Poslao: 23 Mar 2012 00:25
|
offline
- anci1507
- Novi MyCity građanin
- Pridružio: 20 Mar 2012
- Poruke: 11
|
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 11:52:01 on 2012-03-21
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\mmm.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Win\lsass.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\woaurud.exe
C:\Program Files\ExpressFiles\EFupdater.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuestScan\questscan.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\QuestScan\questscan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=10&cc=
uWindow Title = IE
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: ShoppingReport2: {258c9770-1713-4021-8d7e-1f184a2bd754} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Softonic Helper Object: {e87806b5-e908-45fd-af5e-957d83e58e68} - c:\program files\softonic\softonic\1.5.11.5\bh\softonic.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Softonic Toolbar: {5018cfd2-804d-4c99-9f81-25eaea2769de} - c:\program files\softonic\softonic\1.5.11.5\softonicTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ShopperReports: {bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
uRun: [woaurud] c:\documents and settings\administrator\woaurud.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PowerTweak Menu] c:\windows\system32\mmm.exe
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [SystemTray] SysTray.Exe
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [systemup] "c:\windows\systemup.exe" stand
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [tray_ico]
mRun: [tray_ico1] c:\windows\update.tray-9-0\svchost.exe
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [8991747.exe] "c:\windows\temp\8991747.exe"
mRun: [tray_ico0] c:\windows\update.tray-7-0\svchost.exe
mRun: [run32] c:\win\lsass.exe
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] %SystemRoot%\System32\NewUser.cmd
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll
IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - c:\program files\shoppingreport2\bin\2.7.37\ShoppingReport.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{08845704-4599-4853-8D29-9D6D4901163E} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
IFEO: notepad.exe - c:\windows\system32\Notepad2.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bvkrial4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\vlc\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 00296bce00000000000074ea3a82be43
FF - user.js: extensions.BabylonToolbar_i.hardId - 00296bce00000000000074ea3a82be43
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15338
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:44:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTab - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 00296bce00000000000074ea3a82be43
FF - user.js: extensions.softonic_i.instlDay - 15405
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.523:00:19
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R? McComponentHostService;McAfee Security Scan Component Host Service
S? ddservice;ddservice
S? ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver
S? QuestScan Service;QuestScan Service
S? srvbtcclient;srvbtcclient
S? srviecheck;srviecheck
S? wxpdrivers;wxpdrivers
.
=============== File Associations ===============
.
inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.
=============== Created Last 30 ================
.
2012-03-19 23:52:32 -------- d-----w- c:\documents and settings\all users\application data\Floodlight Games
2012-03-19 23:52:32 -------- d-----w- c:\documents and settings\administrator\Saved Games
2012-03-19 23:52:32 -------- d-----w- c:\documents and settings\administrator\application data\Floodlight Games
2012-03-18 21:54:51 -------- d-----w- c:\documents and settings\administrator\application data\Ubisoft
2012-03-18 21:37:23 -------- d-----w- c:\program files\CSI - NY - The Game
2012-03-18 21:19:17 -------- d-----w- c:\program files\James Patterson Women's Murder Club - Little Black Lies
2012-03-18 20:56:44 -------- d-----w- c:\program files\Big City Adventure - Sydney Australia
2012-03-13 22:52:52 -------- d-----w- c:\documents and settings\administrator\application data\Islands3
2012-03-12 20:47:48 -------- d-----w- c:\documents and settings\administrator\application data\BigFish All My Gods
2012-03-11 22:14:03 -------- d-----w- c:\documents and settings\administrator\application data\Supermarket Mania 2
2012-03-11 12:58:10 -------- d-----w- c:\documents and settings\all users\application data\SpookyMall
2012-03-07 12:37:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Babylon
2012-03-07 12:37:35 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-03-07 12:37:24 -------- d-----w- c:\documents and settings\administrator\application data\Babylon
2012-03-07 12:36:45 -------- d-----w- c:\program files\ExpressFiles
2012-03-07 12:36:45 -------- d-----w- c:\documents and settings\administrator\application data\ExpressFiles
2012-03-06 22:02:28 -------- d-----w- c:\documents and settings\administrator\application data\Softonic
2012-03-06 21:58:37 -------- d-----w- c:\program files\Softonic
2012-03-05 21:35:14 -------- d-----w- c:\documents and settings\administrator\application data\Artifex Mundi
2012-03-04 16:25:41 -------- d-----w- c:\documents and settings\administrator\application data\PriceGong
2012-03-03 22:10:39 -------- d-----w- c:\documents and settings\administrator\application data\Islands2
2012-03-01 22:16:35 -------- d-----w- c:\documents and settings\administrator\application data\Farm Mania 2.1
2012-03-01 21:13:42 -------- d-----w- c:\documents and settings\administrator\application data\Ph03nixNewMedia
2012-02-29 21:40:38 -------- d-----w- c:\documents and settings\administrator\application data\playmink
2012-02-29 21:12:22 -------- d-----w- c:\documents and settings\administrator\application data\Stand O'Food 3
2012-02-26 13:14:25 -------- d-----w- c:\documents and settings\administrator\application data\Happy Chef
2012-02-23 17:22:07 -------- d-----w- c:\documents and settings\all users\application data\Gogii
.
