Poslao: 29 Sep 2007 14:27
|
offline
- Pridružio: 05 Maj 2006
- Poruke: 86
|
uradio sam to u gmer-u sto si mi napisao i iskopirao izvestaje i tamo pise da su mi se iskopirali u clipboard ja neznam gde je to a i uvopste mi se nisu pojavljivali izvestaji u notepad-u da mogu normalno da ih iskopiram?sta treba da uradim
|
|
|
|
Poslao: 29 Sep 2007 14:34
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Kada završiš skeniranje, klikneš na Copy i onda otvoriš Notepad - tamo desni klik pa Paste i onda sačuvaš taj file.
To ponoviš za oba skeniranja a zatim ta dva file-a iskopiraš ovde.
|
|
|
|
Poslao: 30 Sep 2007 18:26
|
offline
- Pridružio: 05 Maj 2006
- Poruke: 86
|
ovako...uradio sam HJT log i izbrisao one filove...uradio sam ono skeniranje u gmer-u i dobio ovo:
|
|
|
|
Poslao: 30 Sep 2007 18:30
|
offline
- Pridružio: 05 Maj 2006
- Poruke: 86
|
file1.txt.
GMER 1.0.13.12551 - gmer.net
Rootkit scan 2007-09-30 17:54:16
Windows 5.1.2600 Service Pack 2
....
....
....
|
|
|
|
Poslao: 30 Sep 2007 18:46
|
offline
- Pridružio: 05 Maj 2006
- Poruke: 86
|
file2.txt.
GMER 1.0.13.12551 - gmer.net
Autostart scan 2007-09-30 16:25:02
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AVP /*Kaspersky Anti-Virus 7.0*/@ = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r
BOCore /*BOCore*/@ = C:\Program Files\Comodo\CBOClean\BOCORE.exe
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
IISADMIN /*IIS Admin*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
McAfee HackerWatch Service /*McAfee HackerWatch Service*/@ = "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
McProxy /*McAfee Proxy Service*/@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\mcrdsvc.exe
McRedirector /*McAfee Redirector Service*/@ = c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
MSFtpsvc /*FTP Publishing*/@ = %SystemRoot%\system32\inetsrv\inetinfo.exe
MSMQ /*Message Queuing*/@ = C:\WINDOWS\system32\mqsvc.exe
MSMQTriggers /*Message Queuing Triggers*/@ = C:\WINDOWS\system32\mqtgsvc.exe
MSSQL$MSSMLBIZ /*SQL Server (MSSMLBIZ)*/@ = "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
MSSQL$SONY_MEDIAMGR /*MSSQL$SONY_MEDIAMGR*/@ = C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR /*file not found*/
pr2akdnc /*You Are Empty Drivers Auto Removal (pr2akdnc)*/@ = %SystemRoot%\system32\pr2akdnc.exe svc
SMTPSVC /*Simple Mail Transport Protocol (SMTP)*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
SNMP /*SNMP Service*/@ = %SystemRoot%\System32\snmp.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
SQLBrowser /*SQL Server Browser*/@ = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SQLWriter /*SQL Server VSS Writer*/@ = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SurferService /*AutomatedSurfer*/@ = C:\WINDOWS\system32\srvany.exe
W3SVC /*World Wide Web Publishing*/@ = %SystemRoot%\system32\inetsrv\inetinfo.exe
WMPNetworkSvc /*Windows Media Player Network Sharing Service*/@ = C:\Program Files\Windows Media Player\WMPNetwk.exe
x10nets /*X10 Device Network Service*/@ = C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@HDAudDeckC:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 /*file not found*/ = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 /*file not found*/
@AntivirusRegistrationC:\Program Files\CA\Etrust Antivirus\Register.exe = C:\Program Files\CA\Etrust Antivirus\Register.exe
@CHotkeymHotkey.exe = mHotkey.exe
@ledpointerCNYHKey.exe = CNYHKey.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Windows Media Connect 2"C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet = "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet
@DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
@USBToolTip"C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" = "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@AVP"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@BOC-425C:\PROGRA~1\Comodo\CBOClean\BOC425.exe = C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@vEmotionC:\Program Files\freebird\vEmotion\vEmotion.exe /autorun /*file not found*/ = C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun /*file not found*/
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SweetIMC:\Program Files\Macrogaming\SweetIM\SweetIM.exe = C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{01b55afa-f451-474b-9e91-c35b24d02641} = C:\WINDOWS\system32\qrzsyr.dll /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{5a61f7a0-cde1-11cf-9113-00aa00425c62} /*IIS Shell Extension*/C:\WINDOWS\system32\inetsrv\w3ext.dll = C:\WINDOWS\system32\inetsrv\w3ext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus statistics*/C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll = C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar1.dll = c:\program files\google\googletoolbar1.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.yahoo.com = yahoo.com
@Start Pagehttp://www.yahoo.com = yahoo.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.yahoo.com = yahoo.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\Veljko\Start Menu\Programs\Startup >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
