|
[ bykoki @ 06.12.2009. 21:16 ] @
[ Dashkes @ 06.12.2009. 21:25 ] @
Skinite Windows XP (KB894391) i instalirajte. Posle instalacije restartujte racunar.
Moze log HijackThis-a? [ bykoki @ 06.12.2009. 21:31 ] @
Logfile of HijackThis v1.99.1
Scan saved at 22:30:37, on 6.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe D:\INSTALL\PFOTO FILTRE\PhotoFiltre\PhotoFiltre.exe D:\INSTALL\totalcmd\TOTALCMD.EXE D:\INSTALL\majstor.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\INSTALL\Adobe reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe [ Dashkes @ 06.12.2009. 21:47 ] @
Log izgleda cist. Da li se posle instalacije zakrpe pojavljuje problem?
[ bykoki @ 06.12.2009. 21:59 ] @
Zasad ne. Unapred ti hvala!
Koki [ bykoki @ 06.12.2009. 22:00 ] @
Sutra cu se javit ako bude problema!
[ bykoki @ 06.12.2009. 22:02 ] @
Evo opet se javio, ja sam WindowsXP-KB894391-x86-ENU instaliro sa USB
[ bykoki @ 07.12.2009. 09:46 ] @
Sinoc mi se opet javila ona poruka(gore prikacena) sad ne znam sta da radim?
[ magna86 @ 07.12.2009. 16:56 ] @
Hajmo mi na dublje skeniranje:
Skini DDS Program na Desktop http://download.bleepingcomputer.com/sUBs/dds.scr Dvoklikom pokreni dds.scr Kad zavrsi, DDS ce otvoriti dva loga: 1. DDS.txt 2. Attach.txt Oba izvestaja sacuvaj na Desktop. Kopiraj mi DDS.txt [ bykoki @ 07.12.2009. 17:24 ] @
DDS (Ver_09-12-01.01) - FAT32x86 Run by User at 18:22:20,35 on ŠCF 07.12.2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.277 [GMT 1:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\DX1BA1T8\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe mRun: [AtiPTA] atiptaxx.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd mRun: [Adobe Reader Speed Launcher] "d:\install\adobe reader\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE mPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\mp75aela.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: d:\install\adobe reader\acrobat\browser\nppdf32.dll FF - plugin: d:\install\adobe reader\reader\browser\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-9-17 141312] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 55656] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2004-12-30 6369] S4 SoftVelocity IP Data Server;SoftVelocity IP Data Server;d:\ip data server\ipreq.exe --> d:\ip data server\IPReq.exe [?] =============== Created Last 30 ================ 2009-12-06 21:55:44 0 d--h--w- c:\windows\$hf_mig$ 2009-11-30 21:36:27 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2009-11-11 08:51:20 1076 ----a-w- C:\index.html ==================== Find3M ==================== 2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-27 07:46:12 78 ----a-w- C:\vrati.bat ============= FINISH: 18:22:40,25 =============== [ magna86 @ 07.12.2009. 21:07 ] @
Ovim logom smo utvrdili da ti sistem nije inficiran.
Odradi Automatic Update za prvu ruku. http://www.ust.hk/itsc/compenv/browser/winupdate.html note: umesto "Automatic Updates" stikliraj "Notify Me But Don't Automatically Download or Install Them" Skini sve zakrpe osim WGA (Windows Genuine Advantage) Ta zakrpa ti netreba. http://en.wikipedia.org/wiki/Windows_Genuine_Advantage [ bykoki @ 07.12.2009. 21:43 ] @
Napravio sam! vidicu sutra njegovo ponasanje.
Hvala! Koki [ bykoki @ 09.12.2009. 17:55 ] @
I sinoc i danas mi se opet pojavljuje!
[ valjan @ 10.12.2009. 07:35 ] @
A da li si mozda kliknuo na onaj "click here" link iznad "Send error report" dugmeta pa pogledao malo vise detalja o ovoj gresci?
[ bykoki @ 10.12.2009. 10:50 ] @
Jesam ali to mi puno neznaci posto slabo stojim sa engleskim!
[ Zoran Rodic @ 10.12.2009. 11:02 ] @
Možeš prikačiti screenshot, pa postaviti ovde da probamo sa tumačenjem toga što pišr.
Mene tu više zanima, kakva je instalacija XP-a u pitanju, da li je legalna, ili neka budževina, kao što je Black Edition ... i slično? Kada si instalirao taj sistem, da li je bio clean install ili gaženje, da li si nešto instalirao neposredno pre manifestovanja ovog problema? Temu ćemo verovatno prebaciti u Windows desktop, pa da znaš gde da je tražiš [ bykoki @ 10.12.2009. 11:22 ] @
Normalan xp profesional, mozda sam nesto izbriso sa CC Clinerom iz registar baze, nista drugo nisam radio! Pozdrav!
[ bykoki @ 10.12.2009. 11:23 ] @
kad mi i izbaci gresku onda cu vam poslati!
[ bykoki @ 10.12.2009. 12:35 ] @
Evo prikacio sam kako izgleda!
