Opet infection!

1

Opet infection!

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Ne znam gde ih vise pokupim GUZ - Glavom U Zid

Ukratko komp koci,slika na tv secka,uzasno spor....

GMER nije mogao da skenira cak ni iz vise pokusaja...

Mbam mi je izbacio ovaj izvestaj:

Malwarebytes' Anti-Malware 1.41
Verzija baze podataka: 3268
Windows 5.1.2600 Service Pack 3

12/12/2009 9:55:51 PM
mbam-log-2009-12-12 (21-55-51).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 13
Proteklo vreme: 5 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)


Medjutim kada je skeniranje zavrseno pojavilo mi se ovo na slici cega u izvestaju nema:





DDS (Ver_09-12-01.01) - NTFSx86
Run by Milan at 22:17:53.62 on Sat 12/12/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.155 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\net.exe
C:\Documents and Settings\Milan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Shell=Explorer.exe csrcs.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0 ce\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - c:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: TBSB00982 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
StartupFolder: c:\docume~1\milan\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236764830906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236778031203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\milan\applic~1\mozilla\firefox\profiles\default.eq1\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-2 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-28 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-28 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-7-5 10752]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-11-23 31616]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

=============== Created Last 30 ================

2009-12-12 20:34:14 918 --sha-r- c:\windows\system32\autorun.i
2009-12-12 20:34:13 853 --sha-r- c:\windows\system32\autorun.in
2009-12-05 21:25:51 0 d-----w- c:\program files\common files\NSV
2009-12-05 18:48:46 0 --sha-r- C:\khv
2009-11-30 15:02:00 921632 ----a-w- C:\PA7302.DAT
2009-11-27 20:49:54 19286 ----a-w- C:\cleanup.exe
2009-11-23 19:07:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-23 19:02:57 0 d-----r- c:\program files\Skype
2009-11-23 18:11:32 0 d-----w- c:\docume~1\milan\applic~1\Reallusion
2009-11-23 15:10:55 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-23 15:10:55 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-23 15:08:50 81 --sh--r- c:\windows\CT4CET.bin
2009-11-23 15:07:31 5632000 ----a-w- c:\windows\system32\RLVirtualCamera.ocx
2009-11-23 15:07:31 31616 ----a-w- c:\windows\system32\drivers\RLVrtAuCbl.sys
2009-11-23 15:07:27 0 d-----w- c:\program files\common files\Reallusion
2009-11-23 15:07:26 0 d-----w- c:\program files\Reallusion
2009-11-23 15:02:37 48128 ----a-w- c:\windows\system32\Remove.exe
2009-11-23 15:02:37 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-11-23 15:02:37 302 ----a-w- c:\windows\system32\Remover.ini
2009-11-23 15:02:37 0 d-----w- c:\program files\common files\Eye 312
2009-11-23 15:02:36 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2009-11-23 15:02:33 566 ----a-w- c:\windows\system32\SP7302.ini
2009-11-23 15:02:33 14336 ----a-w- c:\windows\system32\P7302USD.dll
2009-11-23 15:02:33 129024 ----a-w- c:\windows\system32\SP7302.ax
2009-11-23 15:02:32 0 d-----w- c:\windows\PixArt
2009-11-23 15:02:32 0 d-----w- c:\program files\common files\Pac7302
2009-11-19 01:56:09 0 d-----w- c:\docume~1\milan\applic~1\EA
2009-11-19 01:55:19 0 d-----w- c:\docume~1\alluse~1\applic~1\EA
2009-11-17 20:03:12 6164 ----a-w- c:\documents and settings\milan\.recently-used.xbel
2009-11-16 22:24:36 0 d-----w- c:\program files\Advanced GIF Animator
2009-11-16 22:18:25 6144 --sha-w- C:\Thumbs.db
2009-11-15 01:33:49 0 d-----w- c:\docume~1\milan\applic~1\DScaler4

