combo trazi reboot

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 30 Nov 2009 2:40

stratujem combo fix i stalno zapocne proces i onda kaze rootkit need to reboot i posle restarta opet isto,probao bih u safe modu ali neznam kako da iskljucim Nod u safe u nisam bas vican pa ako moze help,malware bytes je nasao neke viruse i izbrisao ali mi je komp nesto usporen pa bih skenirao sa combom

Dopuna: 30 Nov 2009 3:23

nasao sam kako da disable nod nisam gledao dobro ,skenirao sam ga sa combom prvo je trazio kao nesto oko CD emulatora i posle restarta nije vise skenirao je i evo loga

ComboFix 09-11-29.03 - Bane 11/30/2009 3:02.7.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.370 [GMT 1:00]
Running from: c:\downloads\abc.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-29 03:30 . 2009-11-29 03:35 -------- d-----w- c:\program files\MediaCoder
2009-11-29 02:51 . 2009-11-29 02:51 -------- d-----w- c:\program files\Dicsoft
2009-11-25 04:01 . 2009-11-25 04:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-25 04:00 . 2009-11-25 04:00 -------- d-----w- c:\program files\MSBuild
2009-11-25 04:00 . 2009-11-25 04:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-25 03:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-25 03:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-25 03:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-25 03:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-25 03:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-25 03:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-25 03:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-25 03:58 . 2009-11-25 04:07 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-19 16:07 . 2009-11-19 16:07 -------- d-----w- c:\program files\Creative Zone
2009-11-19 05:10 . 2009-11-19 05:23 -------- d-----w- c:\program files\Virtual.HairStyle Fab
2009-11-19 05:08 . 2009-11-19 05:08 -------- d-----w- c:\documents and settings\Bane\Application Data\5imyshow.Ltd
2009-11-18 16:22 . 2009-11-18 16:22 -------- d-----w- c:\documents and settings\Bane\Application Data\Darwin
2009-11-15 14:48 . 2009-11-17 23:28 -------- d-----w- C:\Diskeeper
2009-11-11 14:20 . 2009-11-11 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Meridian93
2009-11-11 12:27 . 2009-11-11 13:11 -------- d-----w- c:\program files\softendo.com
2009-11-11 05:58 . 2009-11-11 12:25 -------- d-----w- c:\documents and settings\Bane\Application Data\smc
2009-11-11 05:57 . 2009-11-11 12:26 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-11-10 02:08 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-11-10 02:08 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-11-10 02:08 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-11-10 02:08 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-11-10 02:08 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-10 02:08 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-10 02:08 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-10 02:08 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-10 02:08 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-11-10 02:08 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-11-09 15:58 . 2008-10-30 10:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-11-09 02:24 . 2009-11-09 02:36 -------- d-----w- c:\program files\PhotoScape
2009-11-09 01:28 . 2009-11-09 01:28 -------- d-----w- c:\documents and settings\Bane\Application Data\gtk-2.0
2009-11-09 01:28 . 2009-11-09 01:28 -------- d-----w- c:\documents and settings\Bane\.thumbnails
2009-11-09 01:27 . 2009-11-09 01:34 -------- d-----w- c:\documents and settings\Bane\.gimp-2.6
2009-11-06 13:39 . 2009-11-12 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\Namco Networks
2009-11-06 13:39 . 2009-11-06 13:39 -------- d-----w- c:\documents and settings\Bane\Application Data\Namco Networks
2009-11-06 13:39 . 2009-11-06 13:39 -------- d-----w- c:\documents and settings\Bane\Application Data\Namco
2009-11-06 13:39 . 2009-11-06 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Namco
2009-11-06 01:56 . 2009-11-06 01:56 -------- d-----w- c:\program files\Common Files\Skype
