MyCity » Ambulanta -> Arhiva Ambulante » malwarebytes deektovao viruse

malwarebytes deektovao viruse

Napisano na dan: 21.5.2012
1

malwarebytes deektovao viruse
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Maj 2012 17:50
Idi na vrh
offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

Napisano: 21 Maj 2012 17:41

pozdrav!

kako mi je malware detektovao viruse, pomoc mi je potrebna u brisanju istih.
ovo je log, a sad cu da uradim po pravilima ambulante i da postavim logove drugih programa.


mycity.rs/must-login.png

Dopuna: 21 Maj 2012 17:50

vajrles mi je internet i sad ukljucim komp instaliran nekakav program knowledge...sinoc ne vidjoh da je ista instalirano!!!!!!!

dds:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by mir at 17:44:21 on 2012-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1336 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
mRun: [HotkeyApp] c:\program files\launch manager\HotkeyApp.exe
mRun: [LMgrVolOSD] c:\program files\launch manager\OSD.exe
mRun: [LMgrOSD] c:\program files\launch manager\OSDCtrl.exe
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{2B11AB81-E419-4483-8E03-F5E6B1104DB0} : DhcpNameServer = 212.186.211.21 195.34.133.21
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mir\application data\mozilla\firefox\profiles\btszqpyl.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\documents and settings\mir\application data\mozilla\firefox\profiles\btszqpyl.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S1 mailKmd;mailKmd; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2012-3-17 28160]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 129976]
.
=============== Created Last 30 ================
.
2012-05-19 16:34:55 -------- d-----w- c:\documents and settings\mir\application data\FLAC to MP3 Converter
2012-05-19 16:34:36 -------- d-----w- c:\documents and settings\mir\application data\Toolbar4
2012-05-19 16:34:28 -------- d-----w- c:\program files\FLAC to MP3 Converter
2012-05-14 04:36:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-14 04:36:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-14 04:35:28 -------- d-----w- c:\program files\iPod
2012-05-14 04:35:10 -------- d-----w- c:\program files\iTunes
2012-05-14 04:34:31 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-05-14 04:34:31 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-14 04:34:07 -------- d-----w- c:\program files\Bonjour
2012-05-14 04:11:51 -------- d-----w- c:\documents and settings\mir\application data\Malwarebytes
2012-05-14 04:11:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-14 04:11:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 04:11:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 18:40:18 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-13 16:59:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-13 16:59:21 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-13 16:59:21 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-10 17:14:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 17:14:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-10 16:30:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-10 16:30:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 06:57:10 545 ----a-w- c:\windows\UC.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\RAR.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\PKZIP.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\LHA.PIF
2012-02-28 06:57:10 545 ----a-w- c:\windows\ARJ.PIF
.
============= FINISH: 17:44:42.00 ===============

mycity.rs/must-login.png

Poslao: 21 Maj 2012 19:31
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav ramzesV

Isprati detaljno uputsva za otvaranje teme. Fale GMER1,GMER2.GMER3 logovi ili RootRepeal log.

NIx Car(AMF Tim)

Poslao: 21 Maj 2012 20:47
Idi na vrh
offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

Napisano: 21 Maj 2012 19:42

znam, znam stize i to ubrzo (nadam se)!!

Dopuna: 21 Maj 2012 20:47

Gmer logovi:


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 21 Maj 2012 20:47

OTL:

OTL logfile created on: 21.05.2012 8:44:06 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\mir\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yyyy

1.75 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 56.91% Memory free
3.60 Gb Paging File | 3.03 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.77 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive F: | 1862.98 Gb Total Space | 1155.95 Gb Free Space | 62.05% Space Free | Partition Type: NTFS

