Poslao: 23 Jul 2009 00:37
|
offline
- Noa123
- Novi MyCity graanin
- Pridruio: 23 Jul 2009
- Poruke: 11
|
Molim vas da analizirate moj log file, a što se tiče problema - na nekim stranicama nemam dijakritičkih znakova, ne mogu praviti update programa i na internet mogu jedino sa Operinim preglednikom, ako mi možete ikako pomoći zahvaljujem se !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:20:49, on 23.7.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Opera\Opera.exe
C:\Users\zeljka\Desktop\ime\TR3.exe..exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25BC527-A6DD-459D-9180-FC5A37B56D8F}: NameServer = 212.39.98.162,212.39.98.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI4CF5.tmp
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4836 bytes
|
|
|
|
|
Poslao: 23 Jul 2009 19:23
|
offline
- Noa123
- Novi MyCity graanin
- Pridruio: 23 Jul 2009
- Poruke: 11
|
Ne mogu napraviti update Avasta, onda na facebooku ne mogu pisati na chatu, zatim ne mogu sa IE ni sa Mozzilom na internet, samo sa Operom.
Ovo mi piše kad otvorim ovaj link.
The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.
|
|
|
|
|
Poslao: 23 Jul 2009 23:52
|
offline
- Noa123
- Novi MyCity graanin
- Pridruio: 23 Jul 2009
- Poruke: 11
|
ComboFix 09-07-23.01 - zeljka 23.07.2009 23:21.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.387.1033.18.1015.434 [GMT 2:00]
Running from: c:\users\zeljka\Desktop\ComboFix.exe
Command switches used :: / u
AV: avast! antivirus 4.7.1098 [VPS 090130-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2715799477-2416202613-1272605550-500
c:\$recycle.bin\S-1-5-21-3466375307-2083619736-3756238073-500
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\X86
c:\windows\system32\X86\License.rtf
c:\windows\system32\X86\Readme.txt
c:\windows\system32\X86\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-23 21:29 . 2009-07-23 21:34 -------- d-----w- c:\users\zeljka\AppData\Local\temp
2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\users\zeljka\AppData\Roaming\OnlineArmor
2009-07-23 16:22 . 2009-07-23 16:22 -------- d-----w- c:\programdata\OnlineArmor
2009-07-23 16:18 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-07-23 16:18 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-07-23 16:18 . 2009-07-23 16:18 -------- d-----w- c:\program files\Tall Emu
2009-07-22 14:54 . 2009-07-23 21:34 117760 ----a-w- c:\users\zeljka\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-22 14:53 . 2009-07-22 14:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-22 14:52 . 2009-07-22 14:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 14:52 . 2009-07-22 14:52 -------- d-----w- c:\users\zeljka\AppData\Roaming\SUPERAntiSpyware.com
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\users\zeljka\AppData\Roaming\Malwarebytes
2009-07-22 14:29 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 14:29 . 2009-07-22 14:29 -------- d-----w- c:\programdata\Malwarebytes
2009-07-22 14:29 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 13:37 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:37 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:37 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:37 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:37 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:37 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-13 14:05 . 2009-07-13 14:05 -------- d-----w- c:\program files\Quadrax IV
2009-07-03 16:53 . 2009-07-03 22:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-07-03 16:53 . 2009-07-03 22:42 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-07-03 16:52 . 2009-07-03 22:42 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-03 16:52 . 2009-07-03 22:52 -------- d-----w- c:\program files\Replay Media Catcher
2009-07-03 16:52 . 2009-07-03 16:52 -------- d-----w- c:\windows\Replay Media Catcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 17:36 . 2007-08-20 17:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-23 16:42 . 2007-08-14 19:21 -------- d-----w- c:\users\zeljka\AppData\Roaming\Skype
2009-07-23 15:13 . 2007-12-01 19:00 -------- d-----w- c:\users\zeljka\AppData\Roaming\skypePM
