windows explorer crash vista

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Molim za pomoc, ako je ima
naime vec dva dana moj lt boluje: windows eplorer crashes svaki put kad pokusam da otvorim neki folder, control panel itd.
avg, win defender ne registruju nista neregularno, kao ni boot sa vista dvd- system repair...

imam famozni explorer.exe c:\windows\config\lsass.exe koji ne mogu da eliminisem, kao iregularni lssas.exe u system32
thx

mycity.rs/must-login.png

Dopuna: 13 Jun 2008 23:47

evo i ceo hj log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:06 PM, on 6/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Users\Acer\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D32B13A5-930D-482F-831B-008D95E8A5F3} - C:\Windows\system32\iifCVPfg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvVPgHy.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9172 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-06-12.2 - Acer 2008-06-14 1:34:35.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1251.7.1033.18.320 [GMT 2:00]
Running from: C:\Users\Acer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\acKjkUtv.ini
C:\Windows\System32\acKjkUtv.ini2
C:\Windows\System32\gfPVCfii.ini
C:\Windows\System32\gfPVCfii.ini2
C:\Windows\system32\iifCVPfg.dll
C:\Windows\system32\ljJBtutu.dll
C:\Windows\system32\tuvVPgHy.dll
C:\Windows\System32\ututBJjl.ini
C:\Windows\System32\ututBJjl.ini2
C:\Windows\system32\vtUkjKca.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Users\Acer\AppData\Roaming\Uniblue
2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Program Files\Uniblue
2008-06-13 23:59 . 2008-06-13 23:59 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-06-13 23:52 . 2008-06-13 23:52 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$lsdrive$
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$bootdrive$
2008-06-12 16:44 . 2008-06-12 16:44 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-12 15:44 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood
2008-06-12 15:34 . 2008-06-13 20:58 <DIR> d-------- C:\Program Files\HP
2008-06-09 13:53 . 2008-06-09 13:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-09 13:53 . 2008-06-09 13:53 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-05-25 22:16 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood.Tmp
2008-05-25 22:15 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-05-20 16:14 . 2008-05-20 16:14 205 --a------ C:\Windows\pdf2word.INI
2008-05-20 16:12 . 2008-05-20 16:12 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-17 19:45 . 2008-05-18 10:26 <DIR> d-------- C:\Program Files\Notebook Hardware Control
2008-05-17 19:45 . 2008-05-18 10:14 22,528 --a------ C:\Windows\System32\drivers\nhcDriver.sys
2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 23:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\uTorrent
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\GHISLER
2008-06-12 18:35 --------- d-----w C:\Users\Acer\AppData\Roaming\Skype
2008-06-12 18:33 --------- d-----w C:\Users\Acer\AppData\Roaming\skypePM
2008-06-11 18:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-07 14:05 --------- d-----w C:\Users\Acer\AppData\Roaming\foobar2000
2008-05-31 14:26 --------- d-----w C:\Program Files\FlashGet
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-11 12:56 --------- d-----w C:\Users\Acer\AppData\Roaming\AccurateRip
2008-05-04 14:32 --------- d-----w C:\Program Files\foobar2000
2008-05-04 14:22 --------- d-----w C:\Program Files\QuickTime
2008-05-03 11:37 --------- d-----w C:\Users\Acer\AppData\Roaming\iPodSoft
2008-05-03 11:36 --------- d-----w C:\Program Files\iPodSoft
2008-05-03 11:20 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-03 10:25 --------- d-----w C:\Users\Acer\AppData\Roaming\Apple Computer
2008-05-03 10:24 --------- d-----w C:\ProgramData\Apple Computer
2008-05-03 10:24 --------- d-----w C:\Program Files\iTunes
2008-05-03 10:24 --------- d-----w C:\Program Files\iPod
2008-05-03 10:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 10:11 --------- d-----w C:\ProgramData\Apple
2008-04-25 16:27 --------- d-----w C:\Program Files\Launch Manager
2008-04-24 13:15 --------- d-----w C:\Program Files\Reshade
2008-04-19 13:07 --------- d-----w C:\Users\Acer\AppData\Roaming\UseNeXT
2008-04-13 18:15 --------- d-----w C:\Program Files\Save Flash
2008-04-13 12:23 --------- d-----w C:\Users\Acer\AppData\Roaming\Nero
2008-04-13 12:21 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-13 12:18 --------- d-----w C:\ProgramData\Nero
