivers\osanbm.sys [2006-11-09 10:56]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 02:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-03 02:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab4e9d0-ba9d-11dc-89b8-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {395787D8-AB35-3BCE-772B-1C50144B1CDC} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 15:16:55 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\SystemOptimizer.exe
"2008-06-13 23:54:06 C:\Windows\Tasks\Vista Manager - Free Memory.job"
- C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-14 01:54:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-06-14 2:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 00:03:16

Pre-Run: 13,789,442,048 bytes free
Post-Run: 13,400,670,208 bytes free

290 --- E O F --- 2008-04-03 16:26:50

Dopuna: 14 Jun 2008 2:09

I sta sad?

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab4e9d0-ba9d-11dc-89b8-000000000000}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • nicso 
  • Novi MyCity građanin
  • Pridružio: 13 Jun 2008
  • Poruke: 5

Uradio


ComboFix 08-06-12.2 - Acer 2008-06-14 2:28:21.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1251.7.1033.18.344 [GMT 2:00]
Running from: C:\Users\Acer\Desktop\ComboFix.exe
Command switches used :: C:\Users\Acer\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Users\Acer\AppData\Roaming\Uniblue
2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Program Files\Uniblue
2008-06-13 23:59 . 2008-06-13 23:59 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-06-13 23:52 . 2008-06-13 23:52 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$lsdrive$
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$bootdrive$
2008-06-12 16:44 . 2008-06-12 16:44 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-12 15:44 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood
2008-06-12 15:34 . 2008-06-14 02:19 <DIR> d-------- C:\Program Files\HP
2008-06-09 13:53 . 2008-06-09 13:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-09 13:53 . 2008-06-09 13:53 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-05-25 22:15 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-05-20 16:14 . 2008-05-20 16:14 205 --a------ C:\Windows\pdf2word.INI
2008-05-20 16:12 . 2008-05-20 16:12 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-17 19:45 . 2008-05-18 10:26 <DIR> d-------- C:\Program Files\Notebook Hardware Control
2008-05-17 19:45 . 2008-05-18 10:14 22,528 --a------ C:\Windows\System32\drivers\nhcDriver.sys
2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 23:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\uTorrent
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\GHISLER
2008-06-12 18:35 --------- d-----w C:\Users\Acer\AppData\Roaming\Skype
2008-06-12 18:33 --------- d-----w C:\Users\Acer\AppData\Roaming\skypePM
2008-06-11 18:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-07 14:05 --------- d-----w C:\Users\Acer\AppData\Roaming\foobar2000
2008-06-07 08:23 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-31 14:26 --------- d-----w C:\Program Files\FlashGet
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-11 12:56 --------- d-----w C:\Users\Acer\AppData\Roaming\AccurateRip
2008-05-04 14:32 --------- d-----w C:\Program Files\foobar2000
2008-05-04 14:22 --------- d-----w C:\Program Files\QuickTime
2008-05-03 11:37 --------- d-----w C:\Users\Acer\AppData\Roaming\iPodSoft
2008-05-03 11:36 --------- d-----w C:\Program Files\iPodSoft
2008-05-03 11:20 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-03 10:25 --------- d-----w C:\Users\Acer\AppData\Roaming\Apple Computer
2008-05-03 10:24 --------- d-----w C:\ProgramData\Apple Computer
2008-05-03 10:24 --------- d-----w C:\Program Files\iTunes
2008-05-03 10:24 --------- d-----w C:\Program Files\iPod
2008-05-03 10:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 10:11 --------- d-----w C:\ProgramData\Apple
2008-04-25 16:27 --------- d-----w C:\Program Files\Launch Manager
2008-04-24 13:15 --------- d-----w C:\Program Files\Reshade
2008-04-19 13:07 --------- d-----w C:\Users\Acer\AppData\Roaming\UseNeXT
2007-12-08 20:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-08 20:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-30 13:26 520,192 ----a-w C:\Program Files\WinDjView-0.5.exe
2007-09-28 06:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-04 16:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_ 2.02.37.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 23:54:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-14 00:31:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:47 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" [2007-10-08 14:45 6731312]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 22:45 815104]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-06 22:24 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
--a------ 2006-11-28 18:43 754712 C:\Program Files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-28 18:38 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-30 21:37 4186112 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-05-05 13:01 99608 c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"AMTray.exe"="C:\Acer\Empowering Technology\amtray.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2930430713-874102958-4048720246-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C7B8505-2F10-4B3A-8F16-568DE3DA663C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{68923D89-7C43-4575-BE10-6DFC5A6916AB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF6183EA-12E3-4C24-9929-1075EF9A58F9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D6056FDB-AFF5-4F3C-9065-CF5D86B5C691}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E5E499F-6295-4D84-B452-2ABBDD97866E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF311666-4C06-4EF8-8EAF-D49AB8426059}"= UDP:20823:BitComet 20823 TCP
"{EA24A7C7-46A5-4B87-A27B-A9E6BAFB79E9}"= TCP:20823:BitComet 20823 UDP
