Spyware threat has been detected on your PC.Molim za pomoc.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sinoc mi je odjednom pocelo da izbacuje neka upozorenja sa desne strane dole gde se nalazi volume i moj desktop se ceo izmenio,podloga mi je skroz plava na dekstopu i pise:
Spyware threat had been detected on your PC.
Your computer has several fatal errors due to spyware activity.
It is strongly recommended to istall an antispyware software to close all
security vulnerabilities.
Antispyware software helps protect your PC against spyware and other
security threats.
UPDATE YOUR ANTISPAWARE PROTECTION
Bio bih zahvalan za pomoc.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:42, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\dexon\Desktop\New Folder\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: getfn32.msiets - {21A237A4-3A94-4198-911D-647ED2263DD2} - C:\WINDOWS\system32\getfn32.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {E71F5184-35A9-3C29-99D1-B72C4506A596} - C:\WINDOWS\system32\mws77814.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GWVP Agent] C:\WINDOWS\system32\28463\GWVP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VampCenter] C:\PROGRAM FILES\VAMP\\vampcenter.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6044 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Pre svega, zašto na tvom računaru nije instaliran neki AV program?
Nije problem da očistimo tvoj računar, ali ima li svrhe čistiti ga kada će bez AV-a za vrlo kratko vreme opet biti inficiran?

-------------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Cim sredim ovu zarazu pod obavezno instaliram AV zeznuo sam se...
mislio sam da moze i bez toga da se surfuje ali pokazalo se obrnuto a i imam mladjeg brata i koristimo zajedno internet na istom kompjuteru tako da cu ubuduce da ga upozorim za sajtove...a i obavezno cu da nabavim AV!Hvala za pomoc tebra!Evo ovaj text:
ComboFix 08-11-21.05 - dexon 2008-11-22 12:33:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.83 [GMT 0:00]
Running from: C:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\default.htm
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\GWVP.001
c:\windows\system32\28463\GWVP.002
c:\windows\system32\28463\GWVP.006
c:\windows\system32\28463\GWVP.007
c:\windows\system32\28463\GWVP.exe
c:\windows\system32\rk.bin
c:\windows\system32\rlls.dll
c:\windows\system32\rlvknlg.exe
c:\windows\system32\smwin32.dll
c:\windows\system32\uesiuqcr.exe

