Antyspyware program se sam instalirao ?!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Prvo je pocelo tako sto mi je prijavio na zuti trougao iznad ovo sto je na slici 1 a onda sam u all programs nasao spycrash 3.2 program (slika 2). Sajt koji se vidi na slici 2 nikad nisam posetio. Taman kad sam hteo da postavim temu izasao mi je onaj zastrasujuci kvadrat koji pokazuje da je zarazen komp (slika 3).


SLika 1 - https://www.mycity.rs/must-login.png

Slika 2 - https://www.mycity.rs/must-login.png

Slika 3 - https://www.mycity.rs/must-login.png

Evo moj Hijack file:




Logfile of HijackThis v1.99.1
Scan saved at 2:55:32 AM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\SpyCrush 3.2\SpyCrush 3.2.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ivanhoe\Desktop\lopov\pera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gradnis.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ACA Capture - {93C69D87-A11D-4FFC-BC56-BE7EE0D235BA} - D:\Program Files\ACASystems\ACACapturePro\scap003p.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ysicp] C:\Program Files\Instant Color Picker\icp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - D:\Program Files\ACASystems\ACACapturePro\SCapPro.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - D:\Program Files\ACASystems\ACACapturePro\SCapPro.exe
O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - D:\Program Files\ACASystems\ACACapturePro\SCapPro.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll, NVDESK32.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Imam ADSL 256

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

racunar ti jeste zarazen.
ali posto je sad skoro 4 sata detaljan pregled loga i resenje ocekuj sutra.

Dopuna: 18 Jun 2007 14:58

1) Preuzmi program SmitfraudFix sa ovog linka.

2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti)

3.) Restartuj računar i podigni sistem u Safe Mode-u. Safe Mode info link

4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd.
Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo.

5.)



6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om
pokrenuće ti se Windows-ov program Disk Cleanup.



Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Juce sam isao na system restore zato sto je sam poceo da se restartuje i posle toga nisam imao onih poteskoca, nisam video u taskbaru one programe.
ALi upravo sada skeniram KAV i imam 97 virusa. Nema veze, uradicu ovo sto si mi rekao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pazi velika je mogucnost da si i u toj tacki na koju si vratio sistem bio zarazen.
odradi to pa cemo videti kako stvari stoje.