komp mi se restartuje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

avira rescue cd. e sad nenadjem fajlove sto si trazio. kad sam ubacio usb,mcsheald je detektovao da je cist,a tamo su bili ti fajlovi.

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Upload-uj ih onda preko linka koji sam ti psotavio.
Postavi svjež DDS izvještaj.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 15 Maj 2012 8:04

izvini na zakasnjenju ev ga


https://www.mycity.rs/must-login.png




https://www.mycity.rs/must-login.png

Dopuna: 15 Maj 2012 8:08

a ono na usb nenadjem u opste a nisam nista brisao necu da diram mozda mi opet zatreba i hvala ti jos jednom

• 2Ovo se svidja korisnicima: mcrule, Dejan Peic
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 15 Maj 2012 9:46

Ko ti je rekao da korsitiš ComboFix?
ComboFix nije dijagnostički alat kao oni u uputstvu i njegovim nepravilnim rukovanjem možeš oštetiti sistem.

Dopuna: 15 Maj 2012 9:50

Prikači uz poruku sljedeći fajl:

C:\ComboFix.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 12-05-13.02 - opusteno 05/14/2012 3:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2956 [GMT -7:00]
Running from: c:\documents and settings\opusteno\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\opusteno\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe"
"c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe"
"c:\windows\system32\DRIVERS\58757252.sys"
"c:\windows\system32\winupd.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-13 23:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 00:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-02-29 14:10 . 2008-04-14 04:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 04:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2008-04-14 04:41 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2008-04-13 23:07 369664 ----a-w- c:\windows\system32\html.iec
2012-04-21 01:19 . 2012-05-13 07:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 04:42 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-14_10.15.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 11:00 . 2012-05-14 10:04 66610 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2012-05-14 10:19 66610 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2012-05-14 10:19 432172 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2012-05-14 10:04 432172 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="d:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\opera.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"d:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"d:\\Program Files\\Webteh\\BSplayer\\bsplayer.exe"=
"c:\\Documents and Settings\\opusteno\\Desktop\\vlc-2.0.1-win32.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\SkyTel.EXE"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [5/3/2012 9:00 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [5/3/2012 9:00 PM 12464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/14/2012 2:06 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/14/2012 2:06 AM 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/2/2012 11:02 PM 242240]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\IObit\Advanced SystemCare 5\ASCService.exe [5/13/2012 9:05 AM 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/14/2012 2:06 AM 20696]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/23/2011 6:37 PM 641832]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/28/2012 1:06 PM 99856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/28/2012 6:42 AM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/28/2012 5:36 AM 1684736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 18:19]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1060284298-1417001333-1003Core.job
- c:\documents and settings\opusteno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 06:56]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1060284298-1417001333-1003UA.job
- c:\documents and settings\opusteno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 06:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={891FF5F3-28A5-4D73-8F5F-89D9CCDFAACE}&mid=&lang=en&ds=gm011&pr=sa&d=2012-05-02 19:12&v=10.2.0.3&sap=hp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FB2D445B-C824-4CE8-9FDC-E643A2FB3254}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\documents and settings\opusteno\Application Data\Mozilla\Firefox\Profiles\xx2ty50s.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 03:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\msi.dll
.
Completion time: 2012-05-14 03:30:01
ComboFix-quarantined-files.txt 2012-05-14 10:29
ComboFix2.txt 2012-05-14 10:19
.
Pre-Run: 9,681,788,928 bytes free
Post-Run: 9,669,095,424 bytes free
.
- - End Of File - - 49D7F6A43AD8F42C2EB72CBF66E8AE4F


evo od combofix.

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

U izvještajima nema tragova aktivne infekcije, ali je potrebno da uradiš sljedeće korake:



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno , ne pokretati program nego uraditi sledece:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.





Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



MCShield obavezno da zadržiš.




NAPOMENA za ubuduće:

Ubuduće ne pokreći ComboFix na svoju ruku, a pogotovo nemoj da puštaš na svoju ruku gotove ComboFix skripte za koje ne znaš ni šta rade (link). Ovaj put si imao sreće što nisi ostao bez ispravnog Windows-a.
To isključivo radi na zahtjev pomagača koji je profesionalac u ovoj oblasti i koji zna šta radi.



Pozdrav...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok uradio sam kako si rekao. i testirao sam pretrazivac


Qualys® BrowserCheck Results

Opera
11.64
Up To Date

Adobe Acrobat
10.1.3
Up To Date
File checked: nppdf32.dll
Installed File Version: 10.1.3

DivX Plus Web Player
2.2.0.52
Up To Date
File checked: npdivx32.dll
Installed File Version: 2.2.0.52

Shockwave Flash
11.2.202.235
Up To Date
File checked: NPSWF32_11_2_202_235.dll
Installed File Version: 11.2.202.235


to mi ispisao za pretrazivac. hvala ti puno na ovome, necu vise radit na svoju ruku. jel treba nesto jos da uradim?

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Ne treba više ništa. To bi bilo to.

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

ok. hvala jo jednom. e a sto nemogu da idem na neke stranice?

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Otvori temu u Windows potforumu i tamo iznesi problem koji imaš kao i stranice kojima ne možeš da pristupiš. Ovdje riješavamo samo probleme sa infekcijama.

http://www.mycity.rs/Windows/