2009-07-22 16:00 . 2008-03-14 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-15 15:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-30 21:11 . 2008-02-29 21:14 -------- d-----w- c:\programdata\comodo
2009-05-30 21:11 . 2008-02-29 21:14 -------- d-----w- c:\program files\COMODO
2009-05-30 21:11 . 2008-02-29 21:09 -------- d-----w- c:\users\zeljka\AppData\Roaming\Comodo
2009-04-30 12:52 . 2009-06-16 20:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-16 20:27 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-16 20:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-27 21:26 . 2009-04-27 21:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-27 20:37 . 2009-04-27 20:37 812344 ----a-w- c:\users\zeljka\HJTInstall.exe
2009-04-03 22:52 . 2009-04-03 22:51 17533939 ----a-w- c:\program files\BEJEWELED_2_DELUXE_-_FULL_GAME.rar
2009-07-15 23:06 . 2009-07-22 22:47 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-30 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-958641037-671295413-2736209079-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CCBE02F9-1C0D-426F-B307-D0272D8C8A59}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7015A5B0-9715-4D9D-9E41-C8AAFF9AC079}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6501B441-8AF5-4E77-BB6D-29469D8BF705}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{3A0E8F78-85E8-423F-ACAB-B340372549DA}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{331B26A9-2B78-468F-A77D-7B827C62DF2D}"= Disabled:UDP:c:\program files\Employee Inspector Server\weserver.exe:Employee Inspector Server
"{C61DCFC4-2BEE-4CD8-9CEF-1447D0FF4A2B}"= Disabled:TCP:c:\program files\Employee Inspector Server\weserver.exe:Employee Inspector Server
"{A24CCA18-1100-42A9-B507-ACDAC04FD21A}"= Disabled:UDP:c:\program files\Employee Inspector Server\wescheduler.exe:Employee Inspector Scheduler
"{34F57F7C-E231-492E-BBEF-FAD61CB5B780}"= Disabled:TCP:c:\program files\Employee Inspector Server\wescheduler.exe:Employee Inspector Scheduler
"{248F473A-C3BF-4973-AFF3-3430B04D09E1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{09128668-8904-4791-87DC-D04A5AD99FF8}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{63B43F81-E082-4100-8128-D3ECA9658382}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CBB50945-51CB-4078-BEEC-BE0CA9F19654}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{6032AF6F-407A-4D3D-8BF6-F6E9C7A9214D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{205A8D70-C32D-4D81-8199-3CECEEE6F3E0}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{D3E569D3-1515-4022-A5DA-F5AD43DA4C9E}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{298A9C5E-DBD1-4DDC-9586-B98C709A44FB}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{AF5B1DAE-9600-4163-994B-BE0B5CC78F06}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{666A7EAD-E4B9-4C77-A22D-567993A8A3C7}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6251E90E-3DDC-4D55-9355-855559EEADC1}c:\\program files\\encore\\terror strike\\system\\ts.exe"= UDP:c:\program files\encore\terror strike\system\ts.exe:Terror Strike: Close-Quarters Combat
"UDP Query User{E59F0319-311B-403E-83A8-6EE1CC37C846}c:\\program files\\encore\\terror strike\\system\\ts.exe"= TCP:c:\program files\encore\terror strike\system\ts.exe:Terror Strike: Close-Quarters Combat
"{BFAF7DB7-F972-4D60-8A74-45A7B859A4AA}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{A1EE7D8C-9121-4BD8-9F3C-D69737AB67C9}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{657E1278-8D16-4669-8DD0-A2C5E27315C5}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{ED1A3343-2612-401D-B6C9-31263B20DC52}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{174B70F8-1B8D-4B02-9BDF-F314350FF883}"= UDP:c:\program files\Mozilla Firefox 3 Beta 3\firefox.exe:Mozilla Firefox
"{E8CBF3A2-1F94-44C1-97DE-52037F3315E2}"= TCP:c:\program files\Mozilla Firefox 3 Beta 3\firefox.exe:Mozilla Firefox
"{728B3690-F5CD-4F6E-9E9C-6C98F13A6BE0}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{BEA9175F-9F5F-473F-BA72-1C5607366A01}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"TCP Query User{565FF78A-7AB4-4D51-B8DB-748E0BA31429}c:\\users\\zeljka\\desktop\\žana\\tavla.exe"= UDP:c:\users\zeljka\desktop\žana\tavla.exe:tavla.exe
