Tema za korisnike koji imaju zaražen računar

[pufna65]

AVG Anti-Spyware 7.5 tako pise. Nemam drugih problema osim sporog interneta. Hvala!

 

[niceboy]

Ako i posle skeniranja sa malwarebytes-om bude spor net,skini na desktop HijackThis,preimenuj ga u bilo sta(npr.pufna.exe),pokreni i izaberi scan and save logfile.Kad zavrsi izbacice log u notepad-u koji ces postaviti ovde (copy/paste).

 

[raskoljnikov]

Niceboy, ignoriraš me?

 

[niceboy]

Niceboy, ignoriraš me?

Ne, daleko bilo. Samo ne znam sta bi ti moglo uzrokovati problem...

 

[pufna65]

Ako i posle skeniranja sa malwarebytes-om bude spor net,skini na desktop HijackThis,preimenuj ga u bilo sta(npr.pufna.exe),pokreni i izaberi scan and save logfile.Kad zavrsi izbacice log u notepad-u koji ces postaviti ovde (copy/paste).

Nisam uspela da skinem HijackThis, u svakom slucaju hvala sto ste pokusali da mi pomognete.

 

[niceboy]

Nisam uspela da skinem HijackThis, u svakom slucaju hvala sto ste pokusali da mi pomognete.

Kako nisi? Odavde?

 

[pufna65]

Kako nisi? Odavde?

Skinula sam program, preimenovala ga, sacuvala na desktopu, ali ne mogu da ga pokrenem. Kad pokusam samo mi na ekranu pojavi crni prozor na sekund, dva... i nestane.

 

[Биа]

Да се надовежем на тему, како небисте губили узалудно време.
Приказане су екстензије за познате програме. Тај проблем смо детаљно обрадили у следећој теми.
Након решавања датог проблема настави са упутством које ти је Nice Boy предложио.

 

[pufna65]

Да се надовежем на тему, како небисте губили узалудно време.
Приказане су екстензије за познате програме. Тај проблем смо детаљно обрадили у следећој теми.
Након решавања датог проблема настави са упутством које ти је Nice Boy предложио.

Cekirana mi je ta opcija!


Imam eset nod32 antivirus, protection status mi je MAXIMUM PROTECTION IS NOT ENSURED. Skeniranjem ne nalazi nista.

 

[niceboy]

Skinula sam program, preimenovala ga, sacuvala na desktopu, ali ne mogu da ga pokrenem. Kad pokusam samo mi na ekranu pojavi crni prozor na sekund, dva... i nestane.

Probaj i Installer i Executable.
Jel ti Eset update-ovan?Sta jos pise pored MAXIMUM PROTECTION IS NOT ENSURED?

 

[pufna65]

Maximum protection is not ensured
Access to files, email and internet is not secured.

Virus signature database is out of date
The virus signature database has not been updated for some time.
Your computer might not be fully protected. Please check your network connectivity and then try to update the virus signature database again.

Kad kliknem na update, kao krene medjutim posle minut, dva se pojavi ovo:
Virus signature database update failed
Maximum protection of your computer is not ensured.
Virus signature database could not be updated
An error occurred while downloading update files.
Update virus signature database
Troubleshoot update issue

 

[niceboy]

Probaj u safe modu da skeniras sa Esetom i sa malwarebytes-om (restart,pa f8).

 

[raskoljnikov]

Ne, daleko bilo. Samo ne znam sta bi ti moglo uzrokovati problem...

I zato mi ne odgovaraš? Jesi li pročitao moj zadnji post? (Onaj o hardveru i servisu.)

 

[niceboy]

I zato mi ne odgovaraš? Jesi li pročitao moj zadnji post? (Onaj o hardveru i servisu.)

Jesam, naravno. Ali kao sto sam rekao, ne znam sta bi moglo da bude.
Verovatno ces morati u servis, samo im reci da ti pre nego nesto urade spasu podatke ako imas.

 

[pufna65]

Probaj u safe modu da skeniras sa Esetom i sa malwarebytes-om (restart,pa f8).

U safe modu????????
Nemojte da se smejete sto ne znam.

 

[niceboy]

U safe modu????????
Nemojte da se smejete sto ne znam.

