Kako ukloniti AntiVir2010?

1

Kako ukloniti AntiVir2010?

offline
  • Pridružio: 01 Maj 2007
  • Poruke: 170
  • Gde živiš: Bečej

kako da izbrishem neki AntiVir 2010 koji se sam skinuo,sam se pokrece bezveze..izashla ikonica na toolbaru,žuto plava je...izađe gett full version i traži da se plati za uslugu 50$...nemogu da ga izbrišem,pre svakog otvaranja bilo kog sajta prvo izađe to...šta da radim?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

robhood ::kako da izbrishem neki AntiVir 2010 koji se sam skinuo,sam se pokrece bezveze..izashla ikonica na toolbaru,žuto plava je...izađe gett full version i traži da se plati za uslugu 50$...nemogu da ga izbrišem,pre svakog otvaranja bilo kog sajta prvo izađe to...šta da radim?

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 01 Maj 2007
  • Poruke: 170
  • Gde živiš: Bečej

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Gde je DDS log?

offline
  • Pridružio: 01 Maj 2007
  • Poruke: 170
  • Gde živiš: Bečej

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

robhood ::https://www.mycity.rs/must-login.png

Sta je ovo? Razz

Treba mi log programa DDS. U uputstvu za otvaranje teme, se taj log prvi trazi.

Skini program, skeniraj pa postavi log.

offline
  • Pridružio: 01 Maj 2007
  • Poruke: 170
  • Gde živiš: Bečej

nijedan dds nemogu pokrenuti zbog antivir 2010....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 01 Maj 2007
  • Poruke: 170
  • Gde živiš: Bečej

ComboFix 10-01-21.08 - User 23-Jan-10 5:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.619 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\ShoppingReport
c:\documents and settings\User\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\User\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\User\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\User\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\User\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\User\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\User\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\program files\av
c:\program files\av\antivir.exe
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\AV\Uninstall.lnk
c:\program files\Mozilla Thunderbird\plc4.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\system32\UpdateCheck.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 04:19 . 2010-01-23 04:19 53248 ----a-w- c:\temp\catchme.dll
2010-01-23 04:01 . 2010-01-23 04:01 -------- d-----w- c:\temp\WPDNSE
2010-01-22 20:35 . 2010-01-23 04:18 -------- d-----w- c:\temp\14.tmp
2010-01-22 20:35 . 2010-01-23 04:18 -------- d-----w- c:\temp\13.tmp
2010-01-22 20:35 . 2010-01-23 04:18 -------- d-----w- c:\temp\12.tmp
2010-01-22 20:35 . 2010-01-23 04:18 -------- d-----w- c:\temp\11.tmp
2010-01-22 20:35 . 2010-01-23 04:18 -------- d-----w- c:\temp\10.tmp
2010-01-22 20:33 . 2010-01-23 04:18 -------- d-----w- c:\temp\E.tmp
2010-01-22 20:33 . 2010-01-23 04:18 -------- d-----w- c:\temp\D.tmp
2010-01-22 20:33 . 2010-01-23 04:18 -------- d-----w- c:\temp\C.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\A.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\9.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\8.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\7.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\6.tmp
2010-01-22 20:29 . 2010-01-23 04:18 -------- d-----w- c:\temp\5.tmp
2010-01-22 20:28 . 2010-01-23 04:18 -------- d-----w- c:\temp\4.tmp
2010-01-21 19:42 . 2010-01-23 04:18 -------- d-----w- c:\temp\21.tmp
2010-01-21 19:41 . 2010-01-23 04:18 -------- d-----w- c:\temp\20.tmp
2010-01-21 19:40 . 2010-01-23 04:18 -------- d-----w- c:\temp\1F.tmp
2010-01-05 15:06 . 2010-01-23 04:18 -------- d-----w- c:\temp\.zylominstallertemp1262704015
2010-01-01 09:43 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 04:19 . 2008-09-10 08:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-23 04:02 . 2008-09-10 14:40 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-23 04:01 . 2008-09-10 08:25 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org2
2010-01-22 20:23 . 2008-09-10 14:42 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-21 18:49 . 2008-09-10 08:12 -------- d-----w- c:\program files\FlashGet
2010-01-20 12:42 . 2008-11-11 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-14 14:30 . 2008-09-10 08:25 1 ----a-w- c:\documents and settings\User\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-14 14:26 . 2008-09-10 07:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 15:06 . 2009-02-07 20:12 -------- d-----w- c:\program files\Zylom Games
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-23 124928]

c:\documents and settings\User\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10-Sep-08 9:26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10-Sep-08 9:26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10-Sep-08 9:26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10-Sep-08 9:26 297752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-Sep-08 9:31 685816]
S3 asbp2poa;asbp2poa;\??\c:\temp\asbp2poa.sys --> c:\temp\asbp2poa.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-11 05:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Letöltés a FlashGet-tel - c:\progra~1\FlashGet\jc_link.htm
IE: Minden letöltése a FlashGet-tel - c:\progra~1\FlashGet\jc_all.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\bufbkznl.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -

BHO-{D34D56E9-B37B-4C37-A854-1AC144592D5C} - c:\windows\system32\UpdateCheck.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
AddRemove-Drawing for Children 2.2 - c:\documents and settings\User\Desktop\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-23 05:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-23 05:21:35
ComboFix-quarantined-files.txt 2010-01-23 04:21

Pre-Run: 9,940,217,856 bytes free
Post-Run: 10,070,827,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8C7PYW noguiboot
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=8C7PYW-BAK

- - End Of File - - 7B8B85901E403DA40921AF16E2C43630

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
asbp2poa

File::
c:\temp\asbp2poa.sys

DDS::
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll

DirLook::
c:\temp\14.tmp



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 941 korisnika na forumu :: 26 registrovanih, 4 sakrivenih i 911 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bojankrstc, Boris90, Brana01, Bubimir, cenejac111, CikaKURE, ikan, ivan1973, janbo, jeen yuhs, Kibice, kolle.the.kid, Kubovac, laki_bb, Lieutenant, Mcdado, mcgunner, nick79, Srle993, StefanNBG90, tomigun, tubular, vladaa012, x9