Computer Name: MIKI | User Name: mir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.21 20:43:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mir\Desktop\OTL.exe
PRC - [2012.05.21 17:51:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\4ugkoidc.exe
PRC - [2012.05.13 18:59:20 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.28 08:57:10 | 003,737,000 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.07.28 12:08:34 | 000,057,344 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2005.07.25 14:34:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2005.07.25 11:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2005.03.16 14:52:02 | 000,204,800 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.21 17:51:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\4ugkoidc.exe
MOD - [2012.05.13 18:59:20 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.05.04 19:35:06 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.03.10 17:50:27 | 003,379,200 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_69ab25aa\mscorlib.dll
MOD - [2012.03.10 17:50:21 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b7803dc0\system.drawing.dll
MOD - [2012.03.10 17:50:14 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8080ffcb\system.xml.dll
MOD - [2012.03.10 17:50:06 | 003,014,656 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5ae39a25\system.windows.forms.dll
MOD - [2012.03.10 17:49:45 | 001,953,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_02d15e77\system.dll
MOD - [2012.03.10 17:49:34 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.03.10 17:49:33 | 001,257,472 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012.03.10 17:49:32 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012.03.10 17:49:31 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012.03.10 17:49:31 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2012.03.10 17:49:30 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.03.10 17:49:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.03.09 23:01:00 | 000,968,704 | ---- | M] () -- C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.04.14 06:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.04.14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.10.19 12:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005.07.25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
MOD - [2005.07.25 14:34:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
MOD - [2005.07.25 11:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.13 18:59:21 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.10 19:14:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\mir\LOCALS~1\Temp\pxtdypod.sys -- (pxtdypod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\mir\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009.07.07 10:53:04 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008.05.06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006.05.16 18:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.09 00:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.27 06:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.11.10 04:51:38 | 000,854,404 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.11.01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.11.01 18:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.09.15 01:49:52 | 000,468,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = bigseekpro.com/search/browser/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012.03.10 20:08:28 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.13 18:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.13 21:01:36 | 000,000,000 | ---D | M]

[2012.03.10 18:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mir\Application Data\Mozilla\Extensions
[2012.05.21 16:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\extensions
[2012.03.17 14:23:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.03.16 23:21:59 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2012.03.10 19:04:08 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\extensions\support@lastpass.com
[2012.03.10 18:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.10 18:54:13 | 000,275,540 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MIR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BTSZQPYL.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.03.10 20:08:28 | 000,102,233 | ---- | M] () (No name found) -- C:\PROGRAM FILES\FBPHOTOZOOM\FBPHOTOZOOM13.XPI
[2012.05.13 18:59:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.16 12:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B11AB81-E419-4483-8E03-F5E6B1104DB0}: DhcpNameServer = 212.186.211.21 195.34.133.21
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.10 17:35:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.21 20:43:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mir\Desktop\OTL.exe
[2012.05.21 17:44:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mir\My Documents\My Videos
[2012.05.21 17:44:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012.05.21 17:44:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mir\Start Menu\Programs\Administrative Tools
[2012.05.21 17:42:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\mir\Desktop\dds.scr
[2012.05.19 22:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2012.05.19 18:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Application Data\FLAC to MP3 Converter
[2012.05.19 18:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Application Data\Toolbar4
[2012.05.19 18:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC to MP3 Converter
[2012.05.19 18:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC to MP3 Converter
[2012.05.19 18:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Application Data\WinRAR
[2012.05.16 20:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012.05.14 06:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012.05.14 06:36:59 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012.05.14 06:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.14 06:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.14 06:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.14 06:34:31 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2012.05.14 06:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.05.14 06:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.05.14 06:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Application Data\Malwarebytes
[2012.05.14 06:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.14 06:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.05.14 06:11:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.14 06:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.13 20:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.05.13 20:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012.05.13 18:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.13 18:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.05.03 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Desktop\vaulation
[2012.04.26 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\Start Menu\Programs\Microsoft Press
[2012.04.26 22:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mir\My Documents\Microsoft Press
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[149 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.21 20:43:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mir\Desktop\OTL.exe
[2012.05.21 20:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.21 17:51:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\4ugkoidc.exe
[2012.05.21 17:42:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\mir\Desktop\dds.scr
[2012.05.21 16:49:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.20 11:24:45 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\mir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.19 13:36:21 | 010,635,664 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\51-robbie-williams-angels.mp3
[2012.05.17 11:51:25 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Phantom.lnk
[2012.05.16 20:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.11 20:24:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.05.10 19:14:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.10 19:14:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.08 18:53:12 | 000,488,591 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\B101Cd01.pdf
[2012.05.04 20:17:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012.04.29 20:21:34 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\mir\Desktop\Shortcut to s4_1.lnk
[2012.04.23 22:12:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[149 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.21 17:51:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mir\Desktop\4ugkoidc.exe
[2012.05.19 13:35:51 | 010,635,664 | ---- | C] () -- C:\Documents and Settings\mir\Desktop\51-robbie-williams-angels.mp3
[2012.05.14 06:34:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.14 06:34:43 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012.05.11 20:24:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.05.08 18:54:26 | 000,488,591 | ---- | C] () -- C:\Documents and Settings\mir\Desktop\B101Cd01.pdf
[2012.05.04 20:17:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012.04.29 20:21:34 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\mir\Desktop\Shortcut to s4_1.lnk
[2012.04.01 13:56:49 | 000,026,084 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.03.10 19:42:35 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\mir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.10 18:22:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.03.10 18:21:02 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.10 18:12:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\mir\Local Settings\Application Data\fusioncache.dat
[2012.03.10 18:07:48 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.03.10 18:04:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012.03.10 18:04:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.03.10 18:00:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2012.03.10 18:00:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2012.03.10 18:00:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2012.03.10 18:00:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2012.03.10 18:00:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2012.03.10 18:00:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2012.03.10 18:00:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2012.03.10 18:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2012.03.10 18:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2012.03.10 17:54:49 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2012.03.10 17:52:52 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2012.03.10 17:44:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.03.10 17:39:36 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012.03.10 17:32:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