Yahoo! Widget Engine.lnk = Yahoo! Widget Engine.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Hurtigstart for Adobe Reader.lnk
---- EOF - GMER 1.0.13 ----
Dopuna: 30 Sep 2007 18:46
evo ga i log iz HTJ:
Logfile of HijackThis v1.99.1
Scan saved at 18:42:57, on 30.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\srvany.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Veljko\My Documents\Svastara\zastita\tr3.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [vEmotion] C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?9268bbeef1b24d1a93f4b6036ccb0e11
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?9268bbeef1b24d1a93f4b6036ccb0e11
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.coop.no
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\WINDOWS\system32\pr2akdnc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
a evo i rapport.txt. :
SmitFraudFix v2.232
Scan done at 19:37:38,26, 28.09.2007
Run from C:\Documents and Settings\Veljko\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"
[HKEY_CLASSES_ROOT\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter #2 - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 195.134.40.18
DNS Server Search Order: 195.134.40.14
Description: RCA USB Cable Modem - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 193.213.112.4
DNS Server Search Order: 130.67.15.198
DNS Server Search Order: 130.67.60.68
Description: VIA Rhine II Fast Ethernet Adapter #2 - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 193.213.112.4
DNS Server Search Order: 192.168.0.1
Description: RCA USB Cable Modem - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 195.134.40.18
DNS Server Search Order: 195.134.40.14
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21B48BF8-9C87-48E2-A255-D87EC536144E}: DhcpNameServer=193.213.112.4 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{265A2082-B337-469C-8805-D38368B42B7F}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E25966C-9ABD-49CB-95F3-9386EA6FEFBA}: DhcpNameServer=193.213.112.4 130.67.15.198 130.67.60.68
HKLM\SYSTEM\CCS\Services\Tcpip\..\{63CE27CF-33EF-44B3-8150-D51F7924D150}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21B48BF8-9C87-48E2-A255-D87EC536144E}: DhcpNameServer=193.213.112.4 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{265A2082-B337-469C-8805-D38368B42B7F}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E25966C-9ABD-49CB-95F3-9386EA6FEFBA}: DhcpNameServer=193.213.112.4 130.67.15.198 130.67.60.68
HKLM\SYSTEM\CS1\Services\Tcpip\..\{63CE27CF-33EF-44B3-8150-D51F7924D150}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CS3\Services\Tcpip\..\{21B48BF8-9C87-48E2-A255-D87EC536144E}: DhcpNameServer=193.213.112.4 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{265A2082-B337-469C-8805-D38368B42B7F}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5E25966C-9ABD-49CB-95F3-9386EA6FEFBA}: DhcpNameServer=193.213.112.4 130.67.15.198 130.67.60.68
HKLM\SYSTEM\CS3\Services\Tcpip\..\{63CE27CF-33EF-44B3-8150-D51F7924D150}: DhcpNameServer=195.134.40.18 195.134.40.14
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.213.112.4 130.67.15.198 130.67.60.68
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.213.112.4 130.67.15.198 130.67.60.68
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.213.112.4 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
imam i jedno pitanje...cesto mi se komp sam iskljuci sta bit o moglo prouzrokovati? da li je to zbog ovih virusa i gresaka ili???hvala jos jednom na svemu...
|
|
|
|
Poslao: 30 Sep 2007 18:53
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Molim te da proveriš da li si iskopirao kompletan file1.txt.
Čini mi se da nije kompletan.
|
|
|
|
Poslao: 30 Sep 2007 19:09
|
offline
- Pridružio: 05 Maj 2006
- Poruke: 86
|
fail zauzima mnogo pa ce morati da se salje iz sigurno 10 delova....sta da radim...da ga saljem tako ili???
|
|
|
|
Poslao: 30 Sep 2007 19:15
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Koristi opciju ''Prikači fajl'' da bi priložio file1.txt uz poruku.
|
|
|
|
|
Poslao: 30 Sep 2007 20:41
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pokreni HT, skeniraj i čekiraj sledeću liniju:
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
Zatvori IE a zatim klikni na Fix Checked.
-------------------------------
Obriši sledeće (file i folder):
C:\WINDOWS\system32\SurferClient.exe
C:\Program Files\Instant Messenger Names\
------------------------------
Isprati sledeća uputstva:
Iskljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
Restartuj kompjuter.
Ukljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
--------------------------------------------
I ovime smo gotovi.
Malware-a na tvome kompjuteru više nema.
Problemi koje pominješ su možda bili prouzrokovani malware-om, i ako je tako, onda se više neće ponavljati.
No, ukoliko se budu ponavljali, preporučujem da potražiš pomoć na forumima Hardver ili Windows.
|
|
|
|