Posle skeeniranja izbacuje sledeći info:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Verzija baze: 7064
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
10.07.11 21:18:25
mbam-log-2011-07-10 (21-18-21).txt
Način skeniranja: Brzo skeniranje
Skeniranih objekata 139452
Proteklo vreme 8 minuta(e), 45 sekundi
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 3
Inficirane vrednosti u registru: 2
Inficirani podaci u registru: 4
Inficirane fascikle: 5
Inficirane datoteke: 0
Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronađene)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronađene)
Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.
Inficirane vrednosti u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Value: csrcs -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\csrcs (Trojan.Agent) -> Value: csrcs -> No action taken.
Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.
Inficirane fascikle:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> No action taken.
Inficirane datoteke:
(Maliciozne stavke nisu pronađene)
Šta se od ovog može bezbedno obrisati tj. staviti u karantin?
Ovo pitam jer je ovaj program ranije znao da obori sistem jer je prijavljivao za brisanje i legitimne procese