MyCity » Ambulanta -> Arhiva Ambulante » Pristup odredjenim sajtovima !

Pristup odredjenim sajtovima !

Napisano na dan: 29.1.2011

Pristup odredjenim sajtovima !
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Jan 2011 17:32
Idi na vrh
offline
  • Pridružio: 26 Jan 2008
  • Poruke: 35
  • Gde živiš: Prijedor

Nisam bio u mogucnosti da udjem u svoj google nalog , facebook i youtube i na jos poneki sajt.
Na ostale sam normalno ulazio bez ikakvih problema.

Prilikom pokusaja da udjem pojavljuje mi se da poruka da se konektovanje ne moze ostvariti i da pokusam ponovo ili ovakva poruka na pojedine sajtove:

[Link mogu videti samo ulogovani korisnici]

a da bih se vratio i pokusao da udjem na drugu neku adresu moram dvaputa da kliknem na Leave page

[Link mogu videti samo ulogovani korisnici]

Uradio sam i mbam log nakon cega mi je savjetovano da ucinim slijedece : Resenje: nadji hosts file. Nalazi se u windows\system32\drivers folderu.
Zadnje linije bi trebalo da izgledaju ovako:
Code:
# 127.0.0.1 localhost
# ::1 localhost


Ispod toga kod tebe ide nastavak tipa:
Code:
85.242.255.97 google.com
85.242.255.97 [Link mogu videti samo ulogovani korisnici]
85.242.255.97 facebook.com
85.242.255.97 [Link mogu videti samo ulogovani korisnici]
85.242.255.97 yahoo.com

Obrisi taj nastavak. Tacnije, obrisi sve sto nije pod komentar ( # ) a nalazi se ispod linije:
Code:
# ::1 localhost

Malwarebytes' Anti-Malware 1.50.1.1100
[Link mogu videti samo ulogovani korisnici]

Database version: 5622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/27/2011 7:59:20 PM
mbam-log-2011-01-27 (19-59-12).txt

Scan type: Quick scan
Objects scanned: 135559
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\autokms.exe (RiskWare.Tool.CK) -> No action taken.

Nakon sto sam uradio po savjetu (koji sam dobio na jednom drugom forumu) sada mogu normalno da udjem u sve svoje naloge.
Temu ovdje postavljam jer sam dobio savjet da se ipak konsultujem kod vas u Ambulanti i da vidim da li je problem zaista sasvim rijesen ili postoji mogucnost da malware nisam potpuno uklonio sa racunara.

U prilogu dostavljam logove koje sam uradio pa vas molim da ih pregledate i da mi kazete da li je sada zaista sve u redu.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 13:14:39.87 on Sat 01/29/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.480.151 [GMT 1:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\csxnhaxi.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 7\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 7\plugins\npFoxitReaderPlugin.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-28 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-28 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-29 11:36:19 -------- d--h--w- c:\windows\PIF
2011-01-28 18:28:26 -------- d-----w- c:\program files\COMODO
2011-01-28 18:26:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-01-28 01:46:35 -------- d-----w- c:\docume~1\admini~1\applic~1\MCShield
2011-01-28 01:46:30 -------- d-----w- c:\program files\MCShield
2011-01-28 00:21:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-28 00:21:13 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-01-28 00:20:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-27 23:34:07 38848 ----a-w- c:\windows\avastSS.scr
2011-01-27 23:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-27 23:12:20 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-27 23:12:16 -------- d-----w- c:\program files\Trend Micro
2011-01-27 18:41:44 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-01-27 18:41:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 18:41:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-27 18:41:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-27 18:41:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 18:16:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2011-01-17 18:16:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-01-17 18:16:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-01-17 18:12:14 -------- d-----w- c:\program files\common files\DivX Shared
2011-01-13 21:13:29 -------- d-----w- c:\program files\BurnAware Free
2011-01-12 18:57:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\TechSmith
2011-01-12 18:53:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-01-11 23:01:21 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\ApplicationHistory
2011-01-11 23:00:18 -------- d-----w- c:\program files\Microsoft Transliteration Utility
2011-01-11 23:00:17 -------- d-----w- c:\program files\common files\Transliteration
2011-01-11 22:57:26 -------- d-----w- c:\windows\system32\URTTEMP
2011-01-10 22:28:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-10 22:27:22 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-01-10 22:27:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-10 22:24:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-10 22:20:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-01-10 22:20:31 -------- d-----w- c:\windows\SHELLNEW
2011-01-10 22:19:04 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2011-01-06 16:37:04 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 16:37:02 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 16:37:02 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-04 14:18:23 -------- d-----w- c:\docume~1\admini~1\applic~1\InfraRecorder
2011-01-04 14:18:19 -------- d-----w- c:\program files\InfraRecorder
2011-01-01 18:46:49 -------- d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2010-12-29 00:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-22 19:25:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-22 19:25:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 14:23:24 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-21 14:23:21 88 --sh--r- c:\windows\system32\E0181DDBF5.sys
2010-12-15 06:50:13 56 --sh--r- c:\windows\system32\F5DB1D18E0.sys
2010-12-15 06:26:56 737280 ----a-w- c:\windows\iun6002.exe
2010-12-11 10:59:00 44 ----a-w- c:\windows\system32\msssc.dll
2010-12-11 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-07 18:40:22 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22:46 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 19:08:48 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 13:18:07.90 ===============