----- BITS: Possible infected sites -----

hxxp://www.accesspornovideo.net
hxxp://accesspornovideo.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-22 12:27 . 2008-11-22 12:27 3,051,752 -ra------ C:\ComboFix.exe
2008-11-22 11:44 . 2008-11-22 11:44 <DIR> d-------- C:\defaults
2008-11-22 11:44 . 2008-11-22 11:44 <DIR> d-------- C:\chrome
2008-11-22 11:44 . 2008-07-16 23:02 2,491 --a------ C:\install.rdf
2008-11-22 11:42 . 2008-11-22 11:42 84,175 --a------ C:\tamper_data-10.1.0-fx.zip
2008-11-22 00:08 . 2008-11-22 00:37 1,965 --a------ C:\default.htm
2008-11-21 23:52 . 2008-11-22 08:22 14,848 --a------ c:\windows\system32\getfn32.dll
2008-11-21 23:51 . 2008-11-21 23:51 176,128 --a------ c:\windows\system32\ws77814.dll
2008-11-21 23:51 . 2008-11-21 23:51 176,128 --a------ c:\windows\system32\mws77814.dll
2008-11-21 23:50 . 2008-11-22 10:56 <DIR> d-------- c:\windows\cfig
2008-11-21 19:55 . 2008-11-21 19:53 34,530 --a------ C:\tf_badge_2.gif
2008-11-21 19:19 . 2008-11-21 19:19 <DIR> d-------- c:\documents and settings\dexon\Phone Browser
2008-11-21 18:40 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-11-21 18:39 . 2008-11-21 19:27 <DIR> d-------- c:\documents and settings\dexon\Application Data\Nokia
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-21 18:38 . 2008-11-21 18:39 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-21 18:38 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\dexon\Application Data\PC Suite
2008-11-21 18:37 . 2008-11-21 18:38 <DIR> d-------- c:\program files\Nokia
2008-11-21 18:37 . 2007-02-22 10:15 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-21 18:36 . 2008-11-21 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-11 17:32 . 2008-11-11 17:32 3,649,964 --a------ C:\Beogradski Sindikat - Novo svetsko cudo (live).mp3
2008-11-07 07:08 . 2008-11-07 07:08 7,978 --a------ C:\katarina ii - jesen demo 1982.htm
2008-11-06 03:20 . 2008-11-06 03:20 84,779,008 --a------ C:\ekv-1.flv
2008-11-02 01:58 . 2008-11-02 01:58 304,957 --a------ C:\hjsplit.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:00 2,400,784 ----a-w C:\WLinstaller.exe
2008-11-22 00:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 00:28 --------- d-----w c:\program files\Trojan Remover
2008-11-04 03:52 --------- d-----w c:\documents and settings\dexon\Application Data\uTorrent
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 16:29 --------- d-----w c:\program files\Ahead
2008-10-19 14:03 5,033,984 ----a-w c:\program files\nero5003.exe
2008-10-19 14:03 283,648 ----a-w c:\windows\uninst.exe
2008-10-07 16:03 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-05 21:22 --------- d-----w c:\program files\DVDVideoSoft
2008-10-05 21:22 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-10-05 21:22 --------- d-----w c:\program files\AskSearch
2008-10-05 21:22 --------- d-----w c:\program files\AskBarDis
2008-10-05 21:21 7,983,806 ----a-w C:\Free3GPVideoConverter.exe
2008-10-05 21:18 --------- d-----w c:\program files\Winamp
2008-10-01 21:05 --------- d-----w c:\documents and settings\dexon\Application Data\Yahoo!
2008-10-01 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-01 20:51 --------- d-----w c:\program files\Windows Live
2008-10-01 20:50 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-01 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-30 21:27 360,702 ----a-w C:\SweetImSetup.exe
2008-09-25 19:28 --------- d-----w c:\program files\Online TV Player 4
2008-09-23 22:19 --------- d-----w c:\program files\Winamp Remote
2008-09-21 18:22 1,710,070 ----a-w C:\tvplayer4[1].6.0.0.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21A237A4-3A94-4198-911D-647ED2263DD2}]
2008-11-22 08:22 14848 --a------ c:\windows\system32\getfn32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E71F5184-35A9-3C29-99D1-B72C4506A596}]
2008-11-21 23:51 176128 --a------ c:\windows\system32\mws77814.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"VampCenter"="c:\program files\VAMP\\vampcenter.exe" [2007-08-21 114688]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1234312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera 9.5 beta\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-GWVP Agent - c:\windows\system32\28463\GWVP.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\dexon\Application Data\Mozilla\Firefox\Profiles\cmci6i3f.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-22 12:39:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-22 12:45:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-22 12:44:18

Pre-Run: 1,533,837,312 bytes free
Post-Run: 3,565,240,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

180 --- E O F --- 2008-11-13 03:04:11

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam pitanje vezano za ovaj fajl:
c:\program files\nero5003.exe

Znaš li o čemu se radi?
Da li je to installer za Nero (koji si TI postavio), ili ne znaš odakle to tu?

Takođe, šta je sa ovim fajlom:
C:\default.htm
?

------------------------------------------

- Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\getfn32.dll
c:\windows\system32\ws77814.dll
c:\windows\system32\mws77814.dll

DirLook::
c:\windows\cfig

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21A237A4-3A94-4198-911D-647ED2263DD2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E71F5184-35A9-3C29-99D1-B72C4506A596}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