2008-04-13 12:18 --------- d-----w C:\Program Files\Nero
2008-04-13 12:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-13 09:16 --------- d-----w C:\Program Files\Winamp
2008-04-13 09:15 --------- d-----w C:\Users\Acer\AppData\Roaming\Winamp
2007-12-08 20:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-08 20:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-30 13:26 520,192 ----a-w C:\Program Files\WinDjView-0.5.exe
2007-09-28 06:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-04 16:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:47 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" [2007-10-08 14:45 6731312]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 22:45 815104]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-06 22:24 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
--a------ 2006-11-28 18:43 754712 C:\Program Files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-28 18:38 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\rqRJYpoP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-30 21:37 4186112 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"AMTray.exe"="C:\Acer\Empowering Technology\amtray.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2930430713-874102958-4048720246-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C7B8505-2F10-4B3A-8F16-568DE3DA663C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{68923D89-7C43-4575-BE10-6DFC5A6916AB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF6183EA-12E3-4C24-9929-1075EF9A58F9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D6056FDB-AFF5-4F3C-9065-CF5D86B5C691}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E5E499F-6295-4D84-B452-2ABBDD97866E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF311666-4C06-4EF8-8EAF-D49AB8426059}"= UDP:20823:BitComet 20823 TCP
"{EA24A7C7-46A5-4B87-A27B-A9E6BAFB79E9}"= TCP:20823:BitComet 20823 UDP
"TCP Query User{30733A76-0282-4F1C-9989-E0434C452167}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E91CD708-B4A8-4EFA-89E0-4E5A64AE3930}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0E4EC9AB-4A71-4352-804B-72FC7EC816DA}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= UDP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{FCD3C21B-2A3D-44F8-A748-991901A5DD78}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= TCP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{7A8C4780-7839-4B82-B30D-13C852FACFE3}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= UDP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{761E137B-F5F9-4553-8C7E-DA905BAE3131}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= TCP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{1DE65225-580E-4867-8A76-9E42E0F5059B}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{7AD86843-6F21-4979-A74E-19C4E19BF3C8}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{91DC45CB-5145-44B5-BD02-B9B076EBDBC4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B769FCBF-8933-41F9-92AB-39CC83AFBC0B}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{1B876473-4BBE-4FAC-A8D0-DF7B4E1694D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{5577B22C-2F7A-4B97-81E9-1914311753BA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{19DB30D7-DBE5-4633-A029-B06A0120347F}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72C24D2-00CB-464E-92FA-D9FB9B9B1FCC}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{6CFC4B78-4011-4DC7-B17A-FD21E30E22A6}"= Disabled:UDP:13432:BitComet 13432 TCP(ED2K)
"{033B0B05-16BF-4E1C-913E-42811C3CFB2A}"= Disabled:TCP:13432:BitComet 13432 UDP(ED2K)
"{93905F7D-7049-40AA-BA2D-59A5EE82CD08}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C22154B3-F279-4BC1-AA8D-818EC1FBCDC3}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C65A86F2-7578-4ECB-9350-773DC407331E}"= UDP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"{EC7A9F09-33B6-4C59-85F6-049942C774D9}"= TCP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"TCP Query User{B0079BDA-5583-4DA5-BE0D-6FA35FE64EC4}C:\\program files\\emule\\emule.exe"= Disabled:UDP:4662|RPort=4662|C:\program files\emule\emule.exe:eMule
"UDP Query User{0A23E160-43AD-45E4-830A-C579DD550A60}C:\\program files\\emule\\emule.exe"= Disabled:TCP:4672|RPort=4672|C:\program files\emule\emule.exe:eMule
"{38CD4506-774C-4A48-98C6-F780A5F494C8}"= UDP:4661:eMule_TCP
"{C895E320-D6D6-4CF2-B1D7-6D011738E6D3}"= TCP:4671:eMule_UDP
