hijack log hitno!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

mislim da ce log biti sasvim dovoljan!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:31, on 7/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\Socks.exe
C:\WINDOWS\System32\reader_s.exe
c:\tjwupb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\miki\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\14939064\14939064.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mobsyn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\miki\LOCALS~1\Temp\c.exe
C:\DOCUME~1\miki\LOCALS~1\Temp\b.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\blxwl.exe
C:\WINDOWS\system32\ctfmon.exe
c:\blxwl.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
c:\blxwl.exe
c:\blxwl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wiawow32.sys
C:\WINDOWS\fonts\services.exe
C:\Documents and Settings\miki\Application Data\3.exe
C:\Documents and Settings\miki\Desktop\mk30\mk30.exe
c:\mjvilnwo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\verclsid.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\mskwzyc.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msmkxvi.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinsysMon] C:\WINDOWS\system32\Socks.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [14939064] C:\Documents and Settings\All Users\Application Data\14939064\14939064.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\miki\reader_s.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\miki\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msixc.exe
O4 - HKUS\S-1-5-18\..\Run: [A00F1489F80.exe] C:\WINDOWS\TEMP\_A00F1489F80.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [A00F1489F80.exe] C:\WINDOWS\TEMP\_A00F1489F80.exe (User 'Default user')
O4 - Startup: ihaupd32.exe
O4 - Startup: zqosys32.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....9306808109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....9316833015
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: __c00F25E1 - C:\WINDOWS\system32\__c00F25E1.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7167 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Dr.Web CureIt (~13 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

dok ja ovo radim evo jos jedan log jos jednog kompa:


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada zavrsimo sa ovim slucajem onda lepo otvori novu temu i tamo postavi ovaj log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uopste ne mogu da otvorim dtranicu drweb

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj ovaj program pokrenuti


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

prvi put nisam nista mogla uraditi jer je kompjuter poceo samo da se restartuje ... ubacim instalacioni disk i ponovi instaliram xp, kako sam se prikacila na net i kako sam pocela da downloadujem drivere opet isto .. ovog puta sam stigla da uradim combofix log:

ComboFix 09-07-14.08 - Miki 07/18/2009 20:00.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1790.1524 [GMT 2:00]
Running from: c:\documents and settings\Miki\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\12460004
c:\documents and settings\All Users\Application Data\12460004\12460004
c:\documents and settings\All Users\Application Data\12460004\12460004.exe
c:\documents and settings\Miki\Application Data\bcrypt.html
c:\documents and settings\Miki\reader_s.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-5963985915-6798014176-208569700-9982
c:\recycler\S-1-5-21-9821692777-8743916865-740500118-4846
c:\recycler\S-1-5-21-9821692777-8743916865-740500118-4846\Desktop.ini
c:\recycler\S-1-5-21-9821692777-8743916865-740500118-4846\wnzip32.exe
c:\windows\msa.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\Iasex.dll
c:\windows\system32\msbrjgre.exe
c:\windows\system32\mscmeyv.exe
c:\windows\system32\msdaibbq.exe
c:\windows\system32\msdrkw.exe
c:\windows\system32\msezkl.exe
c:\windows\system32\msiirm.exe
c:\windows\system32\msiovhj.exe
c:\windows\system32\msiyuufa.exe
c:\windows\system32\mskhdvxl.exe
c:\windows\system32\mslqyqm.exe
c:\windows\system32\msnbb.exe
c:\windows\system32\msouz.exe
c:\windows\system32\mspxk.exe
c:\windows\system32\msreh.exe
c:\windows\system32\msrekic.exe
c:\windows\system32\mssbmmoj.exe
c:\windows\system32\mssnfh.exe
c:\windows\system32\msthcwoq.exe
c:\windows\system32\mstwof.exe
c:\windows\system32\msuudyf.exe
c:\windows\system32\mswlb.exe
c:\windows\system32\mswsy.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\msxpc.exe
c:\windows\system32\msxsjic.exe
c:\windows\system32\mszhnlan.exe
c:\windows\system32\mszoilp.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
c:\windows\system32\drivers\4360a163.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_ias
-------\Service_4360a163
-------\Service_6to4
-------\Service_ias


