Pomoć

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Molim vas da analizirate moj log file, a što se tiče problema - na nekim stranicama nemam dijakritičkih znakova, ne mogu praviti update programa i na internet mogu jedino sa Operinim preglednikom, ako mi možete ikako pomoći zahvaljujem se !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:20:49, on 23.7.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Opera\Opera.exe
C:\Users\zeljka\Desktop\ime\TR3.exe..exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: IstraĹľivanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25BC527-A6DD-459D-9180-FC5A37B56D8F}: NameServer = 212.39.98.162,212.39.98.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI4CF5.tmp
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4836 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Citat:ne mogu praviti update programa


Kojih programa?





Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Priloži izveštaj uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu napraviti update Avasta, onda na facebooku ne mogu pisati na chatu, zatim ne mogu sa IE ni sa Mozzilom na internet, samo sa Operom.

Ovo mi piše kad otvorim ovaj link.

The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-23.01 - zeljka 23.07.2009 23:21.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.387.1033.18.1015.434 [GMT 2:00]
Running from: c:\users\zeljka\Desktop\ComboFix.exe
Command switches used :: / u
AV: avast! antivirus 4.7.1098 [VPS 090130-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2715799477-2416202613-1272605550-500
c:\$recycle.bin\S-1-5-21-3466375307-2083619736-3756238073-500
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\X86
c:\windows\system32\X86\License.rtf
c:\windows\system32\X86\Readme.txt
c:\windows\system32\X86\setup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-23 21:29 . 2009-07-23 21:34 -------- d-----w- c:\users\zeljka\AppData\Local\temp
2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\users\zeljka\AppData\Roaming\OnlineArmor
2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\programdata\OnlineArmor
2009-07-23 16:18 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-07-23 16:18 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-07-23 16:18 . 2009-07-23 16:18 -------- d-----w- c:\program files\Tall Emu
2009-07-22 14:54 . 2009-07-23 21:34 117760 ----a-w- c:\users\zeljka\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-22 14:53 . 2009-07-22 14:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-22 14:52 . 2009-07-22 14:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 14:52 . 2009-07-22 14:52 -------- d-----w- c:\users\zeljka\AppData\Roaming\SUPERAntiSpyware.com
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\users\zeljka\AppData\Roaming\Malwarebytes
2009-07-22 14:29 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\programdata\Malwarebytes
2009-07-22 14:29 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 13:37 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:37 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:37 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:37 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:37 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:37 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-13 14:05 . 2009-07-13 14:05 -------- d-----w- c:\program files\Quadrax IV
2009-07-03 16:53 . 2009-07-03 22:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-07-03 16:53 . 2009-07-03 22:42 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-07-03 16:52 . 2009-07-03 22:42 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-03 16:52 . 2009-07-03 22:52 -------- d-----w- c:\program files\Replay Media Catcher
2009-07-03 16:52 . 2009-07-03 16:52 -------- d-----w- c:\windows\Replay Media Catcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 17:36 . 2007-08-20 17:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-23 16:42 . 2007-08-14 19:21 -------- d-----w- c:\users\zeljka\AppData\Roaming\Skype
2009-07-23 15:13 . 2007-12-01 19:00 -------- d-----w- c:\users\zeljka\AppData\Roaming\skypePM
2009-07-22 16:00 . 2008-03-14 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-15 15:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-30 21:11 . 2008-02-29 21:14 -------- d-----w- c:\programdata\comodo
2009-05-30 21:11 . 2008-02-29 21:14 -------- d-----w- c:\program files\COMODO
2009-05-30 21:11 . 2008-02-29 21:09 -------- d-----w- c:\users\zeljka\AppData\Roaming\Comodo
2009-04-30 12:52 . 2009-06-16 20:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-16 20:27 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-16 20:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-27 21:26 . 2009-04-27 21:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-27 20:37 . 2009-04-27 20:37 812344 ----a-w- c:\users\zeljka\HJTInstall.exe
2009-04-03 22:52 . 2009-04-03 22:51 17533939 ----a-w- c:\program files\BEJEWELED_2_DELUXE_-_FULL_GAME.rar
2009-07-15 23:06 . 2009-07-22 22:47 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-30 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-958641037-671295413-2736209079-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CCBE02F9-1C0D-426F-B307-D0272D8C8A59}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7015A5B0-9715-4D9D-9E41-C8AAFF9AC079}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6501B441-8AF5-4E77-BB6D-29469D8BF705}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{3A0E8F78-85E8-423F-ACAB-B340372549DA}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{331B26A9-2B78-468F-A77D-7B827C62DF2D}"= Disabled:UDP:c:\program files\Employee Inspector Server\weserver.exe:Employee Inspector Server
