Internet nece da "krene"

Pozdrav!
Izvinjavam se prebacih temu iz browseri u zastita mislim da je za ovu ekipu.
Od pre par dana kada otvorim explorer-nista se ne desava,kao krene pa obavesti "da ne moze da otvori stranicu"(ni home- Google).Koristim kablovski modem pa sam prvo njega pretresao(reinstal)-nista.Racunar ga prepoznaje modem ima komunikaciju(trenutno je na ovom racunaru) pa probam dial-up,zakaci se ali nece da krene.Probam "Opru"- isto.
Danas pustim Nod i pronadje "nesto"ovako-ovo je skracena verzija samo ono sto je bilo "crveno".


C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP130\A0050543.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0050959.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0050966.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0051033.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0051127.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0051137.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0051150.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0052150.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP131\A0052163.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP132\A0052280.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0052494.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0052504.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0052510.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0053510.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0053594.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0053605.sys - Win32/TCPZ.A application - quarantined
C:\System Volume Information\_restore{DFC17F9C-7071-48BB-9DE2-F28FA0D88A3D}\RP133\A0053612.sys - Win32/TCPZ.A application - quarantined


C:\WINDOWS\SYSTEM32\DRIVERS\sysdrv32.sys - Win32/TCPZ.A application - quarantined

Ovaj Win32/Tcpz.A da li je mozda uzrok problema i sta ciniti?
Izvinjavam se u pitanju je XP-sp2

---

Evo kako da ga otklonis:

• Na Desktopu napravi novi folder i daj mu neko ime
• Preuzmi sledeci tool: http://www.trendmicro.com/ftp/products/tsc/sysclean.com i snimi ga u taj folder
• Preuzmi sledecu arhivu http://www.trendmicro.com/ftp/products/pattern/lpt889.zip i raspakuj je u isti folder
• Preuzmi sledecu arhivu http://www.trendmicro.com/ftp/.../spyware/ssapi/ssapiptn743.zip i raspakuj je u isti folder
• Restartuj racunar u Safe Mode (dok se pali racunar pritiskaj F8 pa kada se pojavi meni odaberi Safe Mode - prva stavka)
• Sada pokreni iz kreiranog folder fajl sysclean.com
• Kada se otvori prozor prvo proveri da li su dve stavke stiklirane i pritisni Scan

Samo skeniranje moze potrajati, a kad se zavrsi sve restartuj racunar. Ovo skeniranje mozes ponovoti par puta da budes siguran da je uklonjen. Kada zavrsis sa skeniranjem javi nam kako je stanje, pa da vidimo sta treba dalje. U prilogu sam ti stavi sliku kako treba da izgleda folder posle preuzimanja programa i raspakivanja definicija.

_{[Ovu poruku je menjao Nemanja Živanović dana 11.03.2009. u 22:30 GMT+1]}

Probacu pa se javljam.Pozz!

---

Samo da se zahvalim Nemanji na trudu ali kao po obicaju kad autoelektricar pocne da "popravlja" komp isti zavrsi u-servisu.Skola naucena komp sredjen podaci sacuvani i jos jednom pozdrav i hvala!!!

---

imam isti problem sa netom, ali imam i problem da skinem ove dve arhive . nestali su sa sajta.
da li neko ima pojma gde ih mogu pronaci ?
ili mozda neki drugi predlog sta da radim ?

hvala

Imate samo problema sa internetom ili i sa Win32/TCPZ.A-om?

Skinite program HijackThis.

Kada ga preuzmete, preimenujte fajl u bilo sta, npr. “blabla.exe”. Pokrenite ga i kliknite “Do a system scan and save a logfile”. Taj log iskopirajte ovde.

generalno jesam na internetu. ruter i lap top rade preko istog, smo mi je na ovom kucnom racunaru nemoguc pristup. probao sam i sa mozillom, IE, Chromom, ali ni jedan od njih ne otvara nijednu stranicu.
a evo i loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:46, on 10.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Hotspot Shield\bin\openvpnas.exe
C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
C:\Programme\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wyyo\wyyo133.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Philips\SPC610NC\Monitor.exe
C:\Programme\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\COMODO\SafeSurf\cssurf.exe
C:\Programme\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Wyyo\wyyo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
G:\blabla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SPC610NC_Monitor] C:\WINDOWS\Philips\SPC610NC\Monitor.exe
O4 - HKLM\..\Run: [tvjbmonitor] C:\Programme\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programme\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Verknüpfung mit radio-b92.lnk = C:\Dokumente und Einstellungen\Administrator\Desktop\radio-b92.mp3.m3u
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Webcamera Plus Service - Ateksoft Company Ltd. - C:\Programme\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wyyo\wyyo133.exe

--
End of file - 9409 bytes

Stiklirajte sledece objekte i kliknite “Fix checked”
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O23 - Service: Wyyo Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wyyo\wyyo133.exe

Izbrisite rucno sledece fajlove
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wyyo\wyyo133.exe
C:\Programme\Wyyo\wyyo.exe

P.S. Preporucio bih vam da koristite samo Comodo firewall a kao antivirus Dr.Web ili Kaspersky Anti-Virus.

