|
Poslao: 10 Dec 2007 16:30
|
offline
- Pridružio: 25 Mar 2007
- Poruke: 32
|
Logfile of HijackThis v1.99.1
Scan saved at 15:46:30, on 12/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NSP\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - euras.com/euras/activex2/euras.CAB
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Dopuna: 10 Dec 2007 16:30
evo ponovo nisam preimenovao program a inace internet konekcija je adsl 1mbLogfile of HijackThis v1.99.1
Scan saved at 16:26:10, on 12/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\NSP\Desktop\mira.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - euras.com/euras/activex2/euras.CAB
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
|
|
|
|
|
|
|
Poslao: 10 Dec 2007 17:25
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Cek, po cemu to zakljucujes da je usporen rad na mrezi? Imas li konkretnih primera?
Dalje, a jako bitno, Windows XP SP1 je busan kao sira, tako da nema bas puno smisla da ga cistis jer ces se inficirati posle par minuta na internetu.
Pod hitno instaliraj Windows XP SP2.
|
|
|
|
|
|
|
Poslao: 10 Dec 2007 17:34
|
offline
- Pridružio: 25 Mar 2007
- Poruke: 32
|
postovani bobby znam da je tako ali mi je to pomocna masina na 450mhz tako da neznam da li bi uopste to radilo sa SP2 a inace simptom je da recimo Yahoo i vecinu sajtova koje ja koristim B92 i sl. vazdan otvara i ne otvori skroz.Znam da nisam nista instaliro sa mreze, komp koristim za ucesce na forumima i radio je bas brzo sada nije takav
|
|
|
|
|
|
|
|
|
Poslao: 10 Dec 2007 17:47
|
offline
- Pridružio: 25 Mar 2007
- Poruke: 32
|
kad kliknem na link pise upozorenje da postoji maliciozni kod sa zutim trouglom
|
|
|
|
|
|
|
|
|
Poslao: 10 Dec 2007 17:51
|
offline
- Pridružio: 25 Mar 2007
- Poruke: 32
|
ne to je u dijalogu gde treba da pocnem skidanje programa
|
|
|
|
|
|
|
|
|
Poslao: 10 Dec 2007 18:15
|
offline
- Pridružio: 25 Mar 2007
- Poruke: 32
|
skinuo sam ali nece da startije kaze is not a valid Win 32 aplikacion
Dopuna: 10 Dec 2007 18:15
evo radi drugi link,ComboFix 07-12-09.1 - NSP 2007-12-10 18:08:01.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.65 [GMT 1:00]
Running from: C:\Documents and Settings\NSP\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\winsys.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.
2007-11-26 19:10 . 2007-11-26 19:10 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-11-26 13:05 . 1996-07-21 18:05 4,643,908 --a------ C:\WINDOWS\GIRLY$0.JAF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 07:50 --------- d-----w C:\Program Files\PonyProg2000
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-17 15:50]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-01-10 02:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2001-08-23 12:00 C:\WINDOWS\system32\rundll32.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys
R3 iadusb;MT882;C:\WINDOWS\System32\DRIVERS\glauiad.sys
S3 DLPortIO;DriverLINX Port I/O Driver;\??\C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-12-10 18:10:17
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-10 18:11:13
.
--- E O F ---
|
|
|
|
|
|
|
|