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 18:04 . 2009-07-18 17:49 90828 ----a-w- c:\windows\system32\drivers\4360a163.sys
2009-07-18 17:57 . 2004-08-04 12:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-18 17:57 . 2009-07-18 17:49 705 ----a-w- C:\dbckb.exe
2009-07-18 17:57 . 2009-07-18 17:49 25600 ----a-w- C:\aqwiry.exe
2009-07-18 17:49 . 2009-07-18 17:49 134656 ----a-w- c:\windows\system32\mobsyn.exe
2009-07-18 17:47 . 2009-07-18 17:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 17:35 . 2009-07-18 17:35 7280 ----a-w- c:\windows\system32\drivers\viamraid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 6984 ----a-w- c:\windows\system32\drivers\SiSRaid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 63240 ----a-w- c:\windows\system32\drivers\Si3112r.PNF
2009-07-18 17:35 . 2009-07-18 17:35 20152 ----a-w- c:\windows\system32\drivers\INFCACHE.1
2009-07-18 17:35 . 2009-07-18 17:35 9388 ----a-w- c:\windows\system32\drivers\iaStor.PNF
2009-07-18 17:35 . 2009-07-18 17:35 12432 ----a-w- c:\windows\system32\drivers\adpu320.PNF
2009-07-18 17:35 . 2009-07-18 17:35 12204 ----a-w- c:\windows\system32\drivers\nvraid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 10828 ----a-w- c:\windows\system32\drivers\iaAHCI.PNF
2009-07-18 17:32 . 2009-07-18 17:32 -------- d-----w- c:\program files\ATI Technologies
2009-07-18 17:31 . 2009-07-18 17:31 -------- d-----w- c:\program files\Opera 10 Beta
2009-07-18 17:14 . 2009-07-18 17:14 -------- d-----w- c:\program files\Realtek
2009-07-18 17:11 . 2009-07-18 17:11 -------- d-----w- c:\program files\Launch Manager
2009-07-18 17:09 . 2009-07-18 17:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-18 17:06 . 2009-07-18 17:06 -------- d-----w- c:\program files\Synaptics
2009-07-18 16:14 . 2009-07-18 15:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- c:\program files\microsoft frontpage
2009-07-18 15:49 . 2009-07-18 15:49 -------- d-----w- c:\program files\Java
2009-07-18 15:49 . 2009-07-18 15:49 -------- d-----w- c:\program files\Common Files\Java
2009-07-18 15:41 . 2009-07-18 15:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-07-18 17:57 212480 4E8B4F9E5CD6EB7042F726D1DEAD2DB7 c:\windows\system32\drivers\ndis.sys

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-11-10 557056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\fonts\\services.exe"=

S1 mailKmd;mailKmd; [x]
S3 usbewt;usbewt;c:\windows\system32\usbewt.sys [8/4/2004 2:00 PM 2304]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-12460004 - c:\documents and settings\All Users\Application Data\12460004\12460004.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-18 20:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@?t??????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?st>???6@??>?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4360a163]
"ImagePath"="\SystemRoot\System32\drivers\4360a163.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 20:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 18:05

Pre-Run: 75,323,457,536 bytes free
Post-Run: 75,297,550,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

152


posto ionako nista nije instalirano na kompu da li da opet reinstaliram win xp?

da li je potrebno da odradim ovo sa drweb cure???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mozemo ovako...Imas ovde nekoliko ozbiljnijih infekcija i moras striktno da radis ono sto ti kazem..

Kazi mi.. ovo je Combofix sa sveze intaliranog sistema?

Nemoj ubacivati usb uredjaje dok ne zavrsimo ciscenje...Nemoj downloadovati drajvere ili bilo koje programe...
Nemoj pokretati instalacije programa koje ti se nalaze na drugim particijama.
Moram da utvrdim kako si se opet u ovoj meri zarazila


Upload-uj file:

c:\windows\system32\drivers\ndis.sys

preko ovg linka: http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Jul 2009 20:38

uradila sam!!!

Dopuna: 18 Jul 2009 20:38

da sa novog sistema na kom nema nista!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skinuti ndis_fixer

Pokrenuti i sacekati dok se ugasi prozor konzole.

Nakon toga ce se javiti Windowsova ugradjena zastita od zamene sistemskih fajlova (ukoliko je ukljucena):


Ovde kliknuti Cancel


Ovde kliknuti Yes.

Nakon toga restartovati racunar.
Nakon restarta iskopirati log na forum. Log se nalazi na sistemskoj particiji pod imenom NDIS_Fixer.txt (obicno je sistemska particija C:, tj. log ce biti C:\NDIS_Fixer.txt)