Opera stalno izbacuje invalid url u novom tabu

skini ovaj program i spremi ga na desktop

-desni klik mišem na program i odaberi run as administrator

-sačekaj dok program ne izbaci dva loga DDS.txt i Attach.txt

-te logove uploadaj na speedyshare, a linkove kopiraj na ovu temu

izbriši preko add/remove:

-ClamAV for Windows

-avira 10

imaš comodo internet security, a on u sebi ima antivirus, tako da ti ova dva ne trebaju

nakon toga.:

-skini Tdsskiller i spremi na desktop

-desni klik mišem i odaberi run as administrator

-klik na start scan

-ako program zatraži restart nakon scana dozvoli restart

-nakon restarta kopiraj log koji će se nalaziti u c. i izgleda otprilike ovako

C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

nakon toga:

skini combofix i spremi na destop

-isključi antivirus i firewall (ako neznaš kako, izbriši CIS preko add/remove)

-desni klik mišem na ikonicu combofix.exe i odaberi run as administrator

-na sve što combofix traži odgovri potvrdno

-dok traje scan , ne dirati miš ni tipkovnicu

-kada combofix završi sa scanom izbacit će log kojeg ćeš uploadat na speedyshare

računalo ti je zaraženo sa rrootkitom i važno je da instaliraš recovery console koju će combofix ponuditi

Warning: possible TDL3 rootkit infection !

Evo gotov mi je scan i ovog drugog,treba jooš kaj? :) http://www.speedyshare.com/files/28156298/vidi.txt

otvori notepad i ovo kopiraj u notepad

KillAll::

Fcopy::
c:\windows\explorer.exe|c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

TDL::
c:\windows\system32\drivers\nvstor.sys

Files::
c:\windows\Tasks\ParetoLogic Registration3.job
c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll

Folder::
c:\program files\Common Files\ParetoLogic

Regnull::
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65A39281-CFA7-E29F-FF26-C7CA3B0FD840}*]

RegLock::
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001_Classes\CLSID\{771a64e4-441a-40e5-ad1d-34089290072d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010e
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):aa,97,1f,20,7f,ce,cb,75,70,0b,33,fa,85,2f,71,78,43,92,d0,10,8d,
   9b,fb,ed,37,f8,34,26,2c,c4,2b,b1,ac,d8,c0,97,e0,61,32,37,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)

zatvori notepad i spremi kao CFscript na desktop

-isključi antivirus i firewall

-skriptu sa mišem uvuci u combofix.exe

-combofix će se opet pokrenuti, sačekaj dok ne završi i log kopiraj

http://slike.hr/slike/cfscriptb4_22c68.gif.html

što piše na plavom ekranu, koju grešku javlja ?...

 možeš li uslikati ekran, ili mi napiši ovo što sam označio na slici

restartiraj računalo i odaberi Microsoft Windows Recovery Console

-upiši 1 >potvrdi sa enter

-upiši FIXMBR > potvrdi sa enter

-upiši y > potvrdi sa enter

-kada windows popravi mbr upiši EXIT , restartiraj računalo i javi kako je

za napravit system restore, trebaš znat što upisat...uradi kako sam napisa, mislim da je problem u MBR, pošto si imao rotkit

Jesi probao ući u "safe mode with networking"? Ako ne znaš ući, pritišći F8 kad se pojavi drugi post screen, zatim "  safe mode with networking"

  Ja ovako bootam sa Phoenix AwardBIOSom: First boot device postavim "cd/dvd", zatim spremim postavke. Jesi siguran da si napravio sve kako treba?