odradio sam onako kako ste mi rekli, ali jos uvek ne mogu na net

evo ga novi log, ako nesto znaci

ili jos neki savet ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:19, on 11.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Hotspot Shield\bin\openvpnas.exe
C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
C:\Programme\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Philips\SPC610NC\Monitor.exe
C:\Programme\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\COMODO\SafeSurf\cssurf.exe
C:\Programme\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
G:\blabla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SPC610NC_Monitor] C:\WINDOWS\Philips\SPC610NC\Monitor.exe
O4 - HKLM\..\Run: [tvjbmonitor] C:\Programme\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programme\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Verknüpfung mit radio-b92.lnk = C:\Dokumente und Einstellungen\Administrator\Desktop\radio-b92.mp3.m3u
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Webcamera Plus Service - Ateksoft Company Ltd. - C:\Programme\Ateksoft\WebCamera Plus\WebCamPlusSrv.exe

--
End of file - 8051 bytes

A ako u potpunosti iskljucite Comodo COMODO Internet Security?
P.S. Log je cist.

sada sam i njega iskljucio ali nista se ne menja
ali mozda je ovo interesantno da naznacim
da real player hoce da mi strimuje tv b92 bez problema
i to je jedna od retkih stvari koje hoce da mi povlaci sa neta
za ostalo kaze da se proveri konekcija i te fore

Start > Run... > cmd
Ukucajte u cmd:


Da li ste sigurni da ste dobro ugasili firewall? Cudno je da RealPlayer ostvaruje konekciju, a ostali programi ne.

P.S.
Za svaki slucaj:
• Preuzmite i instalirajte program Malwarebytes` Anti-Malware - http://www.malwarebytes.org/mbam-download.php
• Pokrenite ga i izvrsite update(Update > Check for Updates) i po zavrsetku potvrdite sa OK.
• Posle update-a odaberi Scanner, oznacite Perform full scan i pritisnite Scan.
• Kada se skeniranje zavrsi pritisnite OK, pa Show Results da vidite izvestaj.
• Proverite da li su svi pronadjeni fajlovi stiklirani(ako nisu selektujte ih), pritisnite Remove Selected i potvrdite sa OK.
• Program ce vas upitati da restartujes racunar i vi to potvrdite.
• Takodje posle ukljanjanje malware-a sa racunara dobicete log fajl(izvestaj) koji cete iskopirati ovde.

Posle toga:
Preuzmite program Dr.Web CureIt!.
• Posle preuzimanja restartujte racunar u Safe Mode(dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode - prva stavka).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt! pokretanjem fajla launch.exe.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira(to je brzo skeniranje).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning(izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

skinuo sam Malvarebyres i instalirao ga
ali nije hteo da povuce updates, kaze da se proveri konekcija sa netom
pustio sam da ga skenira ovako ber update a pa cu videti da li ce ista pronaci.
skeniranje je u toku
da li da skidam Dr.Web CureIt i da pustim i njegovo skeniranje bez obzira na rezultate ovog sadasnjeg skeniranja ?

Mozete, nacice nesto sigurno.

skeniranje Dr.Web Curelt! je u toku i kako ste mi rekli potrajace jos dugo
ali me raduje jedno da naliazi Win32.HLLW.Gavir.ini i da ga uklanja sa racunara.
iskreno se nadam da je to bio problem svih mojih problema
napisacu kada bude zavrseno i konacne rezultate ove ljute bitke

Win32.HLLW.Gavir inficira ".exe" fajlove i rasprostranjuje se po mrezi. Ako imate jos neki kompjuter povezan sa zarazenim, postoji mogucnost da je i on zarazen.

ma sve cu ih ja sada pregledati
samo da resim prvo taj prvi koji trenutno pravi najveci problem.
koji mi antivirus i zastite preporucujete u buduce da koristim na compu ?
a za ovo sve ne znam kako da vam se zahvalim

Da li imate licencu na COMODO Internet Security?
Ako nemate, onda bih vam preporucio
1. Outpost Firewall Free + Dr.Web anti-virus for Windows(Nemacki sajt/Official Site)
2. Outpost Firewall Free + Kaspersky Anti-Virus(Nemacki sajt/Official Site)
Nema na cemu, mi smo uvek tu da vam pomognemo! ;)

opet ja
da napisem izvestaj
mada nije puno bolje. ustvari ne mogu i dalje na net.
ustanovi sam na primer da mogu skype da koristim, ali ne i MSN
tv B92 mogu da strimujem ali ne i radio b92
ni jedan od internet browser_a ne moze da pridje netu
takodje ne mogu nista da updata_ujem od programa, ili jos nisam pronasao nesto sto hoce.

inace sam skenirao Dr.Web Curelt! i izbacio neke stvari.
skenirao sam jos jednom posle da budem siguran da je sve izbaceno. nije nista nasao
i pored svega toga i dalje nece na net :(

uhhh mislim da sam sve napisao

izgleda da mi na kraju nece drugo ostati nego da obrisem sve pa jovo nanovo :(

Pokusajte
Start > Run... > cmd
ukucajte

posle zavrsetka

restartujte kompjuter.