Spyware Guard 2008

jel mozda neko zna kako deinstalirati spyware guard

To je virus, skini MBAM on ga ubija http://www.malwarebytes.org/mbam.php

Interesantno,ali kako se pojavljuje spyware guard 2008,i dalje? Recimo preko tog programa sam ga detektovao i obrisao,i onda posle odem na Norton Securitu Scan i on ga opet izbacuje?

Znaci Anti Malware skenira sve i pokazuje 0-infected

NOD32 Antivirus skenira sve i pokazuje 0-infected

A Norton Security Scan pokazuje da je komp inficiran sa 2 spyware guard 2008 i 2 tracking cookis?

Mislim,zanima me da li je relevantno to sto pokazuje Norton Security Scan?
Kako je moguce da Anti Malware i Nod32 Antivirus ne nalaze nista da je inficirano a Norton Security Scan nalazi i izbacuje upozorenje da je komp inficiran?????????????

mbam ima definicije za infekcije tipa Antivitus 2009, Win defender 2009, Antispyware guard i sl. Mozda je lazna uzbuna, ali ako zelis mozemo da proverimo.

Skini HiJackThis program sa sledeceg linka:
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Stavi ga u zaseban folder na Desktop
Promeni naziv foldera u GT3 i programa u GT3.exe

* Pokreni HijackThis
* Izaberi opciju "Do a system scan and save the logfile"
* Na kraju skeniranja program ce izbaciti tekstualni log.
* taj log kopiraj ovde ( opcije copy / paste)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:01 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Korisnik\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4286 bytes

Iskljuci Tea timer

Pokreni Spybot S&D
Klikni na Mode pa na Advance Mode \ Resident \ destikliraj Resident Tea-Timer
Zatvori Spybot S&D i restartuj komjuter

Zatim skini Reset tea timer na desktop http://home.hetnet.nl/~stefsmeenk/ResetTeaTimer.exe
Pokreni ga i prati upustsva


Privremeno iskljuci svoj AntiVirus program

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.
Nediraj Mis i nediraj tastaturu dok skripta radi!
Znaci ostavi je da odradi svoje
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile
*postavi svez HijackThis log