"TCP Query User{FE44BB13-17CC-43B4-AC09-5C34D9E69BA7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D375DBE-1A7C-4885-A11D-C73998595E49}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{86600D13-F8CE-4009-BCF9-51D4D88C819E}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{45BAC60A-BD3C-4C7C-A29B-478BC632C7A8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6A4C3621-E55B-43A7-9C51-69D46530D2DA}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{B5CFA248-1E27-41B8-B818-049BE4A74C28}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{74108549-1948-4D8C-BBB4-CAA7484A629C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B058D2E8-4B44-4685-9730-B29F3B007003}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A2CC92A-6C8D-4E6B-A000-BA54D93CBF78}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{BADBB368-7707-4497-B4DE-5F203E116741}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{11811E9A-7757-4BD4-BC55-ABF8F475E42C}C:\\users\\acer\\desktop\\radni\\emule.exe"= UDP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"UDP Query User{D49D88DF-C3F1-45CD-87FC-49CF52E3D02C}C:\\users\\acer\\desktop\\radni\\emule.exe"= TCP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"{E7A5B225-5AE8-49F1-B634-E0F1593198A5}"= UDP:23076:BitComet 23076 TCP
"{C6BCDF76-1972-4068-AA83-D79A13CF0D29}"= TCP:23076:BitComet 23076 UDP
"{E150F738-5CC1-4345-A700-98B432B56929}"= UDP:14339:BitComet 14339 TCP(ED2K)
"{636A7A0F-1152-49A5-8599-BEC615333944}"= TCP:14339:BitComet 14339 UDP(ED2K)
"TCP Query User{98E7D89C-4E3C-4496-BBB8-C20A1F544C14}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= UDP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"UDP Query User{DFFF0A1F-CA15-4410-B67A-81881B8C688E}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= TCP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"TCP Query User{0E47C26C-1406-4ACA-8868-709413B1C9E8}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{6C5AEAB4-08BC-4F5F-840D-B8FB8C608C8A}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{3E29ED62-D79D-45FB-9A85-E1E4C905BDEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{97237A73-92ED-4D7F-AB39-B4C4D39C4B0F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{151B3652-B1B6-44D5-B264-17AE65090AB2}"= UDP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{B6C82BCE-16DD-47CB-B9FF-D0FA9B2FC5E5}"= TCP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{4A9ADAD2-8953-4757-9763-7D0A7B5FCBBB}"= UDP:119:usenext_tcp
"TCP Query User{A4ED4996-AE4C-4BE4-8BBF-6B204BFB1E80}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{126C7AB4-8C66-428B-8752-1D2200DF3064}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{EE31C583-32B4-408E-A091-E8E71920A228}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{D61872CE-F917-4368-97D8-31867FFEFA0C}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AB249E4-17BB-4DFD-A7DE-C848360A705C}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{28CB1C53-FC3C-4042-A6AE-B8E034355FB3}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{F5E40BFA-D52D-48F8-9305-95629EFD1711}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{019143D2-202A-4E8D-817A-6A90F6D109F9}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{8F66B6DF-41C9-457F-A646-4EFB1CE01D17}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C81B434-1413-47A2-A39E-29FFE9E7EEBC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0F9E2B0F-6EEE-4173-B9E5-FE471A842F9E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8E07E683-2149-4618-B488-F2C9C53D4105}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{89F826F5-3DCA-4024-B50E-7F8DD68A08C1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DAA268DF-35FB-4F18-9862-1F3D1F759CFF}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 OsaFsLoc;OsaFsLoc;C:\Windows\system32\drivers\OsaFsLoc.sys [2006-12-28 14:17]
R2 osaio;osaio;C:\Windows\system32\drivers\osaio.sys [2006-11-06 16:48]
R2 osanbm;osanbm;C:\Windows\system32\drivers\osanbm.sys [2006-11-09 10:56]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 02:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-03 02:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab4e9d0-ba9d-11dc-89b8-000000000000}]
\shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {395787D8-AB35-3BCE-772B-1C50144B1CDC} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 15:16:55 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\SystemOptimizer.exe
"2008-06-13 23:54:06 C:\Windows\Tasks\Vista Manager - Free Memory.job"
- C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-14 01:54:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-06-14 2:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 00:03:16