[Link mogu videti samo ulogovani korisnici]



[Link mogu videti samo ulogovani korisnici]



[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]



Poslao: 30 Jan 2011 00:15
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav vujnovic davor!








Arrow

Log-ovi koje si postavio izgledaju prilicno cisto, sto znaci da na tvom racunaru nema malware-a.







-------------------------------------------------



Poslao: 30 Jan 2011 00:48
Idi na vrh
offline
  • Pridružio: 26 Jan 2008
  • Poruke: 35
  • Gde živiš: Prijedor

Hvala ti gorane na tvome trudu, a iako sam clan MyCity foruma vec neke 3 godine i nisam aktivan clan i smatram da ovo sto ekipa Ambulante radi je za svaku pohvalu.
Sada sam se i sam uvjerio da imam kome da se obratim za problem sa racunarom, premda sam veoma pazljiv i trudim se da surfujem odgovorno.

go AMF ...

Poslao: 30 Jan 2011 00:57
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nema na cemu da se zahvaljujes.




Kad god ima problema, ne daj Boze, tu smo da pomognemo koliko je u nasoj moci.






Pozdrav od AMF Tima.


Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Pristup odredjenim sajtovima !

Ko je trenutno na forumu
 

Ukupno su 1153 korisnika na forumu :: 126 registrovanih, 7 sakrivenih i 1020 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 4. Ozrenska, 9191vs, Abebe Bikila, Aleksandar Tomić, amaterSRB, antonije64, Apok, aramis s, Asteker, babaroga, baltazar01, blackjack, bobomicek, boj.an, boromir, Boroš, Borski1977, BORUTUS, bpvl, brkan1, BZ, Cian, cyprus, DalmatinacMF, darcaud, Darko8, DejanSt, delrey, djordje92sm, djuradj, Doca, Dolinc, Dorcolac, Dovla, dule10savic, Emanuel Arsenijevič, feanor, FOX, Georgius, ikan, istina, IvicaiMarica, Jakonjveliki, Jeremiah, Joksss, Jozo74, kendzo-andzo-boni-fju, klepesina, Korle, kunktator, KUZMAR, lacko, ljuba, LjubisaR, luka35, Makeitdrip, Mane88, Marko Marković, mačković, Metanoja, MGBRBG, mgolub, Mi lao shu, Miki01, Milan A. Nikolic, Milan Miscevic, MILJEVINAC, Milometer, milos97, mix1, momcilob55, Murko, musa, N.e.m.a.nj.a., Natuzzi, nebkv, nevjerna beba, nikoladim, ozzy, Panter, pein, Peruta, Petarvu, Povratak1912, PrincipL, promajauglavi, Razdroid, Recce, repac, royst33, Sagotolio, samo opusteno, samojednoimeznam, SamostalniReferent, sap, Savkec, Semprini, silikon, Sir Budimir, Sirius, sistem22, sluga, sova72, SOVO515, Sr.Stat., starlights, Str2022, Strasni JA, synergia, t84dar, tanakadzo, theNedjeljko, Tragač, Tribal, TRZH92, tuja, uruk, vathra, vensla, VJ, vladaa012, Vrač, XBMC, yrraf, Žrnov