Poslao: 07 Feb 2007 00:29
|
offline
- davidm
- Novi MyCity građanin
- Pridružio: 06 Feb 2007
- Poruke: 12
|
sada pise the sistem has recovered from a serious error
i ono posalji mikrosoftu poruku o problemu i ja necu a on ponovo
isto e onda ja hocu on ne uspije i vratimo se na isto sreca imam ovaj drugi
dok i njega ne zarazim on ima kasperski
Dopuna: 07 Feb 2007 0:29
ali on se ponasa normalno i kasperski nije nista pronasao
ja bih da sutra nastavimo ovu potragu
|
|
|
|
Poslao: 07 Feb 2007 00:29
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Probaj onaj Ewido Micro sto sam ti napisao.
Sve vise mi ovo lici na simptome kompa na izdisaju.
Ovakvi simptomi se javljaju kod neispravnog napajanja, neispravne maticne ploce, pregrevanja procesora, kao i kod losih drajvera.
Ajmo prvo da vidimo da li je neki malware, ako nije - onda bih ti preporucio da uradis neku dijagnozu ispravnosti hardvera.
|
|
|
|
Poslao: 07 Feb 2007 00:51
|
offline
- davidm
- Novi MyCity građanin
- Pridružio: 06 Feb 2007
- Poruke: 12
|
evo sada skidam ewido
a za ovo ostalo si potpuno u pravu dugo se druzimo ja i moj komp
imam ovaj drugi ali za prvog sam intimno vezan dugim nizom godina provedenih u druzenju i bez nekih vecih kvarova
Dopuna: 07 Feb 2007 0:47
izgleda da je nesto pronasao poslacu to cim zavrsi skeniranje
Dopuna: 07 Feb 2007 0:51
pise Worm.zhelatin.h c/Documents and settings/zoran/Local settings/applicat... High
|
|
|
|
Poslao: 07 Feb 2007 00:55
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ah, Zhelatin... prilicno je aktivan zadnjih dana, vidim po kukanju kolega sa drugih foruma.
Nabasao sam i ja na par desetina komada ovih dana sa zarazenih kompova.
Ajde obavezno postavi HJT log nakon sto Ewido ocisti, zivo me zanima gde se skrivao.
|
|
|
|
Poslao: 07 Feb 2007 01:16
|
offline
- davidm
- Novi MyCity građanin
- Pridružio: 06 Feb 2007
- Poruke: 12
|
nasao je i trojanca
Dopuna: 07 Feb 2007 1:10
nije mnoigo nasao samo 63 fajla
Dopuna: 07 Feb 2007 1:13
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\zoran\Cookies\zoran@adbrite[2].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\zoran\Cookies\zoran@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\zoran\Cookies\zoran@educationsuccess.122.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\zoran\Cookies\zoran@fastclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\zoran\Cookies\zoran@incredimailltd.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\zoran\Cookies\zoran@login.tracking101[2].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\zoran\Cookies\zoran@overture[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\zoran\Cookies\zoran@zedo[2].txt
Risk: Medium
Name: Adware.SaveNow
Path: HKLM\SOFTWARE\Classes\WUSN.1
Risk: Medium
Name: TrackingCookie.Googleadservices
Path: :mozilla.15:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.17:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Ivwbox
Path: :mozilla.36:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.62:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.71:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.72:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: :mozilla.73:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.90:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.91:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.93:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.94:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.95:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.96:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.97:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.98:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.99:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.100:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.101:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.102:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.103:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.104:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.105:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.106:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.107:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.108:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.109:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: :mozilla.110:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: :mozilla.172:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: :mozilla.173:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.178:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Googleadservices
Path: :mozilla.198:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.203:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.204:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.212:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Com
Path: :mozilla.219:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.232:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.233:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: :mozilla.234:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: :mozilla.237:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: :mozilla.240:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.251:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.252:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.253:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Komtrack
Path: :mozilla.293:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Komtrack
Path: :mozilla.295:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: :mozilla.299:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.312:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.313:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: :mozilla.317:C:\Documents and Settings\zoran\Application Data\Mozilla\Firefox\Profiles\bj8eeq65.default\cookies.txt
Risk: Medium
Name: Worm.Zhelatin.h
Path: C:\Documents and Settings\zoran\Local Settings\Application Data\IM\Identities\{F29E67CD-120D-45D5-91C2-91AF31BC2B34}\Message Store\Attachments\flash postcard.exe
Risk: High
Name: Worm.Zhelatin.k
Path: C:\Documents and Settings\zoran\Local Settings\Application Data\IM\Identities\{F29E67CD-120D-45D5-91C2-91AF31BC2B34}\Message Store\Attachments\{793963EA-C6FD-4AC8-909C-D8F10D1227BC}\flash postcard.exe
Risk: High
Name: Adware.SaveNow
Path: C:\Documents and Settings\zoran\Local Settings\Temp\VVSNInst.exe
Risk: Medium
Name: Adware.SaveNow
Path: C:\System Volume Information\_restore{CE6715FA-0C26-4472-B678-EE2F2AB0EC5C}\RP88\A0051315.dll
Risk: Medium
Name: Trojan.Messenger.a
Path: D:\programi\Paltalk\pticon1.dll
Risk: High
Dopuna: 07 Feb 2007 1:15
Logfile of HijackThis v1.99.1
Scan saved at 1:18:13 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = èttp://ie.searchîmsn.com/{SUB_RFC1766}/sòchasst/srchcust.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
Dopuna: 07 Feb 2007 1:16
toliko za veceras hvala na iscrpnoj podrsci cujemo se sutra
|
|
|
|
Poslao: 07 Feb 2007 01:23
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Samo je sledece kriticno iz tog loga:
Name: Worm.Zhelatin.h
Path: C:\Documents and Settings\zoran\Local Settings\Application Data\IM\Identities\{F29E67CD-120D-45D5-91C2-91AF31BC2B34}\Message Store\Attachments\flash postcard.exe
Risk: High
Name: Worm.Zhelatin.k
Path: C:\Documents and Settings\zoran\Local Settings\Application Data\IM\Identities\{F29E67CD-120D-45D5-91C2-91AF31BC2B34}\Message Store\Attachments\{793963EA-C6FD-4AC8-909C-D8F10D1227BC}\flash postcard.exe
Risk: High
Name: Adware.SaveNow
Path: C:\Documents and Settings\zoran\Local Settings\Temp\VVSNInst.exe
Risk: Medium
Javi sutra kakvi su simptomi, tj. kako se racunar ponasa.
|
|
|
|
Poslao: 07 Feb 2007 21:13
|
offline
- davidm
- Novi MyCity građanin
- Pridružio: 06 Feb 2007
- Poruke: 12
|
evo mene opet
izgleda da bi trebalo uraditi reparaciju windowsa posto mi pri palenju chekira ntfc a to mu je valjda neki kvar sa podlogom
i posle kada se startuje windows javi gresku da je windows ozbiljno ostecen
toliko za sada
Dopuna: 07 Feb 2007 21:13
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: Trojan.Messenger.a
Path: D:\System Volume Information\_restore{CE6715FA-0C26-4472-B678-EE2F2AB0EC5C}\RP96\A0127490.dll
Risk: High
|
|
|
|
Poslao: 07 Feb 2007 21:40
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Sve sto se nalazi u folderu System Volume Information (na svakoj particiji imas po jedan ovakav folder) je neaktivno, i moze se aktivirati tek ako nekad uradis System Restore.
Uputio bih te na iskljucivanje i ponovno ukljucivanje System Restore-a, ali nisam siguran u tvom slucaju koliko bi to pametno bilo.
Greska da je sistem ozbiljno ostecen se javlja uglavnom kada neki drajver pobrljavi, ili je hardver neispravan.
U tvom slucaju je System Restore mozda jedini spas ukoliko je u pitanju drajver.
Na sledecem linku imas uputstvo za iskljucivanje i ponovno ukljucivanje System Restorea:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kak.....WinXP.html
On ce se pri iskljucivanju isprazniti, tako da ce i taj trojanac automatski biti obrisan. Nakon toga ga ponovo ukljucis.
|
|
|
|
Poslao: 07 Feb 2007 23:19
|
offline
- davidm
- Novi MyCity građanin
- Pridružio: 06 Feb 2007
- Poruke: 12
|
sada kada sam to uradio ne mogu da pokrenem internet explorer
postu mogu da otvorim ali explorer ne
sta je moglo da se pokvari tim postupkom
|
|
|
|
Poslao: 07 Feb 2007 23:32
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Sta prijavljuje kada pokusas da pokrenes IE?
|
|
|
|