ComboFix 08-12-29.02 - Korisnik 2008-12-30 14:42:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.663 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-29 23:57 . 2008-12-29 23:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-29 23:57 . 2008-12-30 00:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 00:14 . 2008-12-27 16:22 49 --a------ c:\windows\NeroDigital.ini
2008-12-21 18:55 . 2008-12-21 18:55 <DIR> d---s---- c:\documents and settings\Korisnik\UserData
2008-12-20 18:04 . 2008-12-30 01:31 <DIR> d-------- c:\program files\Norton Security Scan
2008-12-20 18:04 . 2008-12-30 01:34 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-20 14:58 . 2008-12-20 15:10 <DIR> d-------- c:\windows\system32\Adobe
2008-12-15 05:19 . 2008-12-15 05:19 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ACD Systems
2008-12-14 16:22 . 2008-12-14 16:22 <DIR> d-------- c:\program files\MyPlayCity.com
2008-12-14 16:22 . 2008-12-14 16:22 <DIR> d-------- c:\program files\MyPlayCity
2008-12-14 16:22 . 2008-12-14 16:22 <DIR> d-------- c:\program files\Conduit
2008-12-12 21:21 . 2008-12-12 21:21 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Microsoft Games
2008-12-12 21:21 . 2008-12-25 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Games
2008-12-12 21:19 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-12 21:19 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-12-12 21:18 . 2008-12-26 14:36 <DIR> d-------- c:\program files\Microsoft Games
2008-12-11 02:10 . 2008-12-30 00:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 02:10 . 2008-12-11 02:10 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Malwarebytes
2008-12-11 02:10 . 2008-12-11 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 02:10 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 02:10 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-11 02:07 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-11 02:06 . 2008-12-22 00:17 <DIR> d-------- C:\totalcmd
2008-12-11 02:06 . 2008-12-11 02:06 <DIR> d-------- c:\program files\ESET
2008-12-11 02:06 . 2008-12-11 02:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-11 02:06 . 2008-12-22 00:20 819 --a------ c:\windows\wincmd.ini
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\UC.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\RAR.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\PKZIP.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\LHA.PIF
2008-12-11 02:06 . 2007-01-10 07:00 545 --a------ c:\windows\ARJ.PIF
2008-12-11 02:05 . 2008-12-11 02:05 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-11 02:05 . 2008-12-11 02:05 <DIR> d-------- c:\program files\Ahead
2008-12-11 02:05 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-12-11 02:05 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-12-11 02:05 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-12-11 02:05 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-12-11 02:05 . 2004-03-03 21:30 125,184 --a------ c:\windows\system32\drivers\imagesrv.sys
2008-12-11 02:05 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-12-11 02:05 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-12-11 02:05 . 2004-03-03 21:30 5,504 --a------ c:\windows\system32\drivers\imagedrv.sys
2008-12-11 02:04 . 2008-12-11 02:04 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-11 02:04 . 2008-12-11 02:04 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-12-11 02:04 . 2008-12-11 02:04 <DIR> d-------- c:\program files\ACD Systems
2008-12-11 02:04 . 2008-12-11 02:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-11 02:03 . 2008-12-11 02:04 <DIR> d-------- c:\program files\Winamp
2008-12-11 02:03 . 2008-12-11 02:03 <DIR> d-------- c:\program files\Opera
2008-12-11 02:03 . 2008-12-11 02:03 <DIR> d-------- c:\program files\CyberLink
2008-12-11 02:03 . 2008-12-10 20:57 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Winamp
2008-12-11 02:03 . 2008-12-11 02:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\program files\Webteh
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\program files\VideoLAN
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\BSplayer PRO
2008-12-11 01:51 . 2008-12-11 01:51 <DIR> d-------- c:\program files\Xvid
2008-12-11 01:51 . 2008-12-11 01:51 <DIR> d-------- c:\program files\Haali
2008-12-11 01:51 . 2008-12-11 01:51 <DIR> d-------- c:\program files\DivX
2008-12-11 01:50 . 2008-12-11 01:50 <DIR> d-------- c:\program files\MediaTwins Software
2008-12-11 01:50 . 2008-12-11 01:50 <DIR> d-------- c:\program files\DivXCodec
2008-12-11 01:50 . 2008-12-11 01:50 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-11 01:50 . 2008-12-11 01:50 <DIR> d-------- c:\program files\AngelPotion Video Codec V1
2008-12-11 01:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-11 01:50 . 2000-08-09 21:26 177,241 --a------ c:\windows\system32\APmpg4v1.apl
2008-12-11 01:50 . 2000-08-23 07:26 106,496 --a------ c:\windows\system32\APmpg4v1.dll
2008-12-11 01:48 . 2008-12-11 01:48 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-11 01:48 . 2008-12-11 01:48 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-11 01:48 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-11 01:48 . 2008-12-11 01:48 376 --a------ c:\windows\ODBC.INI
2008-12-11 01:47 . 2008-12-11 01:48 <DIR> d-------- c:\windows\SHELLNEW
2008-12-11 01:44 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-11 01:42 . 2008-12-30 14:30 81,496 --a------ c:\windows\system32\nvapps.xml
2008-12-11 01:41 . 2008-12-11 01:44 <DIR> d-------- c:\windows\nview
2008-12-11 01:41 . 2006-10-31 07:35 208,896 --a------ c:\windows\system32\nvudisp.exe
2008-12-11 01:41 . 2006-10-31 07:35 17,056 --a------ c:\windows\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-11 01:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 00:40 15,600 ----a-w c:\windows\gdrv.sys
2008-12-09 22:32 315,392 ----a-w c:\windows\HideWin.exe
2008-12-09 22:32 --------- d-----w c:\program files\Realtek
2008-12-09 22:32 --------- d-----w c:\program files\DIFX
2008-12-09 22:30 --------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield
2008-12-09 22:24 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-11-23 23:03 1784856 --a------ c:\program files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42232329-c645-11dd-9fdb-806d6172696f}]
\Shell\AutoRun\command - D:\Run.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-28 c:\windows\Tasks\Norton Security Scan for Korisnik.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 14:42:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-30 14:43:22
ComboFix-quarantined-files.txt 2008-12-30 13:43:13

Pre-Run: 98,185,318,400 bytes free
Post-Run: 98,247,995,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

176

Daj mi svezi HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:25 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Korisnik\Desktop\GT3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4309 bytes

Ok sve je u redu.

Klikni start\ run \ ukucaj donji tekst, klikni ok i sacekaj da se deinstalacija Combofixa zavrsi



* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledece linije:



Klikni na Fix
Imas nekoliko toolbara pa ako ih ne koristis pozeljno je da ih deinstaliras.

Hvala Kristi,znaci nije zarazen? Sad sam otisao ponovo na Norton i izbacio je samo neke kukije,ali nije pronasao spyware guard 2008.Ako bude ubuduce izbacivao nesto slicno,to ce buti kao sto si ti rekao verovatno lazne uzbune?

Nemas vise zarazu, CF ga je obrisao, a inace bio je prisutan, nije bila lazna uzbuna

Da li postoji neki drugi nacin da se ukloni doticni program koji me smara vec nekoliko dana . Pokusavao sam nesto ali mi nikako ne ide . MBAM ne mogu da instaliram , ne mogu ni Spybot S&D da pokrenem .Ljudi sta mi je ciniti ?