==================== Find3M ====================

2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 09:38:32 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-09-23 21:18:44 7060 ----a-w- c:\documents and settings\milan\FMCodec.dat
2009-08-07 13:48:40 5543 ----a-w- c:\program files\Yurecnik.ini
2009-01-17 16:03:08 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2009-01-17 15:59:50 28702 ----a-w- c:\program files\Uninstal.exe
2009-01-17 15:59:50 1998 ----a-w- c:\program files\uninstal.log
1999-08-02 09:47:06 387072 ----a-w- c:\program files\YuRecnik.exe
1999-08-02 09:40:26 219648 ----a-w- c:\program files\MiniYuRecnik.exe
1999-08-02 09:35:42 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35:40 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43:36 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08:16 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26:24 469504 ----a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59:30 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48:20 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46:32 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21:22 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17:34 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32:50 16896 ----a-w- c:\program files\Monologw.exe
2008-04-14 18:43:08 987330 --sha-r- c:\windows\system32\csrcs.exe

============= FINISH: 22:18:48.34 ===============




mycity.rs/must-login.png


mycity.rs/must-login.png


AVG mi je nasao i pise da je uklonio sledece:


offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

ComboFix 09-12-11.05 - Milan 12/13/2009 1:12.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.621 [GMT 1:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\Milan\Application Data\.#
C:\Thumbs.db
c:\windows\system32\csrcs.exe

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-05 21:25 . 2009-12-05 21:25 -------- d-----w- c:\program files\Common Files\NSV
2009-12-03 01:06 . 2009-12-03 16:42 79488 ----a-w- c:\documents and settings\Milan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-30 15:02 . 2009-12-04 19:59 921632 ----a-w- C:\PA7302.DAT
2009-11-29 16:56 . 2009-11-29 16:56 -------- d-----w- c:\documents and settings\Milan\Local Settings\Application Data\Mozilla
2009-11-23 19:07 . 2009-12-12 15:02 -------- d-----w- c:\documents and settings\Milan\Application Data\skypePM
2009-11-23 19:07 . 2009-11-23 19:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-23 19:05 . 2009-12-13 00:09 -------- d-----w- c:\documents and settings\Milan\Application Data\Skype
2009-11-23 19:03 . 2009-11-23 19:03 -------- d-----w- c:\program files\Common Files\Skype
2009-11-23 19:02 . 2009-11-23 19:03 -------- d-----r- c:\program files\Skype
2009-11-23 18:49 . 2009-11-23 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-23 18:11 . 2009-11-23 18:11 -------- d-----w- c:\documents and settings\Milan\Application Data\Reallusion
2009-11-23 15:10 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-23 15:10 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-23 15:08 . 2009-11-23 15:08 81 --sh--r- c:\windows\CT4CET.bin
2009-11-23 15:07 . 2007-03-19 15:00 31616 ----a-w- c:\windows\system32\drivers\RLVrtAuCbl.sys
2009-11-23 15:07 . 2009-11-23 15:07 -------- d-----w- c:\program files\Common Files\Reallusion
2009-11-23 15:07 . 2009-11-23 15:08 -------- d-----w- c:\program files\Reallusion
2009-11-23 15:02 . 2009-11-23 15:02 -------- d-----w- c:\program files\Common Files\Eye 312
2009-11-23 15:02 . 2007-10-04 16:42 48128 ----a-w- c:\windows\system32\Remove.exe
2009-11-23 15:02 . 2007-06-14 17:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-11-23 15:02 . 2006-11-20 08:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2009-11-23 15:02 . 2006-10-12 10:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2009-11-23 15:02 . 2009-11-23 15:02 -------- d-----w- c:\program files\Common Files\Pac7302
2009-11-23 15:02 . 2009-11-23 15:02 -------- d-----w- c:\windows\PixArt
2009-11-19 01:56 . 2009-11-19 01:56 -------- d-----w- c:\documents and settings\Milan\Application Data\EA
2009-11-19 01:55 . 2009-11-19 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
2009-11-16 22:24 . 2009-11-16 22:24 -------- d-----w- c:\program files\Advanced GIF Animator
2009-11-15 01:33 . 2009-11-15 01:39 -------- d-----w- c:\documents and settings\Milan\Application Data\DScaler4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 22:12 . 2009-02-12 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-12 22:07 . 2008-12-02 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 21:15 . 2009-10-11 17:31 2 ----a-w- c:\windows\system32\Dvbpws.dll
2009-12-12 20:56 . 2008-12-03 22:45 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 20:45 . 2008-12-02 18:37 -------- d-----w- c:\program files\Winamp
2009-12-03 16:56 . 2009-02-12 15:21 -------- d-----w- c:\program files\Google
2009-12-03 15:14 . 2008-12-02 18:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-12-02 18:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 01:29 . 2009-07-08 22:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-28 20:31 . 2008-12-02 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 10:49 . 2009-02-27 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 20:03 . 2009-09-17 17:50 -------- d-----w- c:\documents and settings\Milan\Application Data\gtk-2.0
2009-11-06 21:40 . 2009-03-17 23:05 -------- d-----w- c:\documents and settings\Milan\Application Data\MxBoost
2009-11-06 14:04 . 2008-12-02 17:13 25056 ----a-w- c:\documents and settings\Milan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 09:32 . 2008-12-29 18:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 09:30 . 2009-11-06 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-11-06 09:30 . 2009-11-06 09:30 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-11-06 09:21 . 2009-11-06 09:09 -------- d-----w- c:\program files\Photoshop CS2
2009-10-30 07:36 . 2009-10-30 07:32 -------- d-----w- c:\program files\GameHouse Games Collection
2009-10-25 12:26 . 2009-02-16 13:33 -------- d-----w- c:\program files\Microsoft
2009-10-25 09:38 . 2009-10-25 09:38 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-09-23 21:18 . 2009-09-21 17:19 7060 ----a-w- c:\documents and settings\Milan\FMCodec.dat
2009-08-07 13:48 . 2009-01-17 16:01 5543 ----a-w- c:\program files\Yurecnik.ini
2009-01-17 16:03 . 2009-01-17 16:03 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2009-01-17 15:59 . 2009-01-17 15:59 1998 ----a-w- c:\program files\uninstal.log
2009-01-17 15:59 . 1999-01-25 04:27 28702 ----a-w- c:\program files\Uninstal.exe
1999-08-02 09:47 . 1999-08-02 09:47 387072 ----a-w- c:\program files\YuRecnik.exe
1999-08-02 09:40 . 1999-08-02 09:40 219648 ----a-w- c:\program files\MiniYuRecnik.exe
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 ----a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

