[ kile7 @ 03.05.2013. 09:08 ] @
Pozdrav svima, pre neki dan dan sam skinuo neki program i kad sam ga otvorio, moj kompjuter, kao i antivirus su poludeli.
Pise da imam virus Beast. Nemam desktop, desni klik radi sam kad sam u nekom folderu, komp je mnogo usporio, nestalo je vreme na start baru-u...
Probao sam da skeniram sa SpyHunter-om...

Slika: http://img853.imageshack.us/img853/9311/41811214.png

Molim za pomoc! Hvala

[Ovu poruku je menjao kile7 dana 03.05.2013. u 10:23 GMT+1]
[ Aleksandar Maletic @ 04.05.2013. 12:23 ] @
Pozdrav!
• Preuzmite i instalirajte program Malwarebytes' Anti-Malware.
• Pokrenite ga i izvršite update (Update > Check for Updates) i po završetku potvrdite sa OK.





• Posle update-a odaberite Scanner, označite Perform full scan i pritisnite Scan.




• Kada se skeniranje završi pritisnite OK, pa Show Results da vidite izveštaj.




• Proverite da li su svi pronađeni fajlovi štiklirani (ako nisu - štiklirajte ih), pritisnite Remove Selected i potvrdite sa OK.




• Program će vas upitati da restartujes računar i vi to potvrdite.
• Takođe posle uklanjanje malware-a sa računara dobićete log fajl (izveštaj) koji ćete iskopirati u temi.


[ kile7 @ 04.05.2013. 19:41 ] @
Ovo je log file:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.04.07

Windows 7 Service Pack 1 x64 NTFS
kkoncar :: KRISTIJANK [administrator]

Protection: Disabled

4.5.2013 18:36:01
mbam-log-2013-05-04 (18-36-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240541
Time elapsed: 1 hour(s), 6 minute(s), 22 second(s) [aborted]

