Avast ne moze da obrise!

Avast ne moze da obrise!

offline
  • Pridružio: 13 Avg 2009
  • Poruke: 4

Ne razumem se bas u racunare , ali rekli su mi da ovde postavim ove logove pa cete me vi uputiti sta dalje da radim,naravno ako nije problem sto detaljnije posto se slabo snalazim na racunaru!
Imam neke viruse u racunaru,pa ako moze nekako to da se ocisti.Hvala u napred!


DDS (Ver_09-07-30.01) - NTFSx86
Run by dragana at 16:31:28,54 on cet 13.08.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.21 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dragana.NEW-F4C86356840\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Mario Forever Toolbar Helper: {8036d4d7-aad3-4793-ab49-329e437155a8} - c:\program files\mario forever toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
BHO: {c3f37eca-a8d9-4633-92c6-fe24c7d16aba} - c:\windows\system32\geBtUooN.dll
TB: Mario Forever Toolbar: {463df6d5-bec1-4d67-b217-59db692dfc53} - c:\program files\mario forever toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\dragan~1.new\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {EE1BC51A-0EB7-42C7-9C5B-6530E506DCB6} = 217.24.17.17 217.24.17.80
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: geBtUooN - geBtUooN.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: {c3f37eca-a8d9-4633-92c6-fe24c7d16aba} - c:\windows\system32\geBtUooN.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dragan~1.new\applic~1\mozilla\firefox\profiles\sa69g49k.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-8 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-8 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-8 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-8 352920]

=============== Created Last 30 ================

2009-08-13 14:28 <DIR> --d----- c:\program files\Mario Forever
2009-08-09 17:28 38 a------- c:\windows\avisplitter.INI
2009-08-09 11:24 3,255 a------- c:\windows\system32\wbem\Outlook_01ca18d33f26d5da.mof
2009-08-09 10:47 238 a------- c:\windows\mafosav.INI
2009-08-08 22:43 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-08 22:38 325,346 a------- c:\windows\Mario_Forever_Toolbar_Uninstaller_4140.exe
2009-08-08 22:38 <DIR> --d----- c:\program files\Mario Forever Toolbar
2009-08-08 22:32 <DIR> --d--r-- c:\program files\Skype
2009-08-08 22:30 414 a------- c:\windows\system32\lame_acm.xml
2009-08-08 22:30 389,120 a------- c:\windows\system32\lameACM.acm
2009-08-08 22:30 118,784 a------- c:\windows\system32\ac3acm.acm
2009-08-08 22:30 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-08-08 22:30 159,839 a------- c:\windows\system32\xvidvfw.dll
2009-08-08 22:30 81,920 a------- c:\windows\system32\dpl100.dll
2009-08-08 22:30 682,496 a------- c:\windows\system32\divx.dll
2009-08-08 22:30 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-08-08 22:30 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-08-08 22:30 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-08-08 22:28 <DIR> --d----- c:\program files\NCH Swift Sound
2009-08-08 22:25 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 22:19 <DIR> --d----- c:\docume~1\dragan~1.new\applic~1\AIMP
2009-08-08 22:19 <DIR> --d----- c:\program files\AIMP2
2009-08-08 22:19 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Innovative Solutions
2009-08-08 22:18 42,496 a------- c:\windows\system32\AdvUninstCPL.cpl
2009-08-08 22:18 <DIR> --d----- c:\program files\Innovative Solutions
2009-08-08 20:36 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-08-08 20:17 <DIR> --d----- c:\docume~1\dragan~1.new\applic~1\MSNInstaller

==================== Find3M ====================

2001-11-23 06:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 16:31:52,01 ===============


mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Molio bih te da ispratis uputstvo do kraja a tamo pise:

Preuzmite program GMER sa donjeg linka na Desktop: ...

btw.

