MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Kompjuter se sam restarta

[bobby] Kompjuter se sam restarta

Napisano na dan: 24.1.2009

[bobby] Kompjuter se sam restarta

Sledeća strana

Pagination

Odgovori

dreamer050 Poslao: 24 Jan 2009 17:56 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobar dan! Trebala bih savjet u vezi kompjutera moje prijateljice. Čim pokušamo otvoriti bilo kakav program, ili instalirati (HijackThis ili sl.), kompjuter se odmah sam restarta. Bilo da se Windowsi otvaraju normalno, bilo u Safe Modu. Inače, kompjuter nije konektiran na internet (uopće) i podaci se u njega unose isključivo preko USB-a. Ima li tko kakvu ideju o čemu se radi (virus?) i kako je dospio u kompjuter, za ubuduće? Može li se virus unijeti u kompjuter sa CD-a (ako bude potrebna reinstalacija, mogu li se bezopasnosti spremiti na CD podaci koji su trenutno u kompjuteru?). Puno hvala i srdačan pozdrav! Dopuna: 24 Jan 2009 17:56 Evo i log od Combofixa. Njega smo jedino uspjeli instalirati. ComboFix 09-01-21.04 - TINA 2009-01-24 17:40:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.191.37 [GMT 1:00] Running from: E:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Local Settings\Application Data\inetinfo.exe c:\documents and settings\NetworkService\Local Settings\Application Data\lsass.exe c:\documents and settings\NetworkService\Local Settings\Application Data\services.exe c:\documents and settings\NetworkService\Local Settings\Application Data\winlogon.exe c:\documents and settings\TINA\Local Settings\Application Data\inetinfo.exe c:\documents and settings\TINA\Local Settings\Application Data\lsass.exe c:\documents and settings\TINA\Local Settings\Application Data\services.exe c:\documents and settings\TINA\Local Settings\Application Data\winlogon.exe c:\documents and settings\TINA\ravmonlog c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe c:\windows\knight.exe c:\windows\recover.reg E:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-23 15:49 . 2009-01-23 15:49 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-23 15:18 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe 2009-01-23 15:18 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf 2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-23 14:08 . 2009-01-23 14:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 14:08 . 2009-01-23 14:08 <DIR> d-------- c:\documents and settings\TINA\Application Data\Malwarebytes 2009-01-23 14:08 . 2009-01-23 14:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 14:08 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 14:08 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 07:09 42,713 ---h--w c:\windows\eksplorasi.exe 2009-01-17 07:09 42,713 ----a-w c:\windows\system32\TINA's Setting.scr 2009-01-17 07:09 42,713 ----a-w c:\windows\system32\System's Setting.scr 2009-01-17 07:09 42,713 ----a-w C:\Brengkolang.com 2009-01-09 18:18 --------- d-----w c:\program files\Microsoft Picture It! 10 2008-10-04 18:08 50,248 ----a-w c:\documents and settings\TINA\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- 2004-08-04 08:56 666624 aa91579c55b499080a90b6b3fe28a32a c:\windows\system32\wininet.dll 2004-08-04 08:56 666624 aa91579c55b499080a90b6b3fe28a32a c:\windows\system32\dllcache\wininet.dll 2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\XPize\Backup\wininet.dll 2004-08-04 08:56 949760 9d0ea3c6eac49b36e329527ec25b748c c:\windows\explorer.exe 2004-08-04 08:56 949760 9d0ea3c6eac49b36e329527ec25b748c c:\windows\system32\dllcache\explorer.exe 2004-08-04 08:56 1032192 a0732187050030ae399b241436565e64 c:\windows\XPize\Backup\explorer.exe 2004-08-04 08:56 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\ctfmon.exe 2004-08-04 08:56 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\dllcache\ctfmon.exe 2004-08-04 08:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\XPize\Backup\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 61952] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "Tok-Cirrhatus"="c:\documents and settings\TINA\Local Settings\Application Data\smss.exe" [2009-01-17 42713] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-10-23 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-23 688218] "STDSB"="c:\windows\system32\drivers\STDSB.exe" [2005-10-23 28672] "Icon"="c:\windows\system32\drivers\Icon.exe" [2005-10-23 221184] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "Bron-Spizaetus"="c:\windows\ShellNew\sempalong.exe" [2009-01-17 42713] "SoundMan"="SOUNDMAN.EXE" [2005-10-23 c:\windows\SOUNDMAN.EXE] "VTTimer"="VTTimer.exe" [2005-10-23 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-10-23 c:\windows\system32\VTTrayp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208] "Tok-Cirrhatus"="c:\documents and settings\NetworkService\Local Settings\Application Data\smss.exe" [2009-01-17 42713] c:\documents and settings\NetworkService\Start Menu\Programs\Startup\ Empty.pif [2009-01-17 42713] c:\documents and settings\TINA\Start Menu\Programs\Startup\ Empty.pif [2009-01-17 42713] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe \"c:\windows\eksplorasi.exe\"" "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18429:TCP"= 18429:TCP:NortonAV "17195:TCP"= 17195:TCP:NortonAV "12450:TCP"= 12450:TCP:NortonAV "13427:TCP"= 13427:TCP:NortonAV "16628:TCP"= 16628:TCP:NortonAV "17526:TCP"= 17526:TCP:NortonAV "12383:TCP"= 12383:TCP:NortonAV "13085:TCP"= 13085:TCP:NortonAV "17338:TCP"= 17338:TCP:NortonAV "18218:TCP"= 18218:TCP:NortonAV "16765:TCP"= 16765:TCP:NortonAV "17297:TCP"= 17297:TCP:NortonAV "15299:TCP"= 15299:TCP:NortonAV "14104:TCP"= 14104:TCP:NortonAV "14352:TCP"= 14352:TCP:NortonAV "15458:TCP"= 15458:TCP:NortonAV "15131:TCP"= 15131:TCP:NortonAV "13528:TCP"= 13528:TCP:NortonAV "12059:TCP"= 12059:TCP:NortonAV "12641:TCP"= 12641:TCP:NortonAV "17607:TCP"= 17607:TCP:NortonAV "12166:TCP"= 12166:TCP:NortonAV "15428:TCP"= 15428:TCP:NortonAV "18121:TCP"= 18121:TCP:NortonAV "16926:TCP"= 16926:TCP:NortonAV "12146:TCP"= 12146:TCP:NortonAV "13985:TCP"= 13985:TCP:NortonAV "15741:TCP"= 15741:TCP:NortonAV "13931:TCP"= 13931:TCP:NortonAV "14787:TCP"= 14787:TCP:NortonAV "14468:TCP"= 14468:TCP:NortonAV "15177:TCP"= 15177:TCP:NortonAV R4 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2008-03-22 11279] S4 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [2008-03-22 11279] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13773185-fdbb-11dc-94fa-0011f592c8ec}] \Shell\auto\command - F:\Knight.exe open \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - F:\Knight.exe open \Shell\find\command - F:\Knight.exe open \Shell\install\command - F:\Knight.exe open \Shell\open\command - F:\Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1902702a-f823-11dc-94f5-0011f592c8ec}] \Shell\auto\command - E:\Knight.exe open \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - E:\Knight.exe open \Shell\find\command - E:\Knight.exe open \Shell\install\command - E:\Knight.exe open \Shell\open\command - E:\Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f446a5-a6bd-11dd-954c-0011f592c8ec}] \Shell\auto\command - E:\Knight.exe open \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - E:\Knight.exe open \Shell\find\command - E:\Knight.exe open \Shell\install\command - E:\Knight.exe open \Shell\open\command - E:\Knight.exe open . Contents of the 'Scheduled Tasks' folder 2009-01-24 c:\windows\Tasks\At1.job - c:\documents and settings\TINA\Templates\Brengkolang.com [2009-01-17 08:09] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.cyberlink.com.tw/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=2.55&Cd_Key=DV3734599EF37520&Company=t&FName=TINA&Lang=Enu uInternet Settings,ProxyOverride = .local IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-24 17:45:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\cscui.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\slmdmsr.exe c:\program files\iPod\bin\iPodService.exe c:\qoobox\Quarantine\C\Documents and Settings\TINA\Local Settings\Application Data\winlogon.exe.vir.lnk c:\qoobox\Quarantine\C\Documents and Settings\TINA\Local Settings\Application Data\services.exe.virbf-11d0-94f2-00a0c91efb8b} c:\qoobox\Quarantine\C\Documents and Settings\TINA\Local Settings\Application Data\lsass.exe.virFiles\Content.IE5\desktop.ini . ************************************************************************ . Completion time: 2009-01-24 17:48:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-24 16:48:47 Pre-Run: 32.603.955.200 bytes free Post-Run: 32,609,165,312 bytes free 213

Profil

bobby Poslao: 24 Jan 2009 17:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uh, uh, uh. Trebace mi 5-10 minuta da ti pripremim skriptu za ComboFix. Ovaj racunar je zarazen bas preko USB stickova.

Profil

bobby Poslao: 24 Jan 2009 18:10 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini i pokreni sledeci program: http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe ================================= Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\TINA's Setting.scr c:\windows\system32\System's Setting.scr C:\Brengkolang.com c:\documents and settings\TINA\Local Settings\Application Data\smss.exe c:\windows\ShellNew\sempalong.exe c:\documents and settings\NetworkService\Start Menu\Programs\Startup\Empty.pif c:\documents and settings\TINA\Start Menu\Programs\Startup\Empty.pif c:\windows\eksplorasi.exe c:\windows\Tasks\At1.job c:\documents and settings\TINA\Templates\Brengkolang.com Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tok-Cirrhatus"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bron-Spizaetus"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Tok-Cirrhatus"=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"= 0 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe" Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ================================ - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

dreamer050 Poslao: 24 Jan 2009 19:24 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uh... Ne možemo ni pokrenuti prvi program. Izbacuje nam se prozor da je onemogućeno mijenjanje bilo čega u registriju. Sa CFScriptom smo napravili što piše, ali se nije pojavio log- Je li to u redu? Kako da postavimo "uređivanje, popravljanje" registrija na "Enable"? HVALA VAM PUNO! Dopuna: 24 Jan 2009 19:24 U stvari, više ne pokreće ni Combofix. Zato nema loga... I zato nema promjena. Što sad?

Profil

bobby Poslao: 24 Jan 2009 23:51 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix odavde: http://amf.mycity.rs/programs/mirrored/C-F.exe Onda odradi ono kao sto sam opisao u prethodnoj poruci.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Kompjuter se sam restarta

Ko je trenutno na forumu

Ukupno su 1000 korisnika na forumu :: 42 registrovanih, 8 sakrivenih i 950 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, Bubimir, comi_pfc, DENIRO, Dogma21, Dorcolac, Excalibur13, Faki-Valjevo, hyla, ikan, Krusarac, Mad Serb, madza, milenko crazy north, MiroslavD, opt1, Oscar, Panonsky, pedjolino76, pein, proka89, raf87, rajkoplje, Regrut Boskica, S2M, Sirius, skvara, sombrero, Srle993, stegonosa, vathra, vladas87, Vladko, voja64, wolf431, YugoSlav, zdrebac, zillbg, |_MeD_|, šumar bk2, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by