"TCP Query User{30733A76-0282-4F1C-9989-E0434C452167}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E91CD708-B4A8-4EFA-89E0-4E5A64AE3930}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0E4EC9AB-4A71-4352-804B-72FC7EC816DA}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= UDP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{FCD3C21B-2A3D-44F8-A748-991901A5DD78}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= TCP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{7A8C4780-7839-4B82-B30D-13C852FACFE3}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= UDP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{761E137B-F5F9-4553-8C7E-DA905BAE3131}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= TCP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{1DE65225-580E-4867-8A76-9E42E0F5059B}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{7AD86843-6F21-4979-A74E-19C4E19BF3C8}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{91DC45CB-5145-44B5-BD02-B9B076EBDBC4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B769FCBF-8933-41F9-92AB-39CC83AFBC0B}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{1B876473-4BBE-4FAC-A8D0-DF7B4E1694D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{5577B22C-2F7A-4B97-81E9-1914311753BA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{19DB30D7-DBE5-4633-A029-B06A0120347F}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72C24D2-00CB-464E-92FA-D9FB9B9B1FCC}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{6CFC4B78-4011-4DC7-B17A-FD21E30E22A6}"= Disabled:UDP:13432:BitComet 13432 TCP(ED2K)
"{033B0B05-16BF-4E1C-913E-42811C3CFB2A}"= Disabled:TCP:13432:BitComet 13432 UDP(ED2K)
"{93905F7D-7049-40AA-BA2D-59A5EE82CD08}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C22154B3-F279-4BC1-AA8D-818EC1FBCDC3}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C65A86F2-7578-4ECB-9350-773DC407331E}"= UDP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"{EC7A9F09-33B6-4C59-85F6-049942C774D9}"= TCP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"TCP Query User{B0079BDA-5583-4DA5-BE0D-6FA35FE64EC4}C:\\program files\\emule\\emule.exe"= Disabled:UDP:4662|RPort=4662|C:\program files\emule\emule.exe:eMule
"UDP Query User{0A23E160-43AD-45E4-830A-C579DD550A60}C:\\program files\\emule\\emule.exe"= Disabled:TCP:4672|RPort=4672|C:\program files\emule\emule.exe:eMule
"{38CD4506-774C-4A48-98C6-F780A5F494C8}"= UDP:4661:eMule_TCP
"{C895E320-D6D6-4CF2-B1D7-6D011738E6D3}"= TCP:4671:eMule_UDP
"TCP Query User{FE44BB13-17CC-43B4-AC09-5C34D9E69BA7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D375DBE-1A7C-4885-A11D-C73998595E49}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{86600D13-F8CE-4009-BCF9-51D4D88C819E}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{45BAC60A-BD3C-4C7C-A29B-478BC632C7A8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6A4C3621-E55B-43A7-9C51-69D46530D2DA}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{B5CFA248-1E27-41B8-B818-049BE4A74C28}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{74108549-1948-4D8C-BBB4-CAA7484A629C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B058D2E8-4B44-4685-9730-B29F3B007003}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A2CC92A-6C8D-4E6B-A000-BA54D93CBF78}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{BADBB368-7707-4497-B4DE-5F203E116741}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{11811E9A-7757-4BD4-BC55-ABF8F475E42C}C:\\users\\acer\\desktop\\radni\\emule.exe"= UDP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"UDP Query User{D49D88DF-C3F1-45CD-87FC-49CF52E3D02C}C:\\users\\acer\\desktop\\radni\\emule.exe"= TCP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"{E7A5B225-5AE8-49F1-B634-E0F1593198A5}"= UDP:23076:BitComet 23076 TCP
"{C6BCDF76-1972-4068-AA83-D79A13CF0D29}"= TCP:23076:BitComet 23076 UDP
"{E150F738-5CC1-4345-A700-98B432B56929}"= UDP:14339:BitComet 14339 TCP(ED2K)
"{636A7A0F-1152-49A5-8599-BEC615333944}"= TCP:14339:BitComet 14339 UDP(ED2K)
"TCP Query User{98E7D89C-4E3C-4496-BBB8-C20A1F544C14}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= UDP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"UDP Query User{DFFF0A1F-CA15-4410-B67A-81881B8C688E}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= TCP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"TCP Query User{0E47C26C-1406-4ACA-8868-709413B1C9E8}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{6C5AEAB4-08BC-4F5F-840D-B8FB8C608C8A}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{3E29ED62-D79D-45FB-9A85-E1E4C905BDEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{97237A73-92ED-4D7F-AB39-B4C4D39C4B0F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{151B3652-B1B6-44D5-B264-17AE65090AB2}"= UDP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{B6C82BCE-16DD-47CB-B9FF-D0FA9B2FC5E5}"= TCP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{4A9ADAD2-8953-4757-9763-7D0A7B5FCBBB}"= UDP:119:usenext_tcp
"TCP Query User{A4ED4996-AE4C-4BE4-8BBF-6B204BFB1E80}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{126C7AB4-8C66-428B-8752-1D2200DF3064}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{EE31C583-32B4-408E-A091-E8E71920A228}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{D61872CE-F917-4368-97D8-31867FFEFA0C}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AB249E4-17BB-4DFD-A7DE-C848360A705C}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{28CB1C53-FC3C-4042-A6AE-B8E034355FB3}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{F5E40BFA-D52D-48F8-9305-95629EFD1711}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{019143D2-202A-4E8D-817A-6A90F6D109F9}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{8F66B6DF-41C9-457F-A646-4EFB1CE01D17}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C81B434-1413-47A2-A39E-29FFE9E7EEBC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0F9E2B0F-6EEE-4173-B9E5-FE471A842F9E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8E07E683-2149-4618-B488-F2C9C53D4105}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{89F826F5-3DCA-4024-B50E-7F8DD68A08C1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DAA268DF-35FB-4F18-9862-1F3D1F759CFF}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 OsaFsLoc;OsaFsLoc;C:\Windows\system32\drivers\OsaFsLoc.sys [2006-12-28 14:17]
R2 osaio;osaio;C:\Windows\system32\drivers\osaio.sys [2006-11-06 16:48]
R2 osanbm;osanbm;C:\Windows\system32\drivers\osanbm.sys [2006-11-09 10:56]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 02:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-03 02:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {395787D8-AB35-3BCE-772B-1C50144B1CDC} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 15:16:55 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\SystemOptimizer.exe
"2008-06-13 23:54:06 C:\Windows\Tasks\Vista Manager - Free Memory.job"
- C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-14 02:31:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-14 2:33:07
ComboFix-quarantined-files.txt 2008-06-14 00:32:44
ComboFix2.txt 2008-06-14 00:03:31

