computer check

computer check

offline
  • Pridružio: 04 Sep 2008
  • Poruke: 27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:19:37, on 5.9.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Trend Micro\HijackThis\1234.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ED8E72C-DDC5-466A-810B-6CFD1F983A97} - (no file)
O2 - BHO: (no name) - {1FE4BFC2-60DB-461C-B734-1D40F120299A} - C:\WINDOWS\system32\iifEvUOf.dll (file missing)
O2 - BHO: (no name) - {2662DD16-81EB-4E6E-920D-E8F17BCD2BDF} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {442812BE-AF00-410F-9D11-ECF5FCA3A9AE} - (no file)
O2 - BHO: (no name) - {4669B284-E933-44E2-A5AA-F13472CCD358} - (no file)
O2 - BHO: (no name) - {4A80D3C8-4A84-4BAF-9CB0-FD180E764064} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5805B766-30E0-4B67-89E0-3F0A2E3926B8} - C:\WINDOWS\System32\wvUoPiij.dll (file missing)
O2 - BHO: (no name) - {74E9CF62-1FC1-4599-838E-08266AE8A89A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {898A210A-4BC8-487D-B2D5-DDC1B0ABAE1C} - (no file)
O2 - BHO: (no name) - {8ED67CE2-1192-47B3-828B-10E6C2E375B6} - (no file)
O2 - BHO: (no name) - {8FA6F0ED-D8AD-43A3-9FDB-F739E30CDE2D} - C:\WINDOWS\System32\pmnliiHB.dll (file missing)
O2 - BHO: (no name) - {9747A6A4-8D16-4653-928D-02E9A36595F3} - (no file)
O2 - BHO: (no name) - {A1D2693D-39E9-4351-8488-924F2A2670B6} - C:\WINDOWS\System32\nnnlIXqq.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E06A92ED-51BF-47A2-9C3A-2DAEE241CA19} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: nqgpedlr - {136717A3-DA9A-4322-997B-25D0843942F8} - C:\DOCUME~1\Slaven\LOCALS~1\Temp\ac8zt2\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [8079d29a] rundll32.exe "C:\WINDOWS\System32\wntpkbdk.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifEvUOf - iifEvUOf.dll (file missing)
O21 - SSODL: okmdepgb - {1B8926B8-27DB-46C3-A7A4-83351CCB71A5} - C:\WINDOWS\okmdepgb.dll (file missing)
O21 - SSODL: axrfgvek - {1A1E97FB-CAFD-465B-B02A-09ACF9C318C7} - C:\WINDOWS\axrfgvek.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

--
End of file - 7680 bytes


sa ovog racunara je povucen program koji je startovao gamad na temi internet-privacy......bat

nesto sam cackao pa samo da vidim da li je bolje da reinstaliram windows sa SP2

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


U logu jesu vidljivi tragovi malware-a.

Citat:sa ovog racunara je povucen program koji je startovao gamad na temi internet-privacy......bat

nesto sam cackao pa samo da vidim da li je bolje da reinstaliram windows sa SP2


Ne razumem šta tačno pitaš.

offline
  • Pridružio: 04 Sep 2008
  • Poruke: 27

prvi problem... mycity.rs/Ambulanta/install-privacy-danger-bat.html
pomaze mi Bobby...

drugi problem je drugi racunar (izvor zaraze, vektor, ili kako da ga vec nazovem) ciji sam log pustio ovde.

moje pitanje je. Da li da reinstaliram windows sa SP2 ili da probam da ga cistim...

skinuo sam Search & Destroy, boot sken, nasao sve i svasta pobrisao, pustio boot scan Avasta, nasao sve i svasta i sklonio u chest, a zatim uradio log i pustio ga ovde...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Možemo mi ovo očistiti (ili bar pokušati - ko zna šta sve tu ima), ali bez instaliranog SP3 (ili bar SP2) skupićeš nešto već pri idućem spajanju na internet.

Mislim (ustvari, siguran sam) da bi obojica gubili vreme.

offline
  • Pridružio: 04 Sep 2008
  • Poruke: 27

hm ok... ide instalacija winxp sp2...
hvala na utrosenom vremenu

Ko je trenutno na forumu
 

Ukupno su 1104 korisnika na forumu :: 53 registrovanih, 9 sakrivenih i 1042 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, babaroga, Bobrock1, Boris90, cemix, CrazyDiablo, damirZR, Dannyboy, Darko8, Denaya, dolinalima, Dorcolac, DPera, dule10savic, Hans Gajger, HrcAk47, ikan, ivan1973, jukeboxer, Koja79, kovinacc, Kubovac, kunktator, kybonacci, Leonov, Marko Marković, mercedesamg, milenko crazy north, milimoj, Millennium, MrNo, Naum T, ObicanUser, ostoja, ozzy, Panter, pein, powSrb, predragc, sasa87, savaskytec, ser.hill, sevenino, Sir Budimir, styg, tomigun, Tvrtko I, vathra, virked, Volkhov-M, Wrangler