Pristup odredjenim sajtovima !

Pristup odredjenim sajtovima !

offline
  • Pridružio: 26 Jan 2008
  • Poruke: 35
  • Gde živiš: Prijedor

Nisam bio u mogucnosti da udjem u svoj google nalog , facebook i youtube i na jos poneki sajt.
Na ostale sam normalno ulazio bez ikakvih problema.

Prilikom pokusaja da udjem pojavljuje mi se da poruka da se konektovanje ne moze ostvariti i da pokusam ponovo ili ovakva poruka na pojedine sajtove:

flickr.com/photos/57706326@N05/5394177490/

a da bih se vratio i pokusao da udjem na drugu neku adresu moram dvaputa da kliknem na Leave page

flickr.com/photos/5...N05/5393579791/in/photostream/

Uradio sam i mbam log nakon cega mi je savjetovano da ucinim slijedece : Resenje: nadji hosts file. Nalazi se u windows\system32\drivers folderu.
Zadnje linije bi trebalo da izgledaju ovako:
Code:
# 127.0.0.1 localhost
# ::1 localhost


Ispod toga kod tebe ide nastavak tipa:
Code:
85.242.255.97 google.com
85.242.255.97 google.com
85.242.255.97 facebook.com
85.242.255.97 facebook.com
85.242.255.97 yahoo.com

Obrisi taj nastavak. Tacnije, obrisi sve sto nije pod komentar ( # ) a nalazi se ispod linije:
Code:
# ::1 localhost

Malwarebytes' Anti-Malware 1.50.1.1100
malwarebytes.org

Database version: 5622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/27/2011 7:59:20 PM
mbam-log-2011-01-27 (19-59-12).txt

Scan type: Quick scan
Objects scanned: 135559
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\autokms.exe (RiskWare.Tool.CK) -> No action taken.

Nakon sto sam uradio po savjetu (koji sam dobio na jednom drugom forumu) sada mogu normalno da udjem u sve svoje naloge.
Temu ovdje postavljam jer sam dobio savjet da se ipak konsultujem kod vas u Ambulanti i da vidim da li je problem zaista sasvim rijesen ili postoji mogucnost da malware nisam potpuno uklonio sa racunara.

U prilogu dostavljam logove koje sam uradio pa vas molim da ih pregledate i da mi kazete da li je sada zaista sve u redu.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 13:14:39.87 on Sat 01/29/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.480.151 [GMT 1:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292380418562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\csxnhaxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 7\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 7\plugins\npFoxitReaderPlugin.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-28 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-28 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-29 11:36:19 -------- d--h--w- c:\windows\PIF
2011-01-28 18:28:26 -------- d-----w- c:\program files\COMODO
2011-01-28 18:26:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-01-28 01:46:35 -------- d-----w- c:\docume~1\admini~1\applic~1\MCShield
2011-01-28 01:46:30 -------- d-----w- c:\program files\MCShield
2011-01-28 00:21:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-28 00:21:13 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-01-28 00:20:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-27 23:34:07 38848 ----a-w- c:\windows\avastSS.scr
2011-01-27 23:33:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-27 23:12:20 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-27 23:12:16 -------- d-----w- c:\program files\Trend Micro
2011-01-27 18:41:44 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-01-27 18:41:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 18:41:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-27 18:41:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-27 18:41:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 18:16:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2011-01-17 18:16:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-01-17 18:16:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-01-17 18:12:14 -------- d-----w- c:\program files\common files\DivX Shared
2011-01-13 21:13:29 -------- d-----w- c:\program files\BurnAware Free
2011-01-12 18:57:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\TechSmith
2011-01-12 18:53:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-01-11 23:01:21 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\ApplicationHistory
2011-01-11 23:00:18 -------- d-----w- c:\program files\Microsoft Transliteration Utility
2011-01-11 23:00:17 -------- d-----w- c:\program files\common files\Transliteration
2011-01-11 22:57:26 -------- d-----w- c:\windows\system32\URTTEMP
2011-01-10 22:28:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-10 22:27:22 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-01-10 22:27:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-10 22:24:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-10 22:20:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-01-10 22:20:31 -------- d-----w- c:\windows\SHELLNEW
2011-01-10 22:19:04 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2011-01-06 16:37:04 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 16:37:02 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 16:37:02 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-04 14:18:23 -------- d-----w- c:\docume~1\admini~1\applic~1\InfraRecorder
2011-01-04 14:18:19 -------- d-----w- c:\program files\InfraRecorder
2011-01-01 18:46:49 -------- d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2010-12-29 00:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-22 19:25:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-22 19:25:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 14:23:24 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-21 14:23:21 88 --sh--r- c:\windows\system32\E0181DDBF5.sys
2010-12-15 06:50:13 56 --sh--r- c:\windows\system32\F5DB1D18E0.sys
2010-12-15 06:26:56 737280 ----a-w- c:\windows\iun6002.exe
2010-12-11 10:59:00 44 ----a-w- c:\windows\system32\msssc.dll
2010-12-11 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-07 18:40:22 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22:46 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 19:08:48 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 13:18:07.90 ===============


mycity.rs/must-login.png



mycity.rs/must-login.png



mycity.rs/must-login.png


mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav vujnovic davor!








Arrow

Log-ovi koje si postavio izgledaju prilicno cisto, sto znaci da na tvom racunaru nema malware-a.







-------------------------------------------------

offline
  • Pridružio: 26 Jan 2008
  • Poruke: 35
  • Gde živiš: Prijedor

Hvala ti gorane na tvome trudu, a iako sam clan MyCity foruma vec neke 3 godine i nisam aktivan clan i smatram da ovo sto ekipa Ambulante radi je za svaku pohvalu.
Sada sam se i sam uvjerio da imam kome da se obratim za problem sa racunarom, premda sam veoma pazljiv i trudim se da surfujem odgovorno.

go AMF ...

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nema na cemu da se zahvaljujes.




Kad god ima problema, ne daj Boze, tu smo da pomognemo koliko je u nasoj moci.






Pozdrav od AMF Tima.


Ziveli

Ko je trenutno na forumu
 

Ukupno su 1238 korisnika na forumu :: 30 registrovanih, 5 sakrivenih i 1203 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Arsenije, babaroga, bojan_t, bufanje, cenejac111, dankisha, darcaud, DonRumataEstorski, Dorcolac, DPera, havoc995, Kubovac, kuntalo, lord sir giga, MB120mm, misa1xx, MrNo, nemkea71, nextyamb, operniki, Povratak1912, Prašinar, prle122, procesor, repac, Romibrat, Srky Boy, Srle993, theNedjeljko