[ natasica87 @ 09.01.2012. 00:47 ] @
Kad na fejsbuku kliknem na pocetnu stranu, profil ili obavestenje automatski me prebaci na sajt www.vkontakte.ru
i prikaze 404 not found
pomagajte aman
[ IT_DooX @ 09.01.2012. 06:33 ] @
Nosi kod majstora, pokupila si neki spyware na netu, mora se ocistiti i nece vise raditi redirekciju
[ Aleksandar Maletic @ 09.01.2012. 16:04 ] @
Pozdrav natasica87.
Preuzmi Malwarebytes Anti-Malware.
Pokreni instalaciju i tokom instalacije proveri da li su obeležene opcije:

*Update Malwarebytes' Anti-Malware;
*Launch Malwarebytes' Anti-Malware;

...zatim klikni na Finish.
Nakon ažuriranja program će se pokrenuti.
Odaberi opciju Perform Quick Scan i klikni Scan.
Kada skeniranje bude završeno klikni Ok, Show Result.
Ukoliko se na listi bude nalazio detektovani malware, štikliraj sve objekte i klikni Remove Selected.
Obavezno dozvoliti restart Windowsa ako program to zatraži.
Nakon završenog procesa program će kreirati log file.
Kopiraj sadržaj tog log-a ovde u temu.
[ natasica87 @ 11.01.2012. 23:07 ] @
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: DELUXE [administrator]

11.1.2012 23:50:31
mbam-log-2012-01-11 (23-50-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 153647
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Detected: 14
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> 1532 -> Delete on reboot.
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> 3232 -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> 1772 -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> 1980 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1968 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1412 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 172 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1400 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1088 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1896 -> Delete on reboot.
C:\WINDOWS\SYSDRIVER32.EXE (Trojan.Agent) -> 440 -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-2-0\svchost.exe (Trojan.Dropper) -> 1336 -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-7-0\svchost.exe (Trojan.Dropper) -> 1404 -> Delete on reboot.
C:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2476 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKLM\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Data: "C:\WINDOWS\sysdriver32.exe" rezerv -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Dropper) -> Data: C:\WINDOWS\update.tray-2-0\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Dropper) -> Data: C:\WINDOWS\update.tray-7-0\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Trojan.Dropper) -> Data: C:\WINDOWS\services32.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|3864861.exe (Trojan.Agent) -> Data: "C:\WINDOWS\TEMP\3864861.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Data: "C:\WINDOWS\sysdriver32_.exe" rezerv -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7687806.exe (Trojan.Agent) -> Data: "C:\WINDOWS\TEMP\7687806.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9342928.exe (Trojan.Dropper.H) -> Data: "C:\WINDOWS\TEMP\9342928.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Services32.exe|close (Trojan.Agent) -> Data: 0 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\ddservice|ImagePath (Trojan.Agent) -> Data: C:\WINDOWS\update.7.1\svchostdriver.exe srv -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\wxpDrivers|ImagePath (Trojan.Agent) -> Data: C:\WINDOWS\update.1\svchost.exe srv -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Files Detected: 34
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> Delete on reboot.
C:\WINDOWS\SYSDRIVER32.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-2-0\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-7-0\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\SERVICES32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3864861.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSDRIVER32_.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7687806.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\9342928.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fshutdown.exe (HackTool.Shutdown) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2329118.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\41937_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4536576.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4539938.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4583520.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1747739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\959372259.EXE (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\BITCOINMINEROPENCL.CL (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

(end)
[ natasica87 @ 11.01.2012. 23:11 ] @
sad uopste ne mogu da udjem na fejs:(
[ Aleksandar Maletic @ 11.01.2012. 23:23 ] @
Popriličan broj detektovanog malvera.
Za početak isključi System Restore.
Desni klik na ikonicu My Computer pa Properties.
Odaberi karticu System Restore.
Štikliraj opciju Turn off System Restore on all drives i potvrdi sa Ok.
Restartuj računar. Nakon restarta uključi ponovo System Restore.
Postupak je isti, samo deštikliraj opciju Turn Off System Restore on all drives i potvrdi sa Ok.

Preuzmi Dr.Web CureIt.
To je portable antivirus, nije potrebna prethodna instalacija da bi funkcionisao.
Restartuj računar i prilikom podizanja sistema pritiskaj taster F8.
U meniju odaberi opciju Safe Mode.
Pokreni Dr.Web CureIt.
Klikni na Ok kako bi aktivirala Enhanced Protection Mode.
Program će ti ponuditi kupovinu licence, ignoriši ponudu tako što ćes kliknuti na No.
U novonastalom meniju odaberi opciju Start i potvrdi sa Yes.
Pokrenuće se Express scan.
Kada proces skeniranja bude završen, odaberi karticu Statistics.
Ukoliko malware bude detektovan pokušaj prvo da izlečis fajl\ove (Cure).
Postoji mogućnost da ovaj korak ne uspe, u tom slučaju obriši malware (Delete).
Nakon upotrebe ovog antivirusa restartuj Windows.
Javi šta se dešava posle svega ovog.
[ natasica87 @ 12.01.2012. 00:27 ] @
ti si bog
hvala ti punoooooooooooooooooooooooooooooooooooooooooooooooooooooo
sve radi
posle skeniranja je nasao jos cetiri stavke, nije uspeo da ih izleci pa sam ih obrisala
HVALAAAAAAAAAAAAAAAAAAAAA
[ gilopile @ 12.01.2012. 01:02 ] @
Uff, odavno ne videh toliko razlicitih napasnika u jednom racunaru:)

@Natasica87, da li uopste koristis neku AV zastitu? Moj predlog ti je NOD32 neku od novijih verzija, jer u sebi imaju i AntiSpayware zastitu. Pozdrav!
[ Aleksandar Maletic @ 12.01.2012. 02:26 ] @
@natasica87,
Nema na čemu, rado će ti bilo ko od nas pomoći ako zatreba.
Preuzmi neki besplatan antivirus, preporučio bih ti Avast!6. Takođe, povremeno, recimo jednom mesečno izvrši kompletno skeniranje Dr.Web CureIT-om radi sigurnosti. Uvek preuzmi svežu verziju programa.

@gilopile,
Nod32 jeste kvalitetno rešenje ali je ujedno i komercijalan proizvod. Uvek je bolje koristiti besplatan antivirus nego krekovan. Ako se neko odluči da kupi licencu za antivirus, to je već druga priča i to podržavam.
[ gilopile @ 12.01.2012. 02:50 ] @
^
Da, slazem se za krekovanog NODa-a. Da budem iskren, nemam kupljenu licencu, vec preuzet program sa Ofc sajta, a za pass se vec nekako snadjem i sve radi k`o podmazano:) Avast sam dosta dugo koristio i odlican je, ali sam se nedavno dobro opekao i odlucio sam da se vratim na NOD. Mozda je bio moj propust, jer sam mu iskljucio na kratko protekciju...nikad necu saznati da sta se zapravo desilo, te sam ostao bez gomilu fajlova:(
Pozz!
[ zoran_dojkic @ 12.01.2012. 09:55 ] @
Mozda je bio moj propust, jer sam mu iskljucio na kratko protekciju...

To se desilo.
[ natasica87 @ 12.01.2012. 12:24 ] @
ubacila sam esetnod32