MyCity » Ambulanta -> Arhiva Ambulante » Zbunjena, molim pomoc

Zbunjena, molim pomoc

Napisano na dan: 21.4.2010
2

Zbunjena, molim pomoc
Pagination Prethodna strana

Idi na vrh

Poslao: 21 Apr 2010 23:28
Idi na vrh
offline
  • Pridružio: 21 Apr 2010
  • Poruke: 7

Napisano: 21 Apr 2010 23:20

ComboFix 10-04-21.01 - Administrator 21.04.2010 23:11:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.298 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 18:59 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-21 18:58 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-19 12:38 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-19 12:38 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-19 12:38 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-19 12:38 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-19 12:37 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-19 12:37 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-01 11:32 . 2010-04-01 11:32 -------- d-----w- c:\windows\Sun
2010-03-31 18:25 . 2010-03-31 18:25 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-561b77f2-n\msvcp71.dll
2010-03-31 18:25 . 2010-03-31 18:25 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-561b77f2-n\jmc.dll
2010-03-31 18:25 . 2010-03-31 18:25 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-561b77f2-n\msvcr71.dll
2010-03-31 18:25 . 2010-03-31 18:25 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-456a3158-n\decora-sse.dll
2010-03-31 18:25 . 2010-03-31 18:25 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-456a3158-n\decora-d3d.dll
2010-03-31 18:24 . 2010-03-31 18:24 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 18:24 . 2010-03-31 18:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 18:23 . 2010-03-31 18:23 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 20:37 . 2009-07-20 03:47 -------- d-----w- c:\program files\MODEM Mobile Connection
2010-04-01 18:16 . 2008-08-01 18:42 -------- d-----w- c:\program files\Winamp
2010-03-14 13:27 . 2008-08-09 04:57 -------- d-----w- c:\program files\Top 10 Solitaire
2010-03-12 21:24 . 2008-08-09 04:54 -------- d-----w- c:\program files\Swarm
2010-03-10 06:15 . 2004-08-03 22:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 03:57 . 2008-08-11 06:22 26 ----a-w- c:\windows\popcinfo.dat
2010-02-25 06:24 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-03 21:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-03 21:20 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-03 22:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 12:42 577536 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 20:58 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 20:59 19024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 21:54 97136]
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 13:48]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 13:48]

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{65888DE0-32F1-42AA-91A9-53642B713ED4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i7gq9s3s.default\
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-21 23:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-362288127-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,31,ab,bc,8d,08,dc,4a,8d,9a,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,31,ab,bc,8d,08,dc,4a,8d,9a,74,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(768-)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-21 23:16:56
ComboFix-quarantined-files.txt 2010-04-21 21:16
ComboFix2.txt 2010-04-21 21:03

Pre-Run: 44.902.572.032 bytes free
Post-Run: 44.893.036.544 bytes free

- - End Of File - - 2DEAFC4645BED0FBA598E1FE1F8F550F

Dopuna: 21 Apr 2010 23:28

Inace nekoliko minuta ne koci Smile)))))
E, a jel treba sada da vratim ona podesavanja na avast? Pretpostavljam da?

Poslao: 22 Apr 2010 00:02
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Sad bi trebalo da je sve u redu. Javi se sutra da vidimo kakvo je stanje.. I da aktiviraj avast. i updateuj ga Smile

Poslao: 22 Apr 2010 02:30
Idi na vrh
offline
  • Pridružio: 21 Apr 2010
  • Poruke: 7

Napisano: 22 Apr 2010 0:08

Stvarno ne znam kako da se zahvalim.
Hvala od srca.

Dopuna: 22 Apr 2010 2:30

Evo do sada na netu, bez problema.
A vec sam htela da zovem za reinstal
ne znam kako da se zahvalim stvarno.
Ako nekad budes u prolazu kroz pg svrati na palacinke.

Poslao: 22 Apr 2010 12:04
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

malena11 ::-
ne znam kako da se zahvalim stvarno.

Dovoljno je ovo :

Citat:Hvala od srca.
Wink


Uradi jos ovo :

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


To bi bilo to. Pozzz Smile

MyCity » Ambulanta -> Arhiva Ambulante » Zbunjena, molim pomoc

Ko je trenutno na forumu
 

Ukupno su 864 korisnika na forumu :: 48 registrovanih, 10 sakrivenih i 806 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., bez_nika, BORUTUS, darios, dijica, djboj, djuradj, draganca, dragoljub11987, dushan, Excalibur13, FOX, Georgius, goxin, ikan, Insan, JOntra, Još malo pa deda, Karla, Kubovac, kybonacci, LUDI, Marko Marković, MilosKop, Nemanja.M, nikoladim, opt1, pein, Prašinar, raptorsi, rodoljub, Rogan33, Sančo, Singidunumac, Sirius, Srle993, stegonosa, TheBeastOfMG, uruk, vathra, Vlada78, Vladko, VP6919, wizzardone, wolverined4, x9, zzapNDjuric99