mycity.rs/must-login.png

Poslao: 22 Maj 2012 23:57
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

@ramzesV Izvini sto si cekala.

Malwarebytes je detektovao malware i uklonio ga je. Ostaje nam jos samo da potucemo neke zaostale ostatke...


Arrow Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


:OTL
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/accmeware/{D8649EE8-3F74-4762-BAC7-AF6A22662DFA}?q={searchTerms}

:files
C:\Documents and Settings\mir\Application Data\Toolbar4

:Commands
[emptytemp]
[emptyflash]
[emptyjava]
[Reboot]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.
Reci mi kako ti sad radi kompjuter.

Poslao: 24 Maj 2012 21:49
Idi na vrh
offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

koliko vremenski dugo sve to traje, jer kod mene gotovo sat vremena od kad sam kliknula na run fix i nista se ne desava?

Poslao: 24 Maj 2012 23:14
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Traje veoma kratko a potom trazi restart.

Obrisi taj OTL , preuzmi svez OTL i pokreni ga i ponovo isprati uputstvo za script.
Izmenio sam gornji script.

Poslao: 04 Jun 2012 19:04
Idi na vrh
offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

sorry, bila na nekom putu, sad dosla.
ok radi...
evo log:

All processes killed
========== OTL ==========
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
========== FILES ==========
C:\Documents and Settings\mir\Application Data\Toolbar4 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mir
->Temp folder emptied: 191708994 bytes
->Temporary Internet Files folder emptied: 60669912 bytes
->Java cache emptied: 30393 bytes
->FireFox cache emptied: 44373862 bytes
->Flash cache emptied: 3260 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 619521 bytes

%systemdrive% .tmp files removed: 325911076 bytes
%systemroot% .tmp files removed: 2551211 bytes
%systemroot%\System32 .tmp files removed: 43457881 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 595968 bytes

Total Files Cleaned = 639.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: mir
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: mir
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.0 log created on 06042012_185846

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Poslao: 04 Jun 2012 19:17
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Bravo, to je to. Rekao bih da je problem resen? Ima li nekih problema u radu?

Poslao: 04 Jun 2012 20:14
Idi na vrh
offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

nema, mozda malo brze radi.

hvala na pomoci!!!

Poslao: 04 Jun 2012 20:18
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Nema na cemu. Wink

Ponovo pokreni OTL i klikni na CleanUp!. Ovo ce uninstallirati OTL.
Takodje, mozes obrisati koriscene alate. To je to Wink

MyCity » Ambulanta -> Arhiva Ambulante » malwarebytes deektovao viruse

Ko je trenutno na forumu
 

Ukupno su 985 korisnika na forumu :: 54 registrovanih, 9 sakrivenih i 922 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, babaroga, Ben Roj, Bubimir, cavatina, Centauro, CikaKURE, Dannyboy, Denaya, Dimitrise93, djboj, dragoljub11987, Georgius, grenadir, hatman, HrcAk47, Još malo pa deda, Karla, kolle.the.kid, Lieutenant, Lