E ovako sad ja pokrenem operu normalno surfam po netu i kad kliknem na neku stranicu npr na bugu najčitanije teme izbaci mi ovo u novom tabu i tako svaki put u čemu bi bio problem? Nemogu normalno surfati jer što god kliknem ovo mi izbaci :( otvori on bug i sve to al kad otvori to on izbaci i ovo tak da mi je puna opera tabova
Opera stalno izbacuje invalid url u novom tabu
- poruka: 37
- |
- čitano: 7.511
- |
- moderatori:
pirat, Lazarus Long, XXX-Man, vincimus
skini ovaj program i spremi ga na desktop
-desni klik mišem na program i odaberi run as administrator
-sačekaj dok program ne izbaci dva loga DDS.txt i Attach.txt
-te logove uploadaj na speedyshare, a linkove kopiraj na ovu temu
Evo to je u winraru vidihttp://www.speedyshare.com/files/28154486/to_je_to
izbriši preko add/remove:
-ClamAV for Windows
-avira 10
imaš comodo internet security, a on u sebi ima antivirus, tako da ti ova dva ne trebaju
nakon toga.:
-skini Tdsskiller i spremi na desktop
-desni klik mišem i odaberi run as administrator
-klik na start scan
-ako program zatraži restart nakon scana dozvoli restart
-nakon restarta kopiraj log koji će se nalaziti u c. i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
nakon toga:
skini combofix i spremi na destop
-isključi antivirus i firewall (ako neznaš kako, izbriši CIS preko add/remove)
-desni klik mišem na ikonicu combofix.exe i odaberi run as administrator
-na sve što combofix traži odgovri potvrdno
-dok traje scan , ne dirati miš ni tipkovnicu
-kada combofix završi sa scanom izbacit će log kojeg ćeš uploadat na speedyshare
računalo ti je zaraženo sa rrootkitom i važno je da instaliraš recovery console koju će combofix ponuditi
Warning: possible TDL3 rootkit infection !
Evo ovo je ono tds
http://www.speedyshare.com/files/28156011/TDSSKiller.2.4.21.0_26.04.2011_16.23.44_log.txt
sad idem skinuti combo i dalje
Evo gotov mi je scan i ovog drugog,treba jooš kaj? :) http://www.speedyshare.com/files/28156298/vidi.txt
sačekaj da pogledam log
otvori notepad i ovo kopiraj u notepad
KillAll::
Fcopy::
c:\windows\explorer.exe|c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
TDL::
c:\windows\system32\drivers\nvstor.sys
Files::
c:\windows\Tasks\ParetoLogic Registration3.job
c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll
Folder::
c:\program files\Common Files\ParetoLogic
Regnull::
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65A39281-CFA7-E29F-FF26-C7CA3B0FD840}*]
RegLock::
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001_Classes\CLSID\{771a64e4-441a-40e5-ad1d-34089290072d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010e
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2086809585-1348515365-522151382-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):aa,97,1f,20,7f,ce,cb,75,70,0b,33,fa,85,2f,71,78,43,92,d0,10,8d,
9b,fb,ed,37,f8,34,26,2c,c4,2b,b1,ac,d8,c0,97,e0,61,32,37,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
zatvori notepad i spremi kao CFscript na desktop
-isključi antivirus i firewall
-skriptu sa mišem uvuci u combofix.exe
-combofix će se opet pokrenuti, sačekaj dok ne završi i log kopiraj
što piše na plavom ekranu, koju grešku javlja ?...
PROCESS1_INITIALIZATION-FAILED
TEHNICAL INFORMATION
***STOP:0x0000006B (0x00000000,0x00000000,0x00000000,0x00000000)
collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory
dumping physical memory to disk:100
physical memory dump complete,onda ipod da nek kontaktiram admina neke tak.
za napravit system restore, trebaš znat što upisat...uradi kako sam napisa, mislim da je problem u MBR, pošto si imao rotkit
MBR - Restore Windows 7 Master Boot Record
kada ideš u safe mode, imaš li opciju last known good configuration ?
na ovom linku je slikovito opisano kako popraviti MBR
Sad zovi HAK
Oke,pomoc cu ti
Stavi Dvd od windowsa i reinstal :)
Pa u bios stavi da ti boota sa cd/Dvda
Dalje znas valjda sam
Jesi probao ući u "safe mode with networking"? Ako ne znaš ući, pritišći F8 kad se pojavi drugi post screen, zatim " safe mode with networking"
Ja ovako bootam sa Phoenix AwardBIOSom: First boot device postavim "cd/dvd", zatim spremim postavke. Jesi siguran da si napravio sve kako treba?