Možda tražite i:
Problem sa CD uredjajem
Problem za problemom!
[bobby]Ima nesto, ali ne znam sta. [RESENO]
Problem sa wifi na ADSL-u

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

[bobby]IE problem

Napisano na dan: 16.11.2008

Strana:
1
2
3
4
5

[bobby]IE problem

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5

maha Poslao: 17 Nov 2008 20:14 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad mi tek ništa nije jasno. Čuvam zadnji sken ComboFix-a. i kad izbacim notepad na desk. ne mogu u njemu da otvorim CFSript.txt . Jedino da opet tražim sve što si mi u prethodnoj poruci rekao pa da opet skeniram?

Profil

bobby Poslao: 17 Nov 2008 20:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sumnjam da je mozda ovaj malware napravljen da sabotira ComboFix. Probacemo jedan drugi program slicne namene: Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: Files to delete: c:\windows\system32\dk\calling.com Folders to delete: c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer Registry keys to delete: HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\msennger HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\VMware hptray Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu.

Profil

maha Poslao: 17 Nov 2008 20:40 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad iskopiram tekst koji se nalazi unutar Kod polja i prebacim u avenger pa kliknem execute pojavi se Error: Invalid Script!!!

Profil

bobby Poslao: 17 Nov 2008 20:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj ovako: Files to delete: c:\windows\system32\dk\calling.com Folders to delete: c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer Registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinReg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msennger HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\VMware hptray

Profil

maha Poslao: 17 Nov 2008 20:53 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet isto??

Profil

bobby Poslao: 17 Nov 2008 21:11 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj onda samo ovo: `Files to delete: c:\windows\system32\dk\calling.com Folders to delete: c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer` Dopuna: 17 Nov 2008 21:11 Maha, kazi mi koji si program koristio za pisanje CFScripta? Da nisi kojim slucajem snimao fajl u Unicode/UTF formatu, ili da si koristio neku ne-englesku kodnu stranicu?

Profil

maha Poslao: 17 Nov 2008 21:13 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isto...ništa! jbg zar sam toliki maler!

Profil

bobby Poslao: 17 Nov 2008 21:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Neka moja teorija je da taj malware brani pisanje skriptova. Probaj da skines skript odavde i da ga prevuces na ComboFix, mozda uspemo tako: https://www.mycity.rs/must-login.png

Profil

maha Poslao: 17 Nov 2008 21:27 Idi na vrh
offline maha Super građanin Pridružio: 06 Dec 2006 Poruke: 1152	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sken-a. ComboFix 08-11-16.01 - MAHA 2008-11-17 21:20:13.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1482 [GMT 1:00] Running from: c:\documents and settings\MAHA\Desktop\C-F.exe Command switches used :: c:\documents and settings\MAHA\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\dk\calling.com . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MAHA\Application Data\VirusRemover2008 c:\program files\WebMediaViewer c:\program files\WebMediaViewer\browseu.exe c:\program files\WebMediaViewer\browseul.dll c:\program files\WebMediaViewer\hpmom.exe c:\program files\WebMediaViewer\hpmon.exe c:\program files\WebMediaViewer\hpmun.dll c:\program files\WebMediaViewer\hpmun.exe c:\program files\WebMediaViewer\myd.ico c:\program files\WebMediaViewer\mym.ico c:\program files\WebMediaViewer\myp.ico c:\program files\WebMediaViewer\myv.ico c:\program files\WebMediaViewer\ot.ico c:\program files\WebMediaViewer\qttask.exe c:\program files\WebMediaViewer\qttaskm.exe c:\program files\WebMediaViewer\qttasku.exe c:\program files\WebMediaViewer\ts.ico c:\windows\system32\dk\calling.com . ((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 ))))))))))))))))))))))))))))))) . 2008-11-16 08:55 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby 2008-11-16 08:52 . 2008-11-16 22:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby 2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat 2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd 2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield 2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com 2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games 2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory 2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player 2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player 2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo 2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner 2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 20:20 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent 2008-11-17 16:58 --------- d-----w c:\program files\FreeGamePick.com 2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager 2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2008-11-15 12:06 --------- d-----w c:\program files\AskTBar 2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech 2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-14 06:42 --------- d-----w c:\program files\Google 2008-10-27 20:15 --------- d-----w c:\program files\Yahoo! 2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys 2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359] "Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952] "Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 21:20:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-17 21:21:23 ComboFix-quarantined-files.txt 2008-11-17 20:21:19 ComboFix2.txt 2008-11-17 18:55:05 ComboFix3.txt 2008-11-16 21:53:21 ComboFix4.txt 2008-11-16 21:14:07 ComboFix5.txt 2008-11-17 20:19:59 Pre-Run: 96,902,098,944 bytes free Post-Run: 96,889,376,768 bytes free 153

Profil

bobby Poslao: 17 Nov 2008 21:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aleluja konacno je odradio posao. Nisi mi gore odgovorio na pitanje - koji si program koristio za pisanje CFScripta?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

Ko je trenutno na forumu

Ukupno su 1380 korisnika na forumu :: 60 registrovanih, 6 sakrivenih i 1314 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Aleksandar Tomić, Atomski čoban, babaroga, bladesu, Boris Bosiljčić, Boris90, botta, ccoogg123, cenejac111, Denaya, doktor1964, Dorcolac, draganca, dragoljub11987, dule10savic, Faki-Valjevo, GandorCC, goxin, hologram, ikan, ivicasimo, JimmyNapoli, Joco Skljoco, JOntra, jukeboxer, kalens021, Karla, kokodakalo, kunktator, kybonacci, mercedesamg, Mercury, mile23, milenko crazy north, MiroslavD, mrvica78, nemkea71, nikoladim, NoOneEver Dreams, oganj123, opt1, Panter, Parker, Romibrat, ruma, ruso, Shinobi, Sirius, Sićko, slonic_tonic, solic, SR-3m, virked, VJ, Vladko, vukovi, wizzardone, YugoSlav, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by