Blokirao racunar

1

Blokirao racunar

offline
  • Pridružio: 02 Sep 2012
  • Poruke: 10

Htjela sam racunar skenirati sa Anti-Malware i u tom trenutku mi se pojavilo da napravim apdejt Adobe flash playera. To sam zavrsila i vjerovatno napravila gresku. Nakon skeniranja sa Anti-Malware i brisanja par stavki koje je pronasao, Malware mi javlja gresku. Restartovala sam racunar i od tada ne mogu nista otvoriti. Na koju god ikonu kliknem samo stoji pjescani sat i nista se ne desava.
Usla sam u safe mode i krenula sa skeniranjem svim i svacim. ATF-cleaner, super antispyware, ccleaner...Od zastite koristim avast i on nista nije pronasao. Skinula sam i kaspersky ni on nije nista pronasao. Na kraju sam jos jednom skenirala sa Malware i on je nasao PUP.blabbers u D:\System Volume Information\_restore{7CA4DF12-92B6-44F7-9B7B-B9C98F95A04A}\RP564\A0998347.exe
To sam obrisala ali situacija sa racunarom je i dalje ista.

Sta jos da pokusam?


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by Sandra at 14:35:24 on 2012-09-02
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.530 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=fmtgl&q={searchTerms}
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - d:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - d:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - d:\program files\softonic-eng7\prxtbSof2.dll
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - d:\program files\brothersoft_extreme\prxtbBro0.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - d:\program files\winamp toolbar\winamptb.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - d:\program files\winamp toolbar\winamptb.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - d:\program files\softonic-eng7\prxtbSof2.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - d:\program files\brothersoft_extreme\prxtbBro0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - d:\program files\winamp toolbar\winamptb.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - d:\program files\softonic-eng7\prxtbSof2.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - d:\program files\brothersoft_extreme\prxtbBro0.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "d:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [AdobeBridge]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EPSON Stylus D88 Series] d:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "d:\program files\ask.com\updater\Updater.exe"
mRun: [avast] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [NPSStartup]
mRun: [AdobeAAMUpdater-1.0] "d:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] d:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "d:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK.EXE
IE: &Search - tbedits.ourbabymaker.com/one-toolbaredits/m.....2011030809
IE: &Winamp Search - d:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.20
TCP: Interfaces\{6D511550-B997-41A3-BA2C-D6BCFDD358AB} : DhcpNameServer = 192.168.1.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10002
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q=
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: d:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - c04ca04300000000000000e04c2c0b35
FF - user.js: extensions.funmoods_i.instlDay - 15432
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:51:14
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
S0 rbmys;rbmys;d:\windows\system32\drivers\gqtrtwbp.sys --> d:\windows\system32\drivers\gqtrtwbp.sys [?]
S0 sstkahst;sstkahst;d:\windows\system32\drivers\ogwddm.sys --> d:\windows\system32\drivers\ogwddm.sys [?]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2002-5-15 729752]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-10-7 355632]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-10-7 21256]
S2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-10-7 44768]
S2 FsUsbExService;FsUsbExService;d:\windows\system32\FsUsbExService.Exe [2012-4-2 233472]
S2 Skype C2C Service;Skype C2C Service;d:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-31 250568]
S3 cpuz132;cpuz132;\??\d:\docume~1\sandra\locals~1\temp\cpuz132\cpuz132_x32.sys --> d:\docume~1\sandra\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [2012-4-2 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);d:\windows\system32\drivers\ss_bbus.sys [2012-4-2 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);d:\windows\system32\drivers\ss_bmdfl.sys [2012-4-2 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;d:\windows\system32\drivers\ss_bmdm.sys [2012-4-2 121856]
S3 SwitchBoard;SwitchBoard;d:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-09-02 00:13:11 -------- d-----w- d:\program files\CCleaner
2012-09-02 00:13:11 -------- d-----w- d:\documents and settings\all users\application data\PC Tools
2012-09-01 21:54:33 22344 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-09-01 19:12:02 -------- d-----w- d:\documents and settings\sandra\application data\TestApp
2012-08-31 16:46:53 696520 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-13 11:35:32 5115584 ----a-w- d:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-31 16:46:52 73416 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13:15 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- d:\windows\avastSS.scr
.
============= FINISH: 14:35:38,01 ===============

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, Alex_Alex

Ponovo isprati uputstvo i dostavi nam:
- Attach.txt
- Gmer1.log
- Gmer2.log
- Gmer3.log


Zatim:

Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter




Dostavi sve logove koje nadjes u tom folderu.

offline
  • Pridružio: 02 Sep 2012
  • Poruke: 10

Zaboravila sam u prethodnom postu napisati da cim kliknem na Gmer restartuje mi se racunar tako da to nisam uspjela napraviti.
I nesto sam novo otkrila, kada iskljucim Avast sve se odblokira i mogu normalno raditi na racunaru.