2009-11-06 01:46 . 2009-11-06 01:46 86036 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 14:28 . 2009-11-05 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-11-04 05:47 . 2009-11-04 05:47 152576 ----a-w- c:\documents and settings\Bane\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 04:42 . 2009-11-30 00:37 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 03:43 . 2009-03-07 12:22 -------- d-----w- c:\documents and settings\Bane\Application Data\Skype
2009-11-28 03:38 . 2008-10-12 11:08 -------- d-----w- c:\documents and settings\Bane\Application Data\skypePM
2009-11-25 04:25 . 2009-11-25 04:19 338 ----a-w- c:\documents and settings\Bane\Application Data\settings.dat
2009-11-25 04:11 . 2008-04-16 13:16 119752 ----a-w- c:\documents and settings\Bane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-22 09:07 . 2008-07-09 16:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-19 04:28 . 2009-10-24 13:31 -------- d-----w- c:\program files\LeeGTs Games
2009-11-15 14:30 . 2009-09-26 09:30 -------- d-----w- c:\program files\Opera
2009-11-15 14:29 . 2008-05-13 20:43 -------- d-----w- c:\program files\Mv2Player
2009-11-06 01:57 . 2009-03-07 12:22 -------- d-----r- c:\program files\Skype
2009-11-06 01:56 . 2008-10-12 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-06 01:48 . 2009-09-22 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-06 01:44 . 2008-04-16 14:57 -------- d-----w- c:\documents and settings\Bane\Application Data\Apple Computer
2009-11-04 05:52 . 2008-04-16 15:08 -------- d-----w- c:\program files\Java
2009-11-01 00:40 . 2008-04-16 20:52 -------- d-----w- c:\documents and settings\Bane\Application Data\LimeWire
2009-10-27 16:44 . 2009-10-09 13:38 -------- d-----w- c:\program files\UlisesSoft
2009-10-27 04:50 . 2009-10-27 04:50 152576 ----a-w- c:\documents and settings\Bane\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-25 01:43 . 2009-10-09 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-24 14:10 . 2009-10-24 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Connect 2 Play
2009-10-20 21:32 . 2009-10-20 21:32 -------- d-----w- c:\documents and settings\Bane\Application Data\Ahead
2009-10-20 00:02 . 2008-04-16 20:52 -------- d-----w- c:\program files\LimeWire
2009-10-19 23:57 . 2008-04-16 13:54 -------- d-----w- c:\program files\The KMPlayer
2009-10-19 03:24 . 2008-11-30 22:40 -------- d-----w- c:\program files\YouTube Downloader
2009-10-17 02:46 . 2009-10-17 02:46 -------- d-----w- c:\program files\Opera 10.10 Beta
2009-10-13 02:10 . 2008-11-01 15:39 -------- d-----w- c:\program files\SweetIM
2009-10-13 02:10 . 2008-11-01 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-10-11 03:17 . 2009-10-27 04:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 11:30 . 2008-04-16 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 11:18 . 2009-10-10 11:18 -------- d-----w- c:\program files\Capcom
2009-10-09 12:13 . 2009-10-09 12:14 389120 ----a-w- c:\windows\system32\CF15863.exe
2009-10-09 12:05 . 2009-10-09 12:06 389120 ----a-w- c:\windows\system32\CF23224.exe
2009-10-09 11:04 . 2009-10-09 11:04 -------- d-----w- c:\program files\NOS
2009-10-09 10:41 . 2009-10-08 01:10 -------- d-----w- c:\program files\Common Files\stardock
2009-10-09 02:33 . 2009-10-09 02:33 -------- d--h--r- c:\documents and settings\Bane\Application Data\SecuROM
2009-10-08 23:19 . 2009-10-08 23:19 -------- d-----w- c:\documents and settings\Bane\Application Data\Clickteam
2009-10-08 17:18 . 2009-10-08 17:13 -------- d-----w- c:\program files\TOD
2009-10-02 14:11 . 2008-12-05 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 14:11 . 2009-03-26 15:53 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 12:54 . 2008-12-05 17:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-12-05 17:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 01:33 . 2009-06-17 18:15 25 ----a-w- c:\windows\popcinfot.dat
2009-09-04 16:44 . 2009-11-10 02:09 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-10 02:09 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-10 02:09 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-10 02:09 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-10 02:09 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-10 02:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-10 02:09 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-10 02:09 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.