Pre-Run: 13,789,442,048 bytes free
Post-Run: 13,400,670,208 bytes free

290 --- E O F --- 2008-04-03 16:26:50

Dopuna: 14 Jun 2008 2:09

I sta sad?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab4e9d0-ba9d-11dc-89b8-000000000000}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio


ComboFix 08-06-12.2 - Acer 2008-06-14 2:28:21.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1251.7.1033.18.344 [GMT 2:00]
Running from: C:\Users\Acer\Desktop\ComboFix.exe
Command switches used :: C:\Users\Acer\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Users\Acer\AppData\Roaming\Uniblue
2008-06-14 01:25 . 2008-06-14 01:25 <DIR> d-------- C:\Program Files\Uniblue
2008-06-13 23:59 . 2008-06-13 23:59 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-06-13 23:52 . 2008-06-13 23:52 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$lsdrive$
2008-06-13 11:02 . 2008-06-13 11:02 0 -rahs---- C:\$bootdrive$
2008-06-12 16:44 . 2008-06-12 16:44 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-12 15:44 . 2008-06-13 20:58 <DIR> d-------- C:\Windows\LastGood
2008-06-12 15:34 . 2008-06-14 02:19 <DIR> d-------- C:\Program Files\HP
2008-06-09 13:53 . 2008-06-09 13:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-09 13:53 . 2008-06-09 13:53 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-25 22:18 . 2008-05-25 22:18 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-05-25 22:15 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-05-20 16:14 . 2008-05-20 16:14 205 --a------ C:\Windows\pdf2word.INI
2008-05-20 16:12 . 2008-05-20 16:12 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-17 19:45 . 2008-05-18 10:26 <DIR> d-------- C:\Program Files\Notebook Hardware Control
2008-05-17 19:45 . 2008-05-18 10:14 22,528 --a------ C:\Windows\System32\drivers\nhcDriver.sys
2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Program Files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 23:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\uTorrent
2008-06-13 18:58 --------- d-----w C:\Users\Acer\AppData\Roaming\GHISLER
2008-06-12 18:35 --------- d-----w C:\Users\Acer\AppData\Roaming\Skype
2008-06-12 18:33 --------- d-----w C:\Users\Acer\AppData\Roaming\skypePM
2008-06-11 18:18 --------- d-----w C:\Program Files\SpeedFan
2008-06-07 14:05 --------- d-----w C:\Users\Acer\AppData\Roaming\foobar2000
2008-06-07 08:23 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-31 14:26 --------- d-----w C:\Program Files\FlashGet
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 08:21 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-11 12:56 --------- d-----w C:\Users\Acer\AppData\Roaming\AccurateRip
2008-05-04 14:32 --------- d-----w C:\Program Files\foobar2000
2008-05-04 14:22 --------- d-----w C:\Program Files\QuickTime
2008-05-03 11:37 --------- d-----w C:\Users\Acer\AppData\Roaming\iPodSoft
2008-05-03 11:36 --------- d-----w C:\Program Files\iPodSoft
2008-05-03 11:20 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-03 10:25 --------- d-----w C:\Users\Acer\AppData\Roaming\Apple Computer
2008-05-03 10:24 --------- d-----w C:\ProgramData\Apple Computer
2008-05-03 10:24 --------- d-----w C:\Program Files\iTunes
2008-05-03 10:24 --------- d-----w C:\Program Files\iPod
2008-05-03 10:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 10:11 --------- d-----w C:\ProgramData\Apple
2008-04-25 16:27 --------- d-----w C:\Program Files\Launch Manager
2008-04-24 13:15 --------- d-----w C:\Program Files\Reshade
2008-04-19 13:07 --------- d-----w C:\Users\Acer\AppData\Roaming\UseNeXT
2007-12-08 20:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-08 20:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-30 13:26 520,192 ----a-w C:\Program Files\WinDjView-0.5.exe
2007-09-28 06:32 174 --sha-w C:\Program Files\desktop.ini
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-04 16:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-04 16:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_ 2.02.37.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 23:54:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-14 00:31:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:47 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe.exe" [2007-10-08 14:45 6731312]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 22:45 815104]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-06 22:24 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