"UDP Query User{E7348C75-3B1F-49A6-821A-42387EC314AC}c:\\users\\zeljka\\desktop\\žana\\tavla.exe"= TCP:c:\users\zeljka\desktop\žana\tavla.exe:tavla.exe
"TCP Query User{1AC2181D-8151-4415-9333-07FF10E29DD8}c:\\users\\zeljka\\documents\\žana\\tavla.exe"= UDP:c:\users\zeljka\documents\žana\tavla.exe:tavla.exe
"UDP Query User{F4912980-B071-4460-BB0B-5016145F7826}c:\\users\\zeljka\\documents\\žana\\tavla.exe"= TCP:c:\users\zeljka\documents\žana\tavla.exe:tavla.exe
"TCP Query User{D1BEE021-C445-4C18-BA81-FF144628FFB1}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{2CDCF3B0-5030-41FA-8AEF-4B2CFFF0D948}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{F0363678-2275-49BA-9ABE-E58B8053DCDF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AFFE33D-8E94-425D-A2A4-F47F8D54C54E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071109.001\IDSvix86.sys [10.11.2007 14:56 180272]
R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [23.7.2009 18:18 200784]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [23.7.2009 18:18 24656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.6.2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 72944]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [20.2.2008 21:57 45648]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2.1.2008 3:39 46112]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [23.7.2009 18:18 362184]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI4CF5.tmp [20.5.2009 0:03 189696]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [23.7.2009 18:18 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [30.10.2007 20:55 37936]
S3 kvpndev;Kerio VPN adapter;c:\windows\System32\drivers\kvpndrv.sys [7.12.2007 13:03 62464]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S4 tor;Tor Win32 Service;"c:\program files\Vidalia Bundle\Tor\tor.exe" --nt-service -f "c:\users\zeljka\AppData\Roaming\Vidalia\torrc" ControlPort 9051 --> c:\program files\Vidalia Bundle\Tor\tor.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{BCB144FA-171C-43C9-9B4A-5077BBAB9CB7}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AAWTray - c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: {F25BC527-A6DD-459D-9180-FC5A37B56D8F} = 212.39.98.162,212.39.98.161
FF - ProfilePath - c:\users\zeljka\AppData\Roaming\Mozilla\Firefox\Profiles\8p98oskr.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-23 23:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI4CF5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATK Hotkey\HControl.exe
c:\windows\System32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Tall Emu\Online Armor\oahlp.exe
.
**************************************************************************
.
Completion time: 2009-07-23 23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 21:41
Pre-Run: 2.938.724.352 bytes free
Post-Run: 3.848.847.360 bytes free
296 --- E O F --- 2009-07-23 10:00
|
|
|
|
|
Poslao: 24 Jul 2009 15:54
|
offline
- Noa123
- Novi MyCity graanin
- Pridruio: 23 Jul 2009
- Poruke: 11
|
Napisano: 24 Jul 2009 15:52
Puno hvala, ila sam na onu stranicu oistila Aviru i Norton , to je valjda nekad prije bilo na raunaru, ali nigdje ne vidim Spyboot, Kerio i Comodo. Oni su deinstalirani...ali ne mogu ih nai nikako... a
to se tie uploada, kada odem na onaj link, nita se ne pojavljuje, pa neznam kako da uploadam file.
Kada sam oistila Norton i Aviru sada mogu i sa drugim preglednicima na internet. ta da radim kako da uploadam.
Dopuna: 24 Jul 2009 15:54
Da, i pie AVG ni njega ne mogu nai
|
|
|
|
Poslao: 24 Jul 2009 15:55
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridruio: 24 Jul 2007
- Poruke: 12280
- Gde ivi: Hgans, SE
|
Probaj ponovo da otvori link za upload (probaj i iz drugog browsera).
|
|
|
|
Poslao: 24 Jul 2009 16:11
|
offline
- Noa123
- Novi MyCity graanin
- Pridruio: 23 Jul 2009
- Poruke: 11
|
Trenutno mi se uploada na Mozzili, ali ve podugo, pa neznam hoe li moi ako je limit 10mb, a u raru je oko 20?
|
|
|
|
Poslao: 24 Jul 2009 17:23
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridruio: 24 Jul 2007
- Poruke: 12280
- Gde ivi: Hgans, SE
|
Ako je 20 MB, sigurno nee moi.
Upload-uj samo ovaj file:
C:\Qoobox\Quarantine\C\program files\Tall Emu\Online Armor\OAwatch.dll.vir
|
|
|
|