- Takođe, postavi mi i svež HijackThis log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Taj nero sam ja bio skinuo trebao mi da rezem dikove nisam imao nero ubacen u komp pa sam guglao i skinuo ga sa nekog sajta...
A ovaj drugi fajl sad sam bio kliknuo na njega i otvorio mi je na operi ono sto mi je bilo na dektopu sto sam napisao u prvoj poruci...
ComboFix 08-11-21.05 - dexon 2008-11-22 15:11:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.82 [GMT 0:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\documents and settings\dexon\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\getfn32.dll
c:\windows\system32\mws77814.dll
c:\windows\system32\ws77814.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\getfn32.dll
c:\windows\system32\mws77814.dll
c:\windows\system32\ws77814.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-22 14:57 . 2008-11-22 15:01 <DIR> d-------- c:\program files\FriendBlasterPro
2008-11-22 14:57 . 2008-11-22 14:57 685,056 --a------ c:\windows\isRS-000.tmp
2008-11-22 14:57 . 2005-07-15 12:49 245,760 --a------ c:\windows\system32\aUpdateNow.ocx
2008-11-22 14:57 . 2000-05-22 00:00 140,488 --a------ c:\windows\system32\COMDLG32.OCX
2008-11-22 14:57 . 2004-03-08 18:00 132,880 --a------ c:\windows\system32\msinet.ocx
2008-11-22 14:57 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-11-22 14:56 . 2008-11-22 14:56 2,543,800 --a------ C:\friendblasterpro_v10_2_0.zip
2008-11-22 12:27 . 2008-11-22 12:27 3,051,752 -ra------ C:\ComboFix.exe
2008-11-22 11:44 . 2008-11-22 11:44 <DIR> d-------- C:\defaults
2008-11-22 11:44 . 2008-11-22 11:44 <DIR> d-------- C:\chrome
2008-11-22 11:44 . 2008-07-16 23:02 2,491 --a------ C:\install.rdf
2008-11-22 11:42 . 2008-11-22 11:42 84,175 --a------ C:\tamper_data-10.1.0-fx.zip
2008-11-22 00:08 . 2008-11-22 00:37 1,965 --a------ C:\default.htm
2008-11-21 23:50 . 2008-11-22 10:56 <DIR> d-------- c:\windows\cfig
2008-11-21 19:55 . 2008-11-21 19:53 34,530 --a------ C:\tf_badge_2.gif
2008-11-21 19:19 . 2008-11-21 19:19 <DIR> d-------- c:\documents and settings\dexon\Phone Browser
2008-11-21 18:40 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-11-21 18:39 . 2008-11-21 19:27 <DIR> d-------- c:\documents and settings\dexon\Application Data\Nokia
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-21 18:38 . 2008-11-21 18:39 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-21 18:38 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\dexon\Application Data\PC Suite
2008-11-21 18:37 . 2008-11-21 18:38 <DIR> d-------- c:\program files\Nokia
2008-11-21 18:37 . 2007-02-22 10:15 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-21 18:36 . 2008-11-21 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-11 17:32 . 2008-11-11 17:32 3,649,964 --a------ C:\Beogradski Sindikat - Novo svetsko cudo (live).mp3
2008-11-07 07:08 . 2008-11-07 07:08 7,978 --a------ C:\katarina ii - jesen demo 1982.htm
2008-11-06 03:20 . 2008-11-06 03:20 84,779,008 --a------ C:\ekv-1.flv
2008-11-02 01:58 . 2008-11-02 01:58 304,957 --a------ C:\hjsplit.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:00 2,400,784 ----a-w C:\WLinstaller.exe
2008-11-22 00:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 00:28 --------- d-----w c:\program files\Trojan Remover
2008-11-04 03:52 --------- d-----w c:\documents and settings\dexon\Application Data\uTorrent
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 16:29 --------- d-----w c:\program files\Ahead
2008-10-19 14:03 5,033,984 ----a-w c:\program files\nero5003.exe
2008-10-19 14:03 283,648 ----a-w c:\windows\uninst.exe
2008-10-07 16:03 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-05 21:22 --------- d-----w c:\program files\DVDVideoSoft
2008-10-05 21:22 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-10-05 21:22 --------- d-----w c:\program files\AskSearch
2008-10-05 21:22 --------- d-----w c:\program files\AskBarDis
2008-10-05 21:21 7,983,806 ----a-w C:\Free3GPVideoConverter.exe
2008-10-05 21:18 --------- d-----w c:\program files\Winamp
2008-10-01 21:05 --------- d-----w c:\documents and settings\dexon\Application Data\Yahoo!
2008-10-01 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-01 20:51 --------- d-----w c:\program files\Windows Live
2008-10-01 20:50 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-01 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-30 21:27 360,702 ----a-w C:\SweetImSetup.exe
2008-09-25 19:28 --------- d-----w c:\program files\Online TV Player 4
2008-09-23 22:19 --------- d-----w c:\program files\Winamp Remote
2008-09-21 18:22 1,710,070 ----a-w C:\tvplayer4[1].6.0.0.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\cfig ----