Malwarebytes Anti-Malware 1.62.0.1300
malwarebytes.org

Verzija baze: v2012.09.01.06

Windows XP Service Pack 2 x86 NTFS (Bezbedni režim)
Internet Explorer 6.0.2900.2180
Sandra :: SANDRA-80037425 [administrator]

2.9.2012 3:22:35
mbam-log-2012-09-02 (03-22-35).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\Smajli
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 229319
Proteklo vreme 32 minuta(e), 16 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 0
(Maliciozne stavke nisu pronađene)

(kraj)


Malwarebytes Anti-Malware 1.62.0.1300
malwarebytes.org

Verzija baze: v2012.09.01.06

Windows XP Service Pack 2 x86 NTFS (Bezbedni režim/Bezbedni režim sa umrežavanjem)
Internet Explorer 6.0.2900.2180
Sandra :: SANDRA-80037425 [administrator]

1.9.2012 23:56:56
mbam-log-2012-09-01 (23-56-56).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\Smajli
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 232767
Proteklo vreme 17 minuta(e), 40 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 1
D:\System Volume Information\_restore{7CA4DF12-92B6-44F7-9B7B-B9C98F95A04A}\RP564\A0998347.exe (PUP.Blabbers) -> Nikakva akcija nije poduzeta.

(kraj)

Malwarebytes Anti-Malware 1.61.0.1400
malwarebytes.org

Verzija baze: v2012.08.31.06

Windows XP Service Pack 2 x86 NTFS (Bezbedni režim)
Internet Explorer 6.0.2900.2180
Sandra :: SANDRA-80037425 [administrator]

31.8.2012 21:29:43
mbam-log-2012-08-31 (21-29-43).txt

Način skeniranja: Kompletno skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 27615
Proteklo vreme 1 minuta(e), 4 sekundi [prekinuto]

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 19
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Stavljeno u karantin i uspešno obrisano
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Stavljeno u karantin i uspešno obrisano

Detektovane vrednosti u registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Podatak: D:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Stavljeno u karantin i uspešno obrisano

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 4
D:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano

(kraj)

Malwarebytes' Anti-Malware 1.51.2.1300
malwarebytes.org

Verzija baze: 8073

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3.11.2011 13:50:43
mbam-log-2011-11-03 (13-50-43).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\Smajli
Skeniranih objekata 207329
Proteklo vreme 1 sat(i), 45 minuta(e), 52 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 3

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani ključevi u registru:
(Maliciozne stavke nisu pronađene)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronađene)

Inficirani podaci u registru:
(Maliciozne stavke nisu pronađene)

Inficirane fascikle:
(Maliciozne stavke nisu pronađene)

Inficirane datoteke:
d:\documents and settings\Sandra\my documents\???????\ourbabymaker(2).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
d:\documents and settings\Sandra\my documents\???????\ourbabymaker(3).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
d:\documents and settings\Sandra\my documents\???????\ourbabymaker.exe (Adware.FunWeb) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.51.2.1300
malwarebytes.org

Verzija baze: 8073

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3.11.2011 15:20:05
mbam-log-2011-11-03 (15-20-05).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\Smajli
Skeniranih objekata 178528
Proteklo vreme 1 sat(i), 25 minuta(e), 26 sekundi

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronađene)

Inficirani ključevi u registru:
(Maliciozne stavke nisu pronađene)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronađene)

Inficirani podaci u registru:
(Maliciozne stavke nisu pronađene)

Inficirane fascikle:
(Maliciozne stavke nisu pronađene)

Inficirane datoteke:
(Maliciozne stavke nisu pronađene)

Malwarebytes Anti-Malware 1.62.0.1300
malwarebytes.org

Verzija baze: v2012.09.01.06

Windows XP Service Pack 2 x86 NTFS (Bezbedni režim/Bezbedni režim sa umrežavanjem)
Internet Explorer 6.0.2900.2180
Sandra :: SANDRA-80037425 [administrator]

2.9.2012 0:38:01
mbam-log-2012-09-02 (00-38-01).txt

Način skeniranja: Kompletno skeniranje (C:\|D:\Smajli
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 232789
Proteklo vreme 18 minuta(e), 2 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 1
D:\System Volume Information\_restore{7CA4DF12-92B6-44F7-9B7B-B9C98F95A04A}\RP564\A0998347.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano

(kraj)

Malwarebytes Anti-Malware 1.61.0.1400
malwarebytes.org

Verzija baze: v2012.08.31.06

Windows XP Service Pack 2 x86 NTFS (Bezbedni režim)
Internet Explorer 6.0.2900.2180
Sandra :: SANDRA-80037425 [administrator]

31.8.2012 21:31:58
mbam-log-2012-08-31 (21-31-58).txt

Način skeniranja: Kompletno skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 223883
Proteklo vreme 40 minuta(e), 53 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano

Detektovane vrednosti u registru: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Podatak: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Stavljeno u karantin i uspešno obrisano
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Podatak: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Stavljeno u karantin i uspešno obrisano
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Podatak: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Stavljeno u karantin i uspešno obrisano

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 1
D:\Program Files\BrowserCompanion (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano

Detektovane datoteke: 11
D:\Documents and Settings\Sandra\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Documents and Settings\Sandra\My Documents\Downloads\adobeUbdate.exe (Backdoor.Agent) -> Stavljeno u karantin i uspešno obrisano
D:\System Volume Information\_restore{7CA4DF12-92B6-44F7-9B7B-B9C98F95A04A}\RP564\A0998342.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano
D:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Stavljeno u karantin i uspešno obrisano

(kraj)

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

U temi za otvaranje http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html , postoji alternativa GMER-u, koja se zove RootRepeal

offline
  • Pridružio: 02 Sep 2012
  • Poruke: 10

Sve je lijepo pisalo a meni treba nacrtati. Very Happy Izvini sto ne procitah do kraja. Imam jedan disk podjeljen na dvije particije, oznacila sam i C i D valjda nisam opet nesto zabrljala.


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1

Arrow Preuzmi program CatchMe.

Dvoklikom pokreni catchme.exe i klikni na tab Script.
U (beli) prozor programa iskopiraj sledeći tekst:

files:
d:\windows\system32\drivers\gqtrtwbp.sys
d:\windows\system32\drivers\ogwddm.sys


Klikni na dugme Run.

Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK.

Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip.
Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php


Korak 2

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sledece programe:

Softonic-Eng7 Toolbar
BrotherSoft Extreme Toolbar
Winamp Toolbar Loader
Ask Toolbar


Restartuj racunar.


Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt


Korak 4

Arrow Ponovo pokreni DDS i postavi oba izvestaja koje dobijes.



TwinHeadedEagle (AMFTim)

offline
  • Pridružio: 02 Sep 2012
  • Poruke: 10

Ovo je sve gore i gore. Prvo je bilo sve blokirano, onda sam shvatila da jedino avast mogu otvoriti i kada bih ga blokirala na 10 minuta sve drugo bi se odblokiralo. Sada sam uradila prvi i drugi korak po uputstvu i nakon toga vise uopste ne vidim ni start, ni sat dole je sve plavo a oko 80% ikona na desktopu stoji kao da racunar ne prepoznaje koji su programi.

Uradila sam i ostalo.


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by Sandra at 19:55:10 on 2012-09-03
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.625 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "d:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [AdobeBridge]
uRunOnce: [Report] D:\AdwCleaner[S2].txt
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EPSON Stylus D88 Series] d:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [avast] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [NPSStartup]
mRun: [AdobeAAMUpdater-1.0] "d:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] d:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "d:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.20
TCP: Interfaces\{6D511550-B997-41A3-BA2C-D6BCFDD358AB} : DhcpNameServer = 192.168.1.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\
FF - prefs.js: browser.search.defaulturl -
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\plugins\np-mswmp.dll
FF - plugin: d:\documents and settings\sandra\application data\mozilla\firefox\profiles\ubuz7ob1.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: d:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
S0 rbmys;rbmys;d:\windows\system32\drivers\gqtrtwbp.sys --> d:\windows\system32\drivers\gqtrtwbp.sys [?]
S0 sstkahst;sstkahst;d:\windows\system32\drivers\ogwddm.sys --> d:\windows\system32\drivers\ogwddm.sys [?]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2002-5-15 729752]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-10-7 355632]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-10-7 21256]
S2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-10-7 44768]
S2 FsUsbExService;FsUsbExService;d:\windows\system32\FsUsbExService.Exe [2012-4-2 233472]
S2 Skype C2C Service;Skype C2C Service;d:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-31 250056]
S3 cpuz132;cpuz132;\??\d:\docume~1\sandra\locals~1\temp\cpuz132\cpuz132_x32.sys --> d:\docume~1\sandra\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [2012-4-2 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);d:\windows\system32\drivers\ss_bbus.sys [2012-4-2 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);d:\windows\system32\drivers\ss_bmdfl.sys [2012-4-2 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;d:\windows\system32\drivers\ss_bmdm.sys [2012-4-2 121856]
S3 SwitchBoard;SwitchBoard;d:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-09-02 00:13:11 -------- d-----w- d:\program files\CCleaner
2012-09-02 00:13:11 -------- d-----w- d:\documents and settings\all users\application data\PC Tools
2012-09-01 21:54:33 22344 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-09-01 19:12:02 -------- d-----w- d:\documents and settings\sandra\application data\TestApp
2012-08-31 16:46:53 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-13 11:35:32 5115584 ----a-w- d:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-09-02 20:19:37 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13:15 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- d:\windows\avastSS.scr
.
============= FINISH: 19:55:41,48 ===============





mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.

Preuzmi sledeci fajl na Desktop i pokreni ga.

https://www.mycity.rs/must-login.png

Ako se otvori Notepad, iskopiraj njegov sadrzaj u temu. Ukoliko se ne otvori, znaci da je sve proslo kako treba i potrebno je da to napomenes u poruci. U tom slucaju, na Desktop-u ce biti fajl log.txt, ciji je sadrzaj potrebno kopirati u temu.


Korak 2.

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj avast! Free Antivirus

Zatim na Desktop preuzmi aswclear.exe.

Zatim je potrebno da butujes racunar u Safe Mode po ovom uputstvu.

Pokreni aswclear.exe i isprati instrukcije. Zatim restartuj racunar normalno, bez ulaska u Safe Mode.

Uputstvo takodje moze pogledati ovde: http://www.avast.com/uninstall-utility


Korak 3.

- Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru.

Sta to znaci? Pogledaj link: http://windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean;

**** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka.


Korak 4.

Sada je potrebno da instaliras Antivirus. Mozes izabrati neki od besplatnih varijanti

Microsoft Security Essentials
avast! Free Antivirus
Avira Free Antivirus
Panda Antivirus Free
AVG Free



TwinHeadedEagle (AMFTim)

offline
  • Pridružio: 02 Sep 2012
  • Poruke: 10

Bila sam u guzvi ovih dana, nisam stigla do racunara.

Uradila sam ovo prvo i otvorio mi se notepad.

[SC] DeleteService SUCCESS
[SC] DeleteService SUCCESS
Could Not Find d:\windows\system32\drivers\gqtrtwbp.sys
Could Not Find d:\windows\system32\drivers\ogwddm.sys

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

U redu, isprati preostale korake...

Ko je trenutno na forumu
 

Ukupno su 1017 korisnika na forumu :: 39 registrovanih, 5 sakrivenih i 973 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Asparagus, babaroga, bokisha253, Brana01, Cassius Clay, CikaKURE, Dimitrise93, DonRumataEstorski, Dorcolac, DPera, Georgius, hooraay, ivan1973, jackreacher011011, Još malo pa deda, Karla, Krvava Devetka, Lazarus, milenko crazy north, milos.cbr, milutin134, Misirac, moldway, naki011, nebidrag, nemkea71, nenad81, NoOneEver Dreams, sasa87, Sirius, Srle993, stegonosa, theNedjeljko, vathra, W123, zlaya011, |_MeD_|