[ bykoki @ 10.12.2009. 15:09 ] @
Evo kad kliknem na technical informacion izbaci mi ovo dole!
[ bykoki @ 10.12.2009. 15:13 ] @
Ovo mi je startu naCCliner
[ valjan @ 10.12.2009. 15:37 ] @
Tebi u stvari puca neki od aktivnih procesa. Sigurno imas upisano mnogo vise detalja u Event Vieweru - klinki na Start > Run, ukucaj "eventvwr.msc" i pogledaj pod Application i pod System da li ima nekih gresaka (crveni kruzic) ili upozorenja (zuti usklicnik), i sigurno ce se pojaviti nesto vezano za Generic Host Processes ili za svchost.exe, pa cemo mzoda na taj nacin brze saznati koji proces tebe zafrkava. Kada dvokliknes na bilo koji od redova, dobijes vise detalja, odakle mozes jednostavno selektovati tekst misem i kopirati ga ovamo...
[ bykoki @ 10.12.2009. 16:19 ] @
Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x597117c2.
For more information, see Help and Support Center at ovo mi na vise mesta pokazuje ppod aplikacijama a ovo dole pod sistemom -------------------------------------------------------- The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. ----- Your computer has lost the lease to its IP address 192.168.100.11 on the Network Card with network address 000B6A1FA604. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ----------- The browser has forced an election on network \Device\NetBT_Tcpip_{5D96EF4D-B4D0-41B8-89E3-8842BAC4F004} because a master browser was stopped. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------ DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ---------- The following boot-start or system-start driver(s) failed to load: AFD AmdK7 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sp_rsdrv2 ssmdrv Tcpip For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -------------- The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------- DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} ----------------------------- [ valjan @ 11.12.2009. 10:24 ] @
Otvori command prompt, (Start > Run pa kucaj "cmd" i pritsni Enter), pa u njemu kucaj "sc queryex state= all > c:\procesi.txt" i iskopiraj nam taj procesi.txt. Obrati paznju da prvi deo "sc queryex state= all >" kucas bas tako, sa razmacima bas na tim mestima, a umesto c:\procesi.txt mozes odabrati bilo koji fajl na bilo kojoj lokaciji, samo je bitno da nam posle dostavis njegov sadrzaj. Onaj znak ">" oznacava da se rezultat komande "sc queryex state= all" nece ispisati na ekranu vec biti upisan u fajl koji si naveo iza znaka ">". Obrati paznju da ce sadrzaj tog fajla, ako vec postoji, biti obrisan i zamenjen rezultatom one operacije.
[ bykoki @ 11.12.2009. 10:54 ] @
Evo napravio sam!
[ kristi1 @ 11.12.2009. 11:39 ] @
Skini program http://www2.gmer.net/download.php na desktop
Pokreni ga i sacekaj malo dok zavrsi skreniranje, a zatim klikni na Scan Kad zavrsi skeniranje klikni na Save i sacuvaj log na desktop. Iskopiraj log u belom prozoru na ovom linku http://pastebin.com/ Klikni na send i iskopiraj link ovde na forum [ bykoki @ 11.12.2009. 12:10 ] @
Napravio sam, link je
http://pastebin.com/m2fcb61e0 [ kristi1 @ 11.12.2009. 12:18 ] @
Nema ovde nista sporno, skini sp3 i instaliraj da vidimo kako ce posle toga da se ponasa masina
http://www.softpedia.com/get/O...s-Updates/Windows-XP-SP3.shtml Pre nego skines sp3 odradi ovako Skini http://www.softpedia.com/get/S...dows-Worms-Doors-Cleaner.shtml Preuzmi ovaj program na desktop WWDC Pokreni ga i klikni na Button_e koji imaju ispred oznaku X u crvenom krugu. Kada ti ponudi restart, prihvati (pre restarta zatvori sve programe). Zapamti sta si selektovao da bi mogao da vratis na staro stanje ukoliko bude nekih smetnji. [ bykoki @ 11.12.2009. 12:31 ] @
Sad moram neka druga posla odradit, cujemo se kasnije! Hvala !
[ valjan @ 11.12.2009. 12:36 ] @
A kad stignes, u Command promptu otkucaj "tasklist /svc > c:\spisak.txt", pa nam onda okaci taj "spisak.txt" ovde. Zaboravih da ti napisem to u onom prethodnom postu, a jedna lista bez druge mi bas ne vrede mnogo.
[ bykoki @ 11.12.2009. 12:46 ] @
Gore sam vam okacio spisak.txt .
Skinuo sam wwdc, pokazivao je tri crvenaX, odradio sam to i restartovo se. Sad odo nemam vremena da skidam sp3 , cujemo se kasnije! [ Brandi_T @ 31.12.2009. 02:29 ] @
Nadam se da ce ovo neko skoro videti :)
Vec nekoliko dana mi se desava da mi se jednostavno komp ugasi , ode na stand by ili se restartuje ... jedina greska koju pronalazim u event Viewer je pod sistemom i glasi: DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Da li mozda zna neko da mi objasni o cemu se radi ukratko i kako da resim :) hvala unapred Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|