------- Sigcheck -------

[-] 2008-04-14 00:10 . 0566A860B83C35AA10F9987C89DEDC79 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-09-09 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-08-13 07:40 1862592 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu02012\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-11 198160]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Milan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/2/2008 7:47 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/2/2008 7:47 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/28/2008 3:28 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/28/2008 3:28 PM 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 8:13 AM 34064]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [7/5/2009 10:40 AM 10752]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [11/23/2009 4:07 PM 31616]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 4:23 PM 133104]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\default.eq1\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-13 01:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

scanning hidden files ...


c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\documents and settings\Milan\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 3

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8652850C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72f0852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71fcbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7209a21
SendHandler -> NDIS.sys @ 0xf71e787b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-13 01:23:13
ComboFix-quarantined-files.txt 2009-12-13 00:23
ComboFix2.txt 2009-10-11 10:00

Pre-Run: 747,986,944 bytes free
Post-Run: 734,048,256 bytes free

- - End Of File - - 34BBB787A95B66F9B6CE90B2DEB712D0

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jel moze ovaj slucaj da ceka do sutra uvece...Posto mi je sutra pakleni dan sto se tice obaveza(van sveta interneta)

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Nije problem ali sad vise ne mogu da pokrenem windows. Sinoc se komp resetovao i od tad ne mogu da ga pokrenem ni iz safe mode-a.Sad pisem sa drugovog kompa!Kad ga upalim izbaci ovaj text:

We apologize for the inconvenience,but windows did not start sucesfully.A recent hardware or software change might have caused this.

If your computer stopped respondly restarted unexpectedly or was automatically shut down to protect your files and folders choose last known good configuration to revert to the most settings that worked.