Pre-Run: 12,990,218,240 bytes free
Post-Run: 12,855,132,160 bytes free

249 --- E O F --- 2008-04-03 16:26:50

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

offline
  • nicso 
  • Novi MyCity građanin
  • Pridružio: 13 Jun 2008
  • Poruke: 5

Bravo Care!

ne mogu da verujem da je komp opet normalan, posle dva dana akanja...

za sada sve radi o.k.
...trosi malo vise cpu i memoriju...

javicu sutra kakvo je stanje

sweat dreams

pozz

Ko je trenutno na forumu
 

Ukupno su 990 korisnika na forumu :: 48 registrovanih, 12 sakrivenih i 930 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Rade, arsa, Ben Roj, bladesu, brundo65, Doca, doklevise, Dorcolac, dragoljub11987, Georgius, havoc995, ikan, ivan979, Još malo pa deda, kinez88, KOV, Krusarac, kunktator, kybonacci, Lieutenant, ljuba, lord sir giga, LUDI, Luka Blažević, M1los, marsovac 2, mercedesamg, milenko crazy north, MiroslavD, mnn2, Neretva, oldtimer, S2M, sap, slonic_tonic, Smiljke, Stoilkovic, theNedjeljko, tubular, VanHelsing, vathra, VJ, voja64, Volkhov-M, zixmix, zlaya011, Čivi