--a------ 2006-11-28 18:43 754712 C:\Program Files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-28 18:38 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-30 21:37 4186112 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-05-05 13:01 99608 c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"AMTray.exe"="C:\Acer\Empowering Technology\amtray.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2930430713-874102958-4048720246-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C7B8505-2F10-4B3A-8F16-568DE3DA663C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{68923D89-7C43-4575-BE10-6DFC5A6916AB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF6183EA-12E3-4C24-9929-1075EF9A58F9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D6056FDB-AFF5-4F3C-9065-CF5D86B5C691}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E5E499F-6295-4D84-B452-2ABBDD97866E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF311666-4C06-4EF8-8EAF-D49AB8426059}"= UDP:20823:BitComet 20823 TCP
"{EA24A7C7-46A5-4B87-A27B-A9E6BAFB79E9}"= TCP:20823:BitComet 20823 UDP
"TCP Query User{30733A76-0282-4F1C-9989-E0434C452167}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E91CD708-B4A8-4EFA-89E0-4E5A64AE3930}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0E4EC9AB-4A71-4352-804B-72FC7EC816DA}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= UDP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{FCD3C21B-2A3D-44F8-A748-991901A5DD78}C:\\program files\\sprite software\\sprite backup\\spriteservice.exe"= TCP:C:\program files\sprite software\sprite backup\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{7A8C4780-7839-4B82-B30D-13C852FACFE3}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= UDP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"UDP Query User{761E137B-F5F9-4553-8C7E-DA905BAE3131}C:\\program files\\sprite backup for smartphone\\spriteservice.exe"= TCP:C:\program files\sprite backup for smartphone\spriteservice.exe:Sprite Backup PC Service
"TCP Query User{1DE65225-580E-4867-8A76-9E42E0F5059B}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{7AD86843-6F21-4979-A74E-19C4E19BF3C8}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{91DC45CB-5145-44B5-BD02-B9B076EBDBC4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{B769FCBF-8933-41F9-92AB-39CC83AFBC0B}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{1B876473-4BBE-4FAC-A8D0-DF7B4E1694D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{5577B22C-2F7A-4B97-81E9-1914311753BA}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{19DB30D7-DBE5-4633-A029-B06A0120347F}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72C24D2-00CB-464E-92FA-D9FB9B9B1FCC}C:\\users\\acer\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{6CFC4B78-4011-4DC7-B17A-FD21E30E22A6}"= Disabled:UDP:13432:BitComet 13432 TCP(ED2K)
"{033B0B05-16BF-4E1C-913E-42811C3CFB2A}"= Disabled:TCP:13432:BitComet 13432 UDP(ED2K)
"{93905F7D-7049-40AA-BA2D-59A5EE82CD08}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C22154B3-F279-4BC1-AA8D-818EC1FBCDC3}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C65A86F2-7578-4ECB-9350-773DC407331E}"= UDP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"{EC7A9F09-33B6-4C59-85F6-049942C774D9}"= TCP:C:\Program Files\eMule\LinkCreator.exe:LinkCreator
"TCP Query User{B0079BDA-5583-4DA5-BE0D-6FA35FE64EC4}C:\\program files\\emule\\emule.exe"= Disabled:UDP:4662|RPort=4662|C:\program files\emule\emule.exe:eMule
"UDP Query User{0A23E160-43AD-45E4-830A-C579DD550A60}C:\\program files\\emule\\emule.exe"= Disabled:TCP:4672|RPort=4672|C:\program files\emule\emule.exe:eMule
"{38CD4506-774C-4A48-98C6-F780A5F494C8}"= UDP:4661:eMule_TCP
"{C895E320-D6D6-4CF2-B1D7-6D011738E6D3}"= TCP:4671:eMule_UDP
"TCP Query User{FE44BB13-17CC-43B4-AC09-5C34D9E69BA7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D375DBE-1A7C-4885-A11D-C73998595E49}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{86600D13-F8CE-4009-BCF9-51D4D88C819E}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{45BAC60A-BD3C-4C7C-A29B-478BC632C7A8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6A4C3621-E55B-43A7-9C51-69D46530D2DA}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{B5CFA248-1E27-41B8-B818-049BE4A74C28}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{74108549-1948-4D8C-BBB4-CAA7484A629C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B058D2E8-4B44-4685-9730-B29F3B007003}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A2CC92A-6C8D-4E6B-A000-BA54D93CBF78}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{BADBB368-7707-4497-B4DE-5F203E116741}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{11811E9A-7757-4BD4-BC55-ABF8F475E42C}C:\\users\\acer\\desktop\\radni\\emule.exe"= UDP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"UDP Query User{D49D88DF-C3F1-45CD-87FC-49CF52E3D02C}C:\\users\\acer\\desktop\\radni\\emule.exe"= TCP:C:\users\acer\desktop\radni\emule.exe:emule.exe