If a previous startup attemp was interputed due to a power failure or because the power or reset button was pressed on if you aren't sure what caused the problem,choose start windows normaly.


Pa su ispod opcije:

-Safe mode
-Safe mode with networking
-Safe mode with command prompt
-Last know good configuration (your most recent settings that worked)
-Start windows normaly.

Bilo sta da potvrdim nista se ne desava.

Jedino sam u jednom trenutku ako se ne varam iz command promp-a uspeo da vidim sledecu poruku:

Windows could not start because the folowing file is missing or corrupt:

<WINDOWS ROOT>\system32\hal.dll

Please reinstal a copy of the abowe file.


Sta da radim? Pomoc mi je hitno potrebna treba da radim nesto za fax.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uf..sve lepse od lepseg...Jel imas instalacioni disk..moracemo da koristimo recovery konzolu i za hall.dll. i za infekciju

Probaj nesto od ova dva predloga :

1. Citat:Boot from your CD and follow the directions to start Recovery Console. Then:

Attrib -H -R -S C:\Boot.ini
DEL C:\Boot.ini
BootCfg /Rebuild
Fixboot



2.
Citat:Boot from your CD and follow the directions below to start Recovery Console.

Insert the Setup compact disc (CD) and restart the computer. If prompted, select any options required to boot from the CD.
When the text-based part of Setup begins, follow the prompts; choose the repair or recover option by pressing R.

If you have a dual-boot or multiple-boot system, choose the installation that you need to access from the Recovery Console.
When prompted, type the Administrator password. (if you didn't create one try pressing enter).

At the system prompt, type Recovery Console commands; type help for a list of commands, or help commandname for help on a specific command.

Most likely you will need to expand the file from the CD. The command would be expand d:\i386\hal.dl_ c:\windows\system32\hal.dll. Substitute d: for the drive letter of your CD. Once you have expanded the file type "exit" to exit the Recovery Console and restart the computer.


Kako se koristi recovery konzola...

http://www.windowsnetworking.com/articles_tutorials/wxprcons.html


Pokusaj srediti taj hal.dll problem do veceras

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Napisano: 14 Dec 2009 11:03

Problem je sto nemam instalacioni disk Windowsa SadSadSadSad

Dopuna: 14 Dec 2009 11:06

i ne znam gde da ga nadjem...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Onda se apsolutno nista ne moze uraditi Sad

Pa jel ne mozes da uzmes od komsije.nama treba samo recovery konzola..nema veze ako nisu isti service pack i sl.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Napisano: 14 Dec 2009 11:15

ajde videcu da ga pronadjem do veceras.samo mi reci jel ovo sve sto si napisao,sto treba da uradim ako nabavim instalacioni disk? ili ima jos nesto?

Dopuna: 14 Dec 2009 11:16

ovo pitam jer mi ovaj komsija nije blizu,pa ne mogu cesto da kucam sa njegovog kompa.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

da to je sve...bitno je da osposobimo racunar kolko tolko..ako ne uspe ovo sa hal.dll.. mozes uraditi repair sistema...znaci nista nece biti obrisano sa sistemske particije..repair nije isto sto i formatiranje

a repair se radi na sledeci nacin :

http://www.mycity.rs/Windows/Recovery-konzola-i-Re.....jenja.html

U sustini ..tvoj izbor... repair ili recovery i one komande...

Ko je trenutno na forumu
 

Ukupno su 1228 korisnika na forumu :: 41 registrovanih, 5 sakrivenih i 1182 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, AK - 230, Asparagus, babaroga, ccoogg123, cifra, croato, darcaud, dragoljub11987, Duh sa sekirom, Dvojac005, Excalibur13, FOX, GenZee, hooraay, Istman, krkalon, Kruger, Krusarac, Krvava Devetka, lord sir giga, Lubica, Marko Marković, mercedesamg, milenko crazy north, naki011, nemkea71, NoOneEver Dreams, nuke92, opt1, pera bager, raptorsi, sombrero, Srky Boy, vasa.93, virked, VJ, Vlad000, voja64, VP6919, zdrebac