Ja napisah, ali evo ponovo. Restartuj komp i kad krene da se butuje (startuje) stisni par puta F8, potom izaberi safe mode i udari enter.

 

[pufna65]

Hvala :-)

 

[raskoljnikov]

Jesam, naravno. Ali kao sto sam rekao, ne znam sta bi moglo da bude.
Verovatno ces morati u servis, samo im reci da ti pre nego nesto urade spasu podatke ako imas.

OK, hvala za odgovor. I ovaj i sve prijašnje.


Pozdrav!

 

[niceboy]

OK, hvala za odgovor. I ovaj i sve prijašnje.


Pozdrav!

Nema na cemu. Zao mi je sto nismo uspeli da ti resimo problem...pozz.

 

[daXer]

moze li neko da mi pogleda ovo, imam problem sa trojancem u pitanju je backdoor

hvala unapred

Spojler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:27, on 14.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\Wyeke\wyeke141.exe
C:\Program Files\Wyeke\wyeke.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 79.106.2.131 localhost
O1 - Hosts: 79.106.2.131 facebook.com
O1 - Hosts: 79.106.2.131 www.facebook.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: gwprimawega - {3f83a83f-65fa-308f-5923-0368afae02cb} - C:\WINDOWS\system32\1fBPv8kE_Y.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe /q
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

nastavak sledi ispod

 

[daXer]

nastavak hijack loga

Spojler

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Wyeke Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyeke\wyeke141.exe

--
End of file - 10754 bytes

 

[daXer]

evo log malewareabytes

u normal modu

Malwarebytes' Anti-Malware 1.44
Verzija baze podataka: 3865
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

14.3.2010 15:51:37
mbam-log-2010-03-14 (15-51-33).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 144508
Proteklo vreme: 16 minute(s), 18 second(s)

Inficirani procesi u memoriji: 1
Inficirani moduli u memoriji: 1
Inficirani kljuèevi u registru: 6
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 6
Inficirane fascikle: 1
Inficirane datoteke: 5

Inficirani procesi u memoriji:
C:\Program Files\Wyeke\wyeke.exe (Adware.Agent) -> No action taken.

Inficirani moduli u memoriji:
C:\Program Files\Wyeke\wyeke.dll (Adware.Agent) -> No action taken.

Inficirani kljuèevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wyeke (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Wyeke (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wyeke Service (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f83a83f-65fa-308f-5923-0368afae02cb} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f83a83f-65fa-308f-5923-0368afae02cb} (Adware.BHO) -> No action taken.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.

Inficirane fascikle:
C:\Program Files\Wyeke (Adware.Agent) -> No action taken.

Inficirane datoteke:
C:\Program Files\Wyeke\uninstall.exe (Adware.Agent) -> No action taken.
C:\Program Files\Wyeke\wyeke.dll (Adware.Agent) -> No action taken.
C:\Program Files\Wyeke\wyeke.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\DARKO\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\1fBPv8kE_Y.dll (Adware.BHO) -> No action taken.

 

[samsun]

Pretpostavljam da je MBAM sve stavio u karantin, i time rješio problem?Ako ne,briši ih ručno,imaš njihove putanje.

 

[daXer]

evo i iz safe moda mbam

Malwarebytes' Anti-Malware 1.44
Verzija baze podataka: 3865
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

14.3.2010 16:36:25
mbam-log-2010-03-14 (16-36-22).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 144078
Proteklo vreme: 18 minute(s), 36 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 6
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 6
Inficirane fascikle: 0
Inficirane datoteke: 5

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wyeke (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Wyeke (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wyeke Service (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f83a83f-65fa-308f-5923-0368afae02cb} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f83a83f-65fa-308f-5923-0368afae02cb} (Adware.BHO) -> No action taken.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\Program Files\Wyeke\uninstall.exe (Adware.Agent) -> No action taken.
C:\Program Files\Wyeke\wyeke.dll (Adware.Agent) -> No action taken.
C:\Program Files\Wyeke\wyeke.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\DARKO\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\1fBPv8kE_Y.dll (Adware.BHO) -> No action taken.

 

[daXer]

Pretpostavljam da je MBAM sve stavio u karantin, i time rješio problem?Ako ne,briši ih ručno,imaš njihove putanje.

kako da brisem kljuceve?