"{C61DCFC4-2BEE-4CD8-9CEF-1447D0FF4A2B}"= Disabled:TCP:c:\program files\Employee Inspector Server\weserver.exe:Employee Inspector Server
"{A24CCA18-1100-42A9-B507-ACDAC04FD21A}"= Disabled:UDP:c:\program files\Employee Inspector Server\wescheduler.exe:Employee Inspector Scheduler
"{34F57F7C-E231-492E-BBEF-FAD61CB5B780}"= Disabled:TCP:c:\program files\Employee Inspector Server\wescheduler.exe:Employee Inspector Scheduler
"{248F473A-C3BF-4973-AFF3-3430B04D09E1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{09128668-8904-4791-87DC-D04A5AD99FF8}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{63B43F81-E082-4100-8128-D3ECA9658382}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CBB50945-51CB-4078-BEEC-BE0CA9F19654}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{6032AF6F-407A-4D3D-8BF6-F6E9C7A9214D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{205A8D70-C32D-4D81-8199-3CECEEE6F3E0}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{D3E569D3-1515-4022-A5DA-F5AD43DA4C9E}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{298A9C5E-DBD1-4DDC-9586-B98C709A44FB}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{AF5B1DAE-9600-4163-994B-BE0B5CC78F06}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{666A7EAD-E4B9-4C77-A22D-567993A8A3C7}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6251E90E-3DDC-4D55-9355-855559EEADC1}c:\\program files\\encore\\terror strike\\system\\ts.exe"= UDP:c:\program files\encore\terror strike\system\ts.exe:Terror Strike: Close-Quarters Combat
"UDP Query User{E59F0319-311B-403E-83A8-6EE1CC37C846}c:\\program files\\encore\\terror strike\\system\\ts.exe"= TCP:c:\program files\encore\terror strike\system\ts.exe:Terror Strike: Close-Quarters Combat
"{BFAF7DB7-F972-4D60-8A74-45A7B859A4AA}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{A1EE7D8C-9121-4BD8-9F3C-D69737AB67C9}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{657E1278-8D16-4669-8DD0-A2C5E27315C5}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{ED1A3343-2612-401D-B6C9-31263B20DC52}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{174B70F8-1B8D-4B02-9BDF-F314350FF883}"= UDP:c:\program files\Mozilla Firefox 3 Beta 3\firefox.exe:Mozilla Firefox
"{E8CBF3A2-1F94-44C1-97DE-52037F3315E2}"= TCP:c:\program files\Mozilla Firefox 3 Beta 3\firefox.exe:Mozilla Firefox
"{728B3690-F5CD-4F6E-9E9C-6C98F13A6BE0}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{BEA9175F-9F5F-473F-BA72-1C5607366A01}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"TCP Query User{565FF78A-7AB4-4D51-B8DB-748E0BA31429}c:\\users\\zeljka\\desktop\\Ĺľana\\tavla.exe"= UDP:c:\users\zeljka\desktop\Ĺľana\tavla.exe:tavla.exe
"UDP Query User{E7348C75-3B1F-49A6-821A-42387EC314AC}c:\\users\\zeljka\\desktop\\Ĺľana\\tavla.exe"= TCP:c:\users\zeljka\desktop\Ĺľana\tavla.exe:tavla.exe
"TCP Query User{1AC2181D-8151-4415-9333-07FF10E29DD8}c:\\users\\zeljka\\documents\\Ĺľana\\tavla.exe"= UDP:c:\users\zeljka\documents\Ĺľana\tavla.exe:tavla.exe
"UDP Query User{F4912980-B071-4460-BB0B-5016145F7826}c:\\users\\zeljka\\documents\\Ĺľana\\tavla.exe"= TCP:c:\users\zeljka\documents\Ĺľana\tavla.exe:tavla.exe
"TCP Query User{D1BEE021-C445-4C18-BA81-FF144628FFB1}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{2CDCF3B0-5030-41FA-8AEF-4B2CFFF0D948}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{F0363678-2275-49BA-9ABE-E58B8053DCDF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AFFE33D-8E94-425D-A2A4-F47F8D54C54E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071109.001\IDSvix86.sys [10.11.2007 14:56 180272]
R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [23.7.2009 18:18 200784]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [23.7.2009 18:18 24656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.6.2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 72944]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [20.2.2008 21:57 45648]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2.1.2008 3:39 46112]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [23.7.2009 18:18 362184]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI4CF5.tmp [20.5.2009 0:03 189696]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [23.7.2009 18:18 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [30.10.2007 20:55 37936]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [7.12.2007 13:03 62464]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S4 tor;Tor Win32 Service;"c:\program files\Vidalia Bundle\Tor\tor.exe" --nt-service -f "c:\users\zeljka\AppData\Roaming\Vidalia\torrc" ControlPort 9051 --> c:\program files\Vidalia Bundle\Tor\tor.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{BCB144FA-171C-43C9-9B4A-5077BBAB9CB7}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AAWTray - c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: {F25BC527-A6DD-459D-9180-FC5A37B56D8F} = 212.39.98.162,212.39.98.161
FF - ProfilePath - c:\users\zeljka\AppData\Roaming\Mozilla\Firefox\Profiles\8p98oskr.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-23 23:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI4CF5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATK Hotkey\HControl.exe
c:\windows\System32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Tall Emu\Online Armor\oahlp.exe
.
**************************************************************************
.
Completion time: 2009-07-23 23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 21:41