Sto vise podataka imam, to bolje i za tebe i za mene, znacu koji alat da upotrebimo.

offline
  • Pridružio: 13 Avg 2009
  • Poruke: 4

Sorry..Evo :

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 13 Avg 2009
  • Poruke: 4

ComboFix 09-08-10.06 - dragana 13.08.2009 20:46.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.103 [GMT 2:00]
Running from: c:\documents and settings\dragana.NEW-F4C86356840\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NavExcel
c:\program files\NavExcel\NavHelper\v2.0.4a\NHelper.htm
c:\program files\NavExcel\NavHelper\v2.0.4a\v2.0.4a.cab
c:\recycler\S-1-5-21-117609710-1757981266-1801674531-1003

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 17:27 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-13 12:28 . 2009-08-13 12:28 -------- d-----w- c:\program files\Mario Forever
2009-08-08 21:48 . 2009-08-08 21:48 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Local Settings\Application Data\Innovative Solutions
2009-08-08 20:43 . 2009-08-08 20:43 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-08 20:43 . 2009-08-13 14:09 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Application Data\skypePM
2009-08-08 20:42 . 2009-08-08 20:42 0 ----a-w- c:\windows\nsreg.dat
2009-08-08 20:42 . 2009-08-08 20:42 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Local Settings\Application Data\Mozilla
2009-08-08 20:38 . 2009-08-08 20:38 325346 ----a-w- c:\windows\Mario_Forever_Toolbar_Uninstaller_4140.exe
2009-08-08 20:38 . 2009-08-08 20:38 -------- d-----w- c:\program files\Mario Forever Toolbar
2009-08-08 20:34 . 2009-08-13 18:43 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Application Data\Skype
2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----w- c:\program files\Common Files\Skype
2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----r- c:\program files\Skype
2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-08-08 20:30 . 2004-01-25 15:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-08 20:30 . 2008-01-10 11:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-08 20:30 . 2007-11-29 21:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-08-08 20:30 . 2007-12-04 00:33 682496 ----a-w- c:\windows\system32\divx.dll
2009-08-08 20:30 . 2008-03-04 10:33 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-08 20:30 . 2009-08-08 20:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-08 20:28 . 2009-08-08 20:28 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-08 20:25 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 20:19 . 2009-08-09 10:08 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Application Data\AIMP
2009-08-08 20:19 . 2009-08-08 20:19 -------- d-----w- c:\program files\AIMP2
2009-08-08 20:19 . 2009-08-08 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Innovative Solutions
2009-08-08 20:18 . 2009-08-08 20:18 -------- d-----w- c:\program files\Innovative Solutions
2009-08-08 20:17 . 2009-08-08 20:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-08 19:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 19:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 19:46 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-08 19:46 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 19:46 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 19:46 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 19:46 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-08 19:46 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-08 19:46 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 18:36 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-08-08 18:17 . 2009-08-08 21:20 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 10:26 . 2009-04-01 00:42 -------- d-----w- c:\documents and settings\dragana.NEW-F4C86356840\Application Data\Winamp
2009-08-08 22:16 . 2008-10-14 11:49 -------- d-----w- c:\program files\Zuma Deluxe
2009-08-08 20:36 . 2008-03-29 17:56 -------- d-----w- c:\program files\Winamp
2009-08-08 20:19 . 2009-08-08 20:19 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-08-08 20:15 . 2008-05-17 16:34 -------- d-----w- c:\program files\Common Files\Adobe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-06-29 569344]

c:\documents and settings\Dragana\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\dragana.NEW-F4C86356840\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.8.2009 21:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.8.2009 21:46 20560]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-geBtUooN - geBtUooN.dll


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {EE1BC51A-0EB7-42C7-9C5B-6530E506DCB6} = 217.24.17.17 217.24.17.80
FF - ProfilePath - c:\documents and settings\dragana.NEW-F4C86356840\Application Data\Mozilla\Firefox\Profiles\sa69g49k.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-13 20:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-13 20:51
ComboFix-quarantined-files.txt 2009-08-13 18:51

Pre-Run: 1.088.888.832 bytes free
Post-Run: 1.899.757.568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

169 --- E O F --- 2009-08-13 17:27

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Da li imas nekih problema sada, jel' sve u redu ?

offline
  • Pridružio: 13 Avg 2009
  • Poruke: 4

Za sada ne vidim da ima problema! Jel sve ok sada ? Racunar mi je cist ?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 804 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 769 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amaterSRB, Astore Vajola, dragon986, francis begbie, goxin, Jovan Nenad, ljuba, lukac, madza, MarKhan, MB120mm, mercedesamg, Mercury, Misirac, nuke92, ozzy, raketaš, rovac, S-lash, Snorks, Steeeefan, Toni, vathra, vlvl, vranjanac29, YU-UKI, zixmix