------- Sigcheck -------

[-] 2008-02-27 . 7E294A9EA18466A44F8B892BE142A4F2 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-11-30 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EssSpkPhone"="essspk.exe" - c:\windows\essspk.exe [2002-06-20 163840]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2005-03-23 339968]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-11-30 99840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera 10.10 Beta\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/29/2008 1:57 AM 5248]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/29/2008 1:57 AM 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/16/2008 3:18 PM 715248]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/18/2008 1:27 PM 34312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/18/2008 1:25 PM 468224]
S2 SSDP Discovery Service (SSDPSRV) ;SSDP Discovery Service (SSDPSRV) ;c:\program files\websrv\websrv.exe --> c:\program files\websrv\websrv.exe [?]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [1/28/2008 12:06 AM 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [1/28/2008 12:06 AM 265088]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [11/1/2006 5:01 AM 3328]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 10:12 AM 25088]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [7/19/2008 5:01 PM 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
TCP: {183B0A68-61FF-4ECA-8A7E-9C9342502626} = 212.200.190.166,212.200.191.166
TCP: {2D44389C-C7B9-492E-ABAD-3D4E63F4C009} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Bane\Application Data\Mozilla\Firefox\Profiles\wjmh06xn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp OptimFROG Codec.dat
AddRemove-dBpoweramp Speex Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Speex Codec.dat
AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp TTA Codec.dat
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
AddRemove-dBpowerAMP Windows Media Audio 9 Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
AddRemove-QcDrv - c:\program files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-30 03:08
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-308236825-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:b4,82,71,93,ab,54,6b,35,82,d0,05,67,06,4b,1b,d5,72,bc,4e,ef,b1,
c6,8f,52,94,e6,b6,6e,29,23,64,ce,16,f6,48,9b,49,4d,e4,a9,23,69,89,c2,7e,14,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Completion time: 2009-11-30 03:12
ComboFix-quarantined-files.txt 2009-11-30 02:11

Pre-Run: 1,267,712,000 bytes free
Post-Run: 1,281,548,288 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0C3CC8BB1B5C61568978B7B82E1B91F6

Dopuna: 30 Nov 2009 3:25

trazim pomoc sta dalje raditi?

Dopuna: 30 Nov 2009 15:33

evo scan i usb a

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11/30/2009 3:25:00 PM

Searching for connected USB Mass storage...
----------------------------------------
G: {fd67eabe-0bbb-11dd-9370-8a87d7ec6a5f}
========================================

Searching for other storage...
----------------------------------------
C: {98cdaa39-0bc4-11dd-97a1-806d6172696f}
D: {98cdaa3a-0bc4-11dd-97a1-806d6172696f}
H: {98cdaa3b-0bc4-11dd-97a1-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on G:
No Autorun.inf files found on G:
No mountpoint found for fd67eabe-0bbb-11dd-9370-8a87d7ec6a5f
----------------------------------------
Desktop.ini found at G:\filesystem\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
No mimics found on drive G:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 98cdaa39-0bc4-11dd-97a1-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 98cdaa3a-0bc4-11dd-97a1-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on H:
No Autorun.inf files found on H:
No mountpoint found for H:
No mountpoint found for 98cdaa3b-0bc4-11dd-97a1-806d6172696f
No Desktop.ini files found on H:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed G:
========================================


New device connected at 11/30/2009 3:25:38 PM

Scanning for connected USB mass storage...
----------------------------------------
G: {fd67eabe-0bbb-11dd-9370-8a87d7ec6a5f}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for fd67eabe-0bbb-11dd-9370-8a87d7ec6a5f
----------------------------------------

----------------------------------------
Desktop.ini found at G:\filesystem\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav i dobro došao na forum...



Reci mi nešto... Kada otvoriš forum Ambulanta, postoje li neke teme koje ti baš onako zapadnu za oko?

Ima li neka takva? Možda neka obeležena sa Važno čiji je naslov napisan crvenim slovima?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Dec 2009 5:01

ok hvala na pomoci

Dopuna: 01 Dec 2009 5:02

sta dalje da se radi komp je usporio nesto

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izgleda da se nismo razumeli...

U forumu Ambulante postoje neke izdvojene teme. Jedna od njih je:


Važno: Kako otvoriti temu u Ambulanti: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html


Ono što je potrebno su logovi koji se kreiraju na način opisan u uputstvu za otvaranje teme.

Samo ti logovi, nikakvi drugi.

Ukoliko smatraš da na tvom računaru postoje maliciozni programi i želiš da se to proveri, isprati linkovano uputstvo i postavi tražene logove u ovu temu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok probacu negde drugde
Hvala u svakom slucaju