Memory Processes Detected: 2
C:\Users\kkoncar\Music\Simple Rat\srv.exe (Trojan.Agent.Gen) -> 4592 -> No action taken.
C:\Windows\patch.exe (Backdoor.Netbus) -> 3384 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} (Backdoor.BeastDoor) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} (Backdoor.BeastDoor) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Jkay (Trojan.Agent.Gen) -> Data: C:\Users\kkoncar\AppData\Roaming\Microsoft\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|patch (Backdoor.Netbus) -> Data: C:\Windows\patch.exe /nomsg -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 54
C:\Intel\Logs\My things\Copy\SA\CyberGate v1.07.5\CyberGate v1.07.5.exe (Backdoor.Agent.PS) -> No action taken.
C:\Intel\Logs\My things\Copy\SA\Havij 1.15 - Advanced SQL Injector\Havij 1.15 Free.exe (PUP.HackTool.Havis) -> No action taken.
C:\Intel\Logs\My things\Copy\SA\Saint Andrews Assembly Changer\Saint Andrew's Assembly Changer\Dissembler Lib.dll (Trojan.Agent) -> No action taken.
C:\Intel\Logs\My things\Copy\SA\Saint Andrews Assembly Changer\Saint Andrew's Assembly Changer\Saint Andrew's Assembly Changer.exe (Trojan.Agent) -> No action taken.
C:\Intel\Logs\My things\Copy\SA\Saint Andrews Keylogger v3.1\Saint Andrew's Keylogger v3.1\Server.exe (Backdoor.XRat) -> No action taken.
C:\Intel\Logs\My things\Copy\SA\Saint Andrews Keylogger v3.1\Saint Andrew's Keylogger v3.1\Stub.exe (Backdoor.XRat) -> No action taken.
C:\Intel\Logs\My things\Copy\Webdav Shell Maker.zip (PUP.Hacktool) -> No action taken.
C:\Intel\Logs\My things\Copy\setup_3_3_1_1.exe (PUP.DesktopShark) -> No action taken.
C:\Intel\Logs\My things\Programs\Pasword viewer\Hook.dll (PUP.PasswordSpy) -> No action taken.
C:\Intel\Logs\My things\Programs\ProRat_v1.9\ProRat.exe (PUP.Prorat) -> No action taken.
C:\Intel\Logs\My things\Programs\WPE PRO\WPE PRO.exe (HackTool.Sniffer.WpePro) -> No action taken.
C:\Intel\Logs\My things\Programs\WPE PRO\WpeSpy.dll (HackTool.Sniffer.WpePro) -> No action taken.
C:\Intel\Logs\My things\Programs\WPE PRO\wpepro09mod.zip (HackTool.Sniffer.WpePro) -> No action taken.
C:\Intel\Logs\My things\Programs\WPE PRO\wpepro09mod\WPE PRO - modified.exe (HackTool.Sniffer.WpePro) -> No action taken.
C:\Intel\Logs\My things\Programs\WPE PRO\wpepro09mod\WpeSpy.dll (HackTool.Sniffer.WpePro) -> No action taken.
C:\Intel\Logs\My things\Python\Win_Debuger\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\msdg_matred\Interface\Stress.EXE (Joke.Stressreducer) -> No action taken.
C:\Users\Windows\Desktop\Pasword viewer\Hook.dll (PUP.PasswordSpy) -> No action taken.
C:\Users\Windows\Downloads\sims_3_crack_only_Skidrow_rar.exe (PUP.Adware.Agent) -> No action taken.
C:\Users\kkoncar\Documents\Pro RAT 1.9\ProRat.exe (PUP.Prorat) -> No action taken.
C:\Users\kkoncar\Downloads\Albertino RAT\Albertino RAT\BS\bin\Debug\BS.exe (Backdoor.MSIL.P) -> No action taken.
C:\Users\kkoncar\Downloads\Albertino RAT\Albertino RAT\BS\obj\Debug\BS.exe (Backdoor.MSIL.P) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT.rar (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Rat\ShadowTech Rat\Resources\ShadowTech Server.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Server\ShadowTech Server\bin\Debug\ShadowTech Rat.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Server\ShadowTech Server\bin\Release\ShadowTech Rat.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Server\ShadowTech Server\obj\Release\ShadowTech Rat.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Server\ShadowTech Server\obj\x86\Debug\ShadowTech Rat.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Downloads\Shadow Tech RAT\STR\ShadowTech Server\ShadowTech Server\obj\x86\Release\ShadowTech Rat.exe (Trojan.MSIL) -> No action taken.
C:\Users\kkoncar\Music\Simple Rat\Stub.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\kkoncar\Music\Simple Rat\Stub\Client\obj\Debug\Stub.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\kkoncar\Music\Simple Rat\srv.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\kristijan\Documents\Shared folder\RootKit.exe (PUP.Hacktool) -> No action taken.
C:\Users\kristijan\Downloads\Adobe Dreamweaver CS6 12.0.1 build 5842 (LS6) Multilanguage [ChingLiu]\Cracked dll\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\kristijan\Downloads\Adobe Dreamweaver CS6 12.0.1 build 5842 (LS6) Multilanguage [ChingLiu]\Cracked dll\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\kristijan\Downloads\Downloads 2\1\Havij1.15Free.rar (PUP.HackTool.Havis) -> No action taken.
C:\Users\kristijan\Downloads\setup_3_3_1_1.zip (PUP.DesktopShark) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3116623522-4246057855-2152703389-3674\$RC97Q7G\Unreal-Rage Public v8\Unreal-Rage Public v8.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter\patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{193A28B6-04C8-4ACC-BF72-10346E18064D}-nbpro210.exe (Backdoor.Netbus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BAF11CCA-C01C-4AA8-8223-6211124CD340}-nbpro210.exe (Backdoor.Netbus) -> Quarantined and deleted successfully.
C:\Users\kkoncar\AppData\Local\Temp\Temp1_wpepro09mod.zip\WPE PRO - modified.exe (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
C:\Users\kkoncar\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\kkoncar\Documents\sd.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\kkoncar\Downloads\nbpro210.exe (Backdoor.Netbus) -> Quarantined and deleted successfully.
C:\Users\kristijan\Downloads\Downloads 2\1\Saint Andrew’s File Downloader.rar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\fservice.exe (Backdoor.Prorat) -> Quarantined and deleted successfully.
C:\Windows\System32\mstvqg.com (Backdoor.BeastDoor) -> Quarantined and deleted successfully.
C:\Windows\System32\reginv.dll (Backdoor.Prorat) -> Delete on reboot.
C:\Windows\System32\winkey.dll (Backdoor.ProRat) -> Delete on reboot.
C:\Windows\WirelessKeyView.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
C:\Windows\patch.exe (Backdoor.Netbus) -> Delete on reboot.
C:\Windows\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Windows\services.exe (Backdoor.Prorat) -> Delete on reboot.
C:\Windows\system\sservice.exe (Backdoor.Prorat) -> Quarantined and deleted successfully.

(end)
[ Aleksandar Maletic @ 05.05.2013. 13:05 ] @
Ponovite postupak, ali obratite pažnju da nakon skeniranja selektujete sve objekte i obrišete.