2008-11-17 19:27 66064 --a------ c:\windows\cfig\lsass.exe


((((((((((((((((((((((((((((( snapshot@2008-11-22_12.41.35.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-12-31 12:00:00 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-23 14:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"VampCenter"="c:\program files\VAMP\\vampcenter.exe" [2007-08-21 114688]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1234312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera 9.5 beta\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-22 15:13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-22 15:15:00
ComboFix-quarantined-files.txt 2008-11-22 15:14:25
ComboFix2.txt 2008-11-22 12:45:11

Pre-Run: 3,507,355,648 bytes free
Post-Run: 3,540,516,864 bytes free

153 --- E O F --- 2008-11-13 03:04:11

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uplaoduj mi sledeće file-ove na proveru:

c:\windows\system32\aUpdateNow.ocx
c:\windows\isRS-000.tmp
c:\windows\system32\VB6STKIT.DLL

Upload link: http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uplaoduvao sam ti:
c:\windows\system32\aUpdateNow.ocx
c:\windows\system32\VB6STKIT.DLL
Ali ovaj sto si mi dao file u sredini sam trazio jedno desetak puta i nema ga uopste kao da ne postoji...c:\windows\isRS-000.tmp taj file nikako ne mogu da nadjem...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izbriši sledeći fajl/folder ->
C:\default.htm
C:\windows\cfig

Isključi Active desktop na sledeći način ->
Desni klik na Desktop -> Properties -> Desktop -> Customize Desktop -> Web -> i u delu Web Pages odštikliraj ono što želis da isključiš...


Kada sve to uradiš, napiši kakvo je sada stanje...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odredeo sam sve po uputstvima koja si mi dao i mogu ti reci da je stanje na od nosu kako je bilo sada perfektno...imam malo problema kada idem na net i otvaram neku stranicu ne otvara mi tako brzo kao pre i cujem neki zvuk slican suskanju u kucistu...to je verovatno zbog ovog sto sam bio zapatio pa se oporavlja sad...U svakom slucaju ono upozorenje mi se vise ne pojavljuje i izvanredno je sad...Hvala ti pun druze,cenim ovaj tvoj gest i trud...zaista ti veliko HVALA!RESPECT!Zamolio bih te samo ako imas neki sajt za neki antivirus da mi das da ga odmah skinem i instaliram
da ne bih opet nesto tako slicno zapatio...pozdrav!

Dopuna: 24 Nov 2008 0:15

Zaboravio sam jos nesto da ti kazem
Sa vremena na vreme mi izbacuje sa desne strane dole gde se nalazi volume,pojavi se zuti trouglic a na njemu pise:virtual memory mimimal too low!Da li znas zbog cega mi to izbacuje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Što se tiče Antivirusa, sa te strane moram da budem neutralan.
Možeš instalirati neki besplatni, na tebi je da odlučiš.
Pogledaj malo forume Zaštita od virusa i Antivirus programi, bilo je dosta priče o tome...

Virtual Memory Too Low ->
Treba da povećaš virtuelnu memoriju. Uradićeš to na sledeći način:
Desni klik na My Computer -> Properties -> tab Advanced -> izabereš Settings u okviru Perfomance labele -> tab Advanced -> u labeli Virtual Memory imaš dugme Change (pritiskom na njega će da ti se otvori prozor u kome možeš da promeniš vrednost za VM - preporučuje se da to bude duplo veće nego što imaš RAM memorije).

Na kraju, ostaje nam da deinstaliramo ComboFix ->
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Na tvom računaru nema više tragova malware-a. Ukoliko imaš još neki problem, možeš otvoriti temu u Windows forumu...

To je sve...