Pre-Run: 2.938.724.352 bytes free
Post-Run: 3.848.847.360 bytes free

296 --- E O F --- 2009-07-23 10:00

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zar nije rečeno da se program pokrene dvoklikom (bez ikakvih parametara)?


Upakuj u zip ili rar sledeći folder:

C:\Qoobox\Quarantine

i upload-uj ga preko ovog linka: http://www.mycity.rs/ambulanta-upload.php



Vezano za haos sa security softverom koji imaš na kompjuteru...

Koristiš avast!, zar ne?

Treba da ukloniš ostatke Norton Internet Security-a i Avira-e:

http://www.mycity.rs/Antivirus-programi/Deinstalac.....grama.html



Control Panel > Add/Remove programs; potraži i deinstaliraj (ako je moguće):

AVG Anti-Spyware
Comodo
Kerio



Windows Defender i SUPERAntiSpyware ne treba da budu istovremeno aktivni. Ukoliko jesu, deaktiviraj aktivnu zaštitu u jednom od njih.




Da li imaš instaliran Spybot - Search and Destroy?



Nakon što odradiš sve ovo, dvoklikom pokreni ComboFix i postavi log koji dobiješ.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 24 Jul 2009 15:52

Puno hvala, išla sam na onu stranicu očistila Aviru i Norton , to je valjda nekad prije bilo na računaru, ali nigdje ne vidim Spyboot, Kerio i Comodo. Oni su deinstalirani...ali ne mogu ih naći nikako... a
Ššto se tiče uploada, kada odem na onaj link, ništa se ne pojavljuje, pa neznam kako da uploadam file.
Kada sam očistila Norton i Aviru sada mogu i sa drugim preglednicima na internet. Šta da radim kako da uploadam.

Dopuna: 24 Jul 2009 15:54

Da, i piše AVG ni njega ne mogu naći

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj ponovo da otvoriš link za upload (probaj i iz drugog browsera).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trenutno mi se uploada na Mozzili, ali već podugo, pa neznam hoće li moći ako je limit 10mb, a u raru je oko 20?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako je 20 MB, sigurno neće moći.

Upload-uj samo ovaj file:

C:\Qoobox\Quarantine\C\program files\Tall Emu\Online Armor\OAwatch.dll.vir