MyCity » Ambulanta -> Arhiva Ambulante » Facebook I'll be back hi virus

Facebook I'll be back hi virus

Napisano na dan: 2.11.2011

Facebook I'll be back hi virus
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Nov 2011 20:07
Idi na vrh
offline
  • Pridružio: 02 Nov 2011
  • Poruke: 4

Nadam se da mi mozete pomoci.

Danas sam dobio link od prijatelja na facebook-u i otvorio ga , you tube trazi novu verziju flash playera naivno pokrecem virus i sad imam problem. Ne mogu da pokrenem AVG av uspeo sam da instaliram nod ali posle toga se sistem restartovao i pokrenuo u safe modu a zatim opet restartovao i tako i drugi put pri pokusaju instaliranja AVG antivirusa jer mi je od AVG-a ostao samo shortcut. Nemam problema kao neki sa otvaranjem facebook stranice ali imam sa antivirus programom.

Sistem je 32 bitni i raspolazem kablovskim internetom.

Vidim da je poprilican broj ljudi imao slican problem i da ste im pomogli, hvala unapred!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Milosh at 19:06:08 on 2011-11-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.133 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
"C:\Windows\update.tray-3-0\svchost.exe"
"C:\Windows\update.tray-12-0\svchost.exe"
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Users\Milosh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\program files\browser plugin\BHO.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\users\milosh\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ClickPotatoLiteSA] "c:\program files\clickpotatolite\bin\10.0.666.0\ClickPotatoLiteSA.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-3-0\svchost.exe
mRun: [tray_ico1] c:\windows\update.tray-12-0\svchost.exe
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [4064162.exe] "c:\users\milosh\appdata\local\temp\4064162.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [3194332.exe] "c:\windows\temp\3194332.exe"
mRun: [1335793.exe] "c:\windows\temp\1335793.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\milosh\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{D8B00024-3D01-485D-AB04-FF7C95D60A1F} : DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\milosh\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: QuestBrowse: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} - c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Personas: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\personas@christopher.beard
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: GamePlayLabs Plugin: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\plugin2@gameplaylabs.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg2012\avgwdsvc.exe" --> c:\program files\avg\avg2012\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-4 136176]
S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-4 136176]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-02 16:56:52 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-11-02 16:56:52 -------- d--h--w- c:\windows\update.tray-3-0
2011-11-02 07:49:25 246272 ----a-w- c:\windows\unrar.exe
2011-11-02 07:45:48 -------- d-----w- c:\windows\av_ico
2011-11-02 07:44:13 -------- d--h--w- c:\windows\update.1
2011-11-02 07:44:09 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-11-02 07:44:09 -------- d--h--w- c:\windows\update.tray-12-0
2011-11-02 07:33:30 1206272 ----a-w- c:\windows\services32.exe
2011-10-26 04:19:01 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-12 19:17:35 -------- d-----w- c:\users\milosh\appdata\roaming\AVG2012
2011-10-11 17:41:07 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 17:41:06 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-11 17:41:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 17:41:06 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-11 17:41:05 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-11 17:41:03 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 17:41:02 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-07 20:55:53 -------- d-----w- c:\users\milosh\appdata\local\Facebook
.
==================== Find3M ====================
.
2011-10-25 07:40:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-13 04:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 19:07:42.88 ===============



[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 02 Nov 2011 23:17
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav...



Arrow

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK




Arrow

Potrebno je deinstalirati oštećene AVG i NOD32 antivirusne programe. Idi u Start -> Control Panel -> Programs and Features i deinstaliraj AVG i NOD32. Nakon toga preuzmi sljedeće programe za uklanjanje njihovih ostataka i isprati upustva koja će ti biti prikazana na ekranu.

AVG Removal Utility

NOD32




Arrow

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (lijevi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:

:Processes
killallprocesses

:Files
C:\Windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
C:\Windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
C:\Windows\update.1
c:\windows\unrar.exe
c:\windows\av_ico
c:\program files\browser plugin
c:\program files\clickpotatolite
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\temp\3194332.exe
c:\windows\temp\1335793.exe
c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClickPotatoLiteSA"=-
"wxpdrv"=-
"tray_ico"=-
"tray_ico0"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
"4064162.exe"=-
"sysdriver32.exe"=-
"sysdriver32_.exe"=-
"3194332.exe"=-
"1335793.exe"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984a9162-8891-4d19-8cfe-17648bb4e1ec}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID]
"{984a9162-8891-4d19-8cfe-17648bb4e1ec}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib]
"{984a9162-8891-4d19-8cfe-17648bb4e1ec}"=-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}"=-
"{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}"=-

:Services
srvsysdriver32
wxpdrivers

:Commands
[emptytemp]
[reboot]

Klikni MoveIt!
Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?

kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.




Arrow

Ponovi pokreni DDS i postavi mi njegov izvještaj.







Sass Drake, MyCity AMF tim



Poslao: 03 Nov 2011 00:17
Idi na vrh
offline
  • Pridružio: 02 Nov 2011
  • Poruke: 4

Moram da se pozalim da imam problem prilikom uklanjanja NOD32 zato sto je potrebno da za uklanjanje njegovih ostataka to uradim u safe modu a ja cim predjem u safe mod racunar se restartuje sam nakon nekoilko sekundi tako da nemam dovoljno vremena da uradim sve sto je potrebno iz uputstva sa sajta NOD32 za manualno uklanjanje.

Poslao: 03 Nov 2011 00:26
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preskoči za sad taj dio za NOD32 i nastavi dalje po upustvu koje sam dao.

Poslao: 03 Nov 2011 00:43
Idi na vrh
offline
  • Pridružio: 02 Nov 2011
  • Poruke: 4

Imam jos problema. Nakon koraka :

Klikni MoveIt!

Pojavljuje se poruka :

Confirm ::
The system requires a reboot to finish removing files.
Do you want to reboot now?

i nakon restartovanja ne otvara mi logfile ali za to na desktopu sam dobio 4 nova fajla :

~$DT.docx
~$Decode.doc
desktop.ini
desktop.ini

Poslao: 03 Nov 2011 01:02
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Logfile bi se trebao nalaziti u C:\_OTL\Moved Files. Kopiraj njegov sadržaj u poruku.

Poslao: 03 Nov 2011 01:23
Idi na vrh
offline
  • Pridružio: 02 Nov 2011
  • Poruke: 4

OTM log file :

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Windows\update.tray-3-0 folder moved successfully.
c:\windows\update.tray-3-0-lnk folder moved successfully.
C:\Windows\update.tray-12-0 folder moved successfully.
c:\windows\update.tray-12-0-lnk folder moved successfully.
C:\Windows\update.1 folder moved successfully.
c:\windows\unrar.exe moved successfully.
c:\windows\av_ico folder moved successfully.
c:\program files\Browser Plugin folder moved successfully.
File/Folder c:\program files\clickpotatolite not found.
c:\windows\services32.exe moved successfully.
File/Folder c:\windows\sysdriver32.exe not found.
File/Folder c:\windows\sysdriver32_.exe not found.
File/Folder c:\windows\temp\3194332.exe not found.
File/Folder c:\windows\temp\1335793.exe not found.
DllUnregisterServer procedure not found in c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll moved successfully.
c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences folder moved successfully.
c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults folder moved successfully.
c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome folder moved successfully.
c:\program files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\META-INF folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\defaults\preferences folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\defaults folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\chrome\locale\en-US folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\chrome\locale folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\chrome\content folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com\chrome folder moved successfully.
c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\plugin2@gameplaylabs.com folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ClickPotatoLiteSA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4064162.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3194332.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1335793.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984a9162-8891-4d19-8cfe-17648bb4e1ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984a9162-8891-4d19-8cfe-17648bb4e1ec}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\{984a9162-8891-4d19-8cfe-17648bb4e1ec} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984a9162-8891-4d19-8cfe-17648bb4e1ec}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\\{984a9162-8891-4d19-8cfe-17648bb4e1ec} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984a9162-8891-4d19-8cfe-17648bb4e1ec}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
========== SERVICES/DRIVERS ==========
Service srvsysdriver32 stopped successfully!
Service srvsysdriver32 deleted successfully!
Service wxpdrivers stopped successfully!
Service wxpdrivers deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81569 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Milosh
->Temp folder emptied: 289773685 bytes
->Temporary Internet Files folder emptied: 574414105 bytes
->Java cache emptied: 4567060 bytes
->FireFox cache emptied: 56144476 bytes
->Google Chrome cache emptied: 277967351 bytes
->Flash cache emptied: 142469 bytes


DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Milosh at 1:17:08 on 2011-11-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.157 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Users\Milosh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\users\milosh\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\milosh\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\milosh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{D8B00024-3D01-485D-AB04-FF7C95D60A1F} : DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\users\milosh\appdata\roaming\mozilla\firefox\profiles\m0ou6u4h.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\milosh\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Personas: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\personas@christopher.beard
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
.
============= SERVICES / DRIVERS ===============
.
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-4 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-4 136176]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-02 23:29:17 -------- d-----w- C:\_OTM
2011-10-26 04:19:01 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-12 19:17:35 -------- d-----w- c:\users\milosh\appdata\roaming\AVG2012
2011-10-11 17:41:07 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 17:41:06 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-11 17:41:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 17:41:06 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-11 17:41:05 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-11 17:41:03 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 17:41:02 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-07 20:55:53 -------- d-----w- c:\users\milosh\appdata\local\Facebook
.
==================== Find3M ====================
.
2011-10-25 07:40:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 1:18:06.45 ===============


[Link mogu videti samo ulogovani korisnici]

Poslao: 03 Nov 2011 12:53
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

U tvom sistemu nema više tragova aktivne infekcije.
Izbriši folder C:\_OTM i programe korišćene tokom riješavanja slučaja.



Arrow

Ukloni ostatke NOD32 (kako je objašnjeno u prethodnom upustvu) i nakon toga instaliraj neki AV program. Nemoj koristiti piratske verzije AV programa, a ako nemaš novaca ili nemaš namjeru da ga daješ na komercijalne AV programe, imaš odličan izbor besplatnih AV programa poput Avasta, Avire, AVG, MSE, Panda Cloud, itd.




Arrow

- Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.

Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obavještenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici]

Više o MCShield-u možeš saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici]




Arrow

Obavezno posjeti temu Testirajte da li vam je pretrazivac ranjiv, pročitaj i isprati link koji stoji u njoj.






Pozdrav,
Sass Drake, MyCity AMF tim

MyCity » Ambulanta -> Arhiva Ambulante » Facebook I'll be back hi virus

Ko je trenutno na forumu
 

Ukupno su 2004 korisnika na forumu :: 118 registrovanih, 14 sakrivenih i 1872 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100jan, 357magnum, _Rade, A.R.Chafee.Jr., Aleksej, alex71, amonsrb, Arsenije, babaroga, bankulen, bobor, Bobrock1, bokicacar, Boroš, Brada64, brkan1, Centauro, CikaKURE, Cluster69, Colt D, cvrle312, darkojbn, DezurniOperativni, Dimitrije Paunovic, Dimitrise93, Dioniss, Djokislav, djordjemiklusev, Doca, dragan_mig31, Draganeli, draganl, drgrozozo, drimer, due, dusanobr, dzada, EVIDENTICAR, ginjica, gorankuba, Gorilo_1991, gripen, GrobarPovratak, GveX, hatman, HrcAk47, IvanMiletic, Jeremiah, JK, Jomini, Jovan.D, Kubovac, Marko Marković, Marko00, mat, MDrasko, Medojed, mercedesamg, Mercury, metallac777, Metanoja, MiGac, Milometer, Milos ZA, Mitogna, Mrav Obrad, mux, Natuzzi, neutrino, nextyamb, nick79, nikoladim, niksa517, novator, nuke92, okopanja, Orlova, Otto Grunf, Pale2025, Parker, pein, Petar J, picknick, pisac12, pobeda, probisic, raster12, RJ, Romuluss, sap, savaskytec, Sharpshooter, Shinobi, skvara, Smajser, Smiljkovich, sony771, SOVO515, Srle993, StrahinjicOgnjen, tooooom, Tragač, tuf, Tunguska55, vathra, vidra boy, vobo, voja64, Wepp, wizzardone, XBMC, YU-UKI, Zastava, Zerajic, Zgembo78, |_MeD_|, Ćuk, Čivi