Spybot i AdAware nece da se ukljuce

stanje
Zatvorena za pisanje odgovora.

blackmore95

Domaćin
Poruka
3.757
Juce su poceli da mi se otvaraju neki prozori,a nisam nigde kliknuo, i desilo se par puta da me premesti na neki sajt.
Kontam da mi je usao neki virus,spyware ili nesto slicno.
Trenutno nemam antivirus.
Da li to zbog virusa ili.....?
Ako jeste sta da uradim ? (osim da nabavim antivirus)
Ne reinstalira mi se bas ...
Hvala unapred. :)
 
Poslednja izmena:
Skinuo sam Malwarebytes' Anti-Malware i u normalnom modu skenirao.
Nasao je 28 virusa,izbrisao je sve osim nekoliko i rekao da mora da se restartuje da bi bili izbrisani pri start up-u.
Restartovao sam ali spybot nije hteo da se pokrene , ono zeleno se popuni do kraja , u ukoci se.
Onda sam u safe modu skenirao i nasao je 6 virusa.
Spybot nije hteo da se pokrene.
Opet sam u safe modu skenirao , i nasao je 16 virusa
Spybot nece da se pokrene.
Da li da skeniram ponovo , ili da ostavim ovako ?

Evo logova:
Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6.3.2010 11:34:31
mbam-log-2010-03-06 (11-34-31).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 177126
Time elapsed: 21 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\eAPI.fne (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\dp1.fne (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\eAPI.fne (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\dp1.fne (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\C7142C\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-5247720312-8933594264-329704878-2012\Setupin.exe (Worm.Autorun.B) -> Delete on reboot.
F:\Program Files\Sony\Sound Forge Audio Studio 9.0\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Program Files\Sony Setup\Sound Forge Audio Studio 9.0\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.






Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6.3.2010 12:02:36
mbam-log-2010-03-06 (12-02-36).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 176556
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6.3.2010 12:22:55
mbam-log-2010-03-06 (12-22-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 176576
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\C7142C\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\spec.fne (Worm.Autorun) -> Quarantined and deleted successfully.
 
Ponovo sam skenirao i nasao je 12
On ih uvek kao obrise , a posle se ponovo pojave. :cry2: :dash:

Log:
Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6.3.2010 12:58:13
mbam-log-2010-03-06 (12-58-13).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 176706
Time elapsed: 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\FOUND.011\FILE0004.CHK (Trojan.Agent) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0005.CHK (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0006.CHK (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0007.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0008.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0011.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0012.CHK (Trojan.Agent) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0013.CHK (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0014.CHK (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0015.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0016.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
C:\FOUND.011\FILE0017.CHK (Worm.Autorun) -> Quarantined and deleted successfully.
 
Poslednja izmena:
Kakva je ovo putanja C:\FOUND.011??
Jesi li kliknuo da se obrise u malwarebytes kad si skenirao u safe modu i onda restartovao komp?
Iskljuci system restore i isprazni Temp foldere.

Gde se nalaze Temp folderi ?
Kako da iskljucim system restore?
(znam da piranja deluju glupo , ali lakse mi je da mi napise neko ko zna nego da trazim )

Avast je nasao 20 i nesto komada , ali nije mogao sve da izbrise , i stalno prijavljuje kako je blokirao malware ili trojanca i stavio ih u virus chest, cini mi se da je njihova lokazija uglavnom u System volume information\restore....... i u System32
MBAM je sad nasao neke i nalaze su u Temp folderima i u System32
Kontam da su ovo ti folderi o kojima si pricao , sad cu da restartujem , i da ih ispraznim.


Log od MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6.3.2010 14:38:28
mbam-log-2010-03-06 (14-38-28).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 177092
Time elapsed: 26 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\C7142C\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C7142C\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\nidza\Local Settings\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
 
Nema potrebe za rescue diskovima i gomilom slicnih programa, nije ovo uopste neka teska infekcija. Jedino mozes instalirati ccleaner i obeleziti tamo temporary fajlove/foldere i obrisati. A ako neki prezivi, obrisi ga rucno (u safe modu).
A mozes nam okaciti i HijackThis log (skini ga na desktop,preimenuj u bilo sta,pokreni i klikni scan and save logfile,kad zavrsi izbacice ti log koji ces ovde okaciti).
 
Nema potrebe za rescue diskovima i gomilom slicnih programa, nije ovo uopste neka teska infekcija. Jedino mozes instalirati ccleaner i obeleziti tamo temporary fajlove/foldere i obrisati. A ako neki prezivi, obrisi ga rucno (u safe modu).
A mozes nam okaciti i HijackThis log (skini ga na desktop,preimenuj u bilo sta,pokreni i klikni scan and save logfile,kad zavrsi izbacice ti log koji ces ovde okaciti).

E hvala vam puno ljudi:D
Izbrisani su :D
Hvala niceboy :D
moze lock.
 
stanje
Zatvorena za pisanje odgovora.

Back
Top