"{E7A5B225-5AE8-49F1-B634-E0F1593198A5}"= UDP:23076:BitComet 23076 TCP
"{C6BCDF76-1972-4068-AA83-D79A13CF0D29}"= TCP:23076:BitComet 23076 UDP
"{E150F738-5CC1-4345-A700-98B432B56929}"= UDP:14339:BitComet 14339 TCP(ED2K)
"{636A7A0F-1152-49A5-8599-BEC615333944}"= TCP:14339:BitComet 14339 UDP(ED2K)
"TCP Query User{98E7D89C-4E3C-4496-BBB8-C20A1F544C14}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= UDP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"UDP Query User{DFFF0A1F-CA15-4410-B67A-81881B8C688E}C:\\users\\acer\\desktop\\radni\\bitcometkchb\\bitcomet\\bitcomet.exe"= TCP:C:\users\acer\desktop\radni\bitcometkchb\bitcomet\bitcomet.exe:bitcomet.exe
"TCP Query User{0E47C26C-1406-4ACA-8868-709413B1C9E8}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{6C5AEAB4-08BC-4F5F-840D-B8FB8C608C8A}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{3E29ED62-D79D-45FB-9A85-E1E4C905BDEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{97237A73-92ED-4D7F-AB39-B4C4D39C4B0F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{151B3652-B1B6-44D5-B264-17AE65090AB2}"= UDP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{B6C82BCE-16DD-47CB-B9FF-D0FA9B2FC5E5}"= TCP:C:\Program Files\UseNeXT\UseNeXT.exe:UseNeXT
"{4A9ADAD2-8953-4757-9763-7D0A7B5FCBBB}"= UDP:119:usenext_tcp
"TCP Query User{A4ED4996-AE4C-4BE4-8BBF-6B204BFB1E80}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{126C7AB4-8C66-428B-8752-1D2200DF3064}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"TCP Query User{EE31C583-32B4-408E-A091-E8E71920A228}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{D61872CE-F917-4368-97D8-31867FFEFA0C}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AB249E4-17BB-4DFD-A7DE-C848360A705C}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{28CB1C53-FC3C-4042-A6AE-B8E034355FB3}C:\\users\\acer\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\acer\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{F5E40BFA-D52D-48F8-9305-95629EFD1711}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{019143D2-202A-4E8D-817A-6A90F6D109F9}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{8F66B6DF-41C9-457F-A646-4EFB1CE01D17}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0C81B434-1413-47A2-A39E-29FFE9E7EEBC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0F9E2B0F-6EEE-4173-B9E5-FE471A842F9E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8E07E683-2149-4618-B488-F2C9C53D4105}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{89F826F5-3DCA-4024-B50E-7F8DD68A08C1}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DAA268DF-35FB-4F18-9862-1F3D1F759CFF}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 OsaFsLoc;OsaFsLoc;C:\Windows\system32\drivers\OsaFsLoc.sys [2006-12-28 14:17]
R2 osaio;osaio;C:\Windows\system32\drivers\osaio.sys [2006-11-06 16:48]
R2 osanbm;osanbm;C:\Windows\system32\drivers\osanbm.sys [2006-11-09 10:56]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 02:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 14:32]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-03 02:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {395787D8-AB35-3BCE-772B-1C50144B1CDC} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 15:16:55 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\SystemOptimizer.exe
"2008-06-13 23:54:06 C:\Windows\Tasks\Vista Manager - Free Memory.job"
- C:\Program Files\Yamicsoft\Vista Manager\FreeMemory.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-14 02:31:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-14 2:33:07
ComboFix-quarantined-files.txt 2008-06-14 00:32:44
ComboFix2.txt 2008-06-14 00:03:31

Pre-Run: 12,990,218,240 bytes free
Post-Run: 12,855,132,160 bytes free

249 --- E O F --- 2008-04-03 16:26:50

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Bravo Care!

ne mogu da verujem da je komp opet normalan, posle dva dana akanja...

za sada sve radi o.k.
...trosi malo vise cpu i memoriju...

javicu sutra kakvo je stanje

sweat dreams

pozz