==================== Find3M ====================
.
2012-02-17 23:38:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 21:36:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-17 21:36:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-01 21:25:06 49152 --sh--r- c:\documents and settings\administrator\woaurud.exe
.
============= FINISH: 11:53:01.50 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
Poslao: 23 Mar 2012 01:54
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Pozdrav...
U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mjestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK
Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
Idi na Start -> Run,
Ukoliko opcija Run ne bude dostupna, pritisni taster i R
Pojaviće se prozor kao na slici. Kopiraj u tekst polje sljedeći tekst:
"%userprofile%\Desktop\ComboFix.exe" /killall
i pritisni Enter
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
|
|
|
|
Poslao: 24 Mar 2012 00:25
|
offline
- anci1507
- Novi MyCity građanin
- Pridružio: 20 Mar 2012
- Poruke: 11
|
P O Z D R A V,
Strogo se pridrzavam vasim uputstava i sve ide super do onog dela sa ComboFix-om gde se spominje restartovanje Windows-a i da otvorim Notepaid sa izvestajem i da kopiram itd....Naime skenira ComboFix i na kraju dodje do
Delete File
nesto u particiji C, pa administracija
i otvori se prozor gde me obavestava da je potrebna detaljnija pretraga i da ce trajati.
Cekala sam sat ipo vremena i nista...stoji i za to vreme nema nijedne ikonice na Desktopu i nemogu nista da uradim sem da ugasim komp...ponovo upalim i pokrenem ispocetka...pa sve do tog dela... tako vec tri puta....
|
|
|
|
|
Poslao: 25 Mar 2012 15:19
|
offline
- anci1507
- Novi MyCity građanin
- Pridružio: 20 Mar 2012
- Poruke: 11
|
Nadam se da nisam beznadezan slucaj......
ista stvar i u Safe Mode...
ComboFix krene od
Competed Stage_1 pa do
Completed Stage_50 nakon cega ide
Deleting Files:
C:\Documents and Settings\Administrator\woaurud.exe
ispod toga treperi crtica i to je to......u pozadini je ekran crn i u uglovima pise Safe Mode...ali nista nemogu da odradim....
i ponovo me obavestava da je potrebno neko vreme.....pre toga me isto obavestava da je aktivan Avast i McAfee i da pokrecem program na svoju odgovornost i da moze doci do ostecenja....
|
|
|
|
Poslao: 25 Mar 2012 16:06
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Nisi beznadežan slučaj.
Korak 1
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sljedećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obilježene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obilježi sve stavke i klikni Remove Selected.
Po završetku procesa, lizvještaj će se otvoriti u Notepad-u i iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, izvještaj će biti dostupan na Logs kartici (obeleži ga i klikni Open).
Korak 2
Obriši ikonicu ComboFix-a sa Desktopa
Preuzmi svježu kopiju sa sljedećeg linka:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:
provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
|
|
|
|
Poslao: 25 Mar 2012 21:27
|
offline
- anci1507
- Novi MyCity građanin
- Pridružio: 20 Mar 2012
- Poruke: 11
|
Napisano: 25 Mar 2012 21:04
Malwarebytes Anti-Malware 1.60.1.1000
malwarebytes.org
Verzija baze: v2012.03.25.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: LastXP17 [administrator]
3/25/2012 8:42:14 AM
mbam-log-2012-03-25 (08-42-14).txt
Način skeniranja: Brzo skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 173423
Proteklo vreme 8 minuta(e), 13 sekundi
Detektovani procesi u memoriji: 13
C:\WINDOWS\systemup.exe (Spyware.Agent) -> 1736 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> 2104 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 3292 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.7.1\svchostdriver.exe (Spyware.Agent) -> 3348 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.7.1\svchostdriver.exe (Spyware.Agent) -> 3824 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2684 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 3400 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 3184 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 3244 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 2440 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1456 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 2832 -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 2908 -> Biće obrisano prilikom ponovnog pokretanja.
Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)
Detektovani ključevi u registru: 45
HKLM\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\systeminfog (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
Detektovane vrednosti u registru: 15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|systemup (Spyware.Agent) -> Podatak: "C:\WINDOWS\systemup.exe" stand -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Podatak: "C:\WINDOWS\sysdriver32.exe" rezerv -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4531918.exe (Trojan.Agent) -> Podatak: "C:\Windows\Temp\4531918.exe" -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Podatak: "C:\WINDOWS\sysdriver32_.exe" rezerv -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4472844.exe (Trojan.Agent) -> Podatak: "C:\WINDOWS\TEMP\4472844.exe" -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9073392.exe (Trojan.Dropper.H) -> Podatak: "C:\WINDOWS\TEMP\9073392.exe" -> Stavljeno u karantin i uspešno obrisano
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|woaurud (Worm.SFDC) -> Podatak: C:\Documents and Settings\Administrator\woaurud.exe -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|run32 (Trojan.Agent) -> Podatak: C:\Win\lsass.exe -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Backdoor.Agent) -> Podatak: C:\WINDOWS\services32.exe -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Agent) -> Podatak: C:\WINDOWS\update.tray-9-0\svchost.exe -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Agent) -> Podatak: C:\WINDOWS\update.tray-7-0\svchost.exe -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan|DisplayName (Adware.QuestScan) -> Podatak: QuestScan 1.0 build 193 -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Podatak: C:\Program Files\QuestScan\questscan.dll -> Stavljeno u karantin i uspešno obrisano
HKLM\SOFTWARE\Services32.exe|close (Trojan.Agent) -> Podatak: 0 -> Stavljeno u karantin i uspešno obrisano
HKLM\SYSTEM\CurrentControlSet\Services\ddservice|ImagePath (Trojan.Agent) -> Podatak: C:\WINDOWS\update.7.1\svchostdriver.exe srv -> Stavljeno u karantin i uspešno obrisano
Detektovani podaci u registru: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Loše: (0) Dobro: (1) -> Stavljeno u karantin i uspešno popravljeno
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Loše: (1) Dobro: (0) -> Stavljeno u karantin i uspešno popravljeno
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Stavljeno u karantin i uspešno popravljeno
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Stavljeno u karantin i uspešno popravljeno
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Loše: (1) Dobro: (0) -> Stavljeno u karantin i uspešno popravljeno
HKLM\SYSTEM\CurrentControlSet\Control\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Loše: (services32.exe) Dobro: (cmd.exe) -> Stavljeno u karantin i uspešno popravljeno
Detektovane fascikle: 11
C:\WINDOWS\rpcminer (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
Detektovane datoteke: 40
C:\WINDOWS\systemup.exe (Spyware.Agent) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.7.1\svchostdriver.exe (Spyware.Agent) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> Biće obrisano prilikom ponovnog pokretanja.
C:\WINDOWS\Temp\4531918.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\4472844.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\9073392.exe (Trojan.Dropper.H) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\19578_myunrar2.exe (Trojan.Dropper) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\2478086.exe (Spyware.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\5427830.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\722010.exe (Trojan.Downloader) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\Temp\2681473.exe (Trojan.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Stavljeno u karantin i uspešno obrisano
(kraj)
Dopuna: 25 Mar 2012 21:11
TRAZILO MI JE RESTARTOVANJE, KADA SE RESTARTOVAO STIGLO MI JE OBAVESTENJE DA MI JE SISTEM NEZASTICEN I DA JE FIREWALL-ON U SECURITY CENTRU...NEMAM IKONICE AVASTA I McAfee U DONJEM DESNOM UGLUPA NEMOGU DA IH DEAKTIVIRAM...USTVARI AVAST IKONICU UOPSTE NEMAM SAMO McAfee NA Desktopu.... da nastavim ili...
Dopuna: 25 Mar 2012 21:17
Mcafee je deaktiviran ali izbacuje mi kada pokrenem ComboFix da je aktivan Avast...samo sto nemam njegovu ikonicu na desktopu, pokusacu da je iscackam negde i da deaktiviram
Dopuna: 25 Mar 2012 21:27
McAfee je deaktiviran...kada pokrenem ComboFix izbacu je mi samo za Avast....ali nema njegove ikonice u donjem desnom uglu, ni na Desktopu a folder avasta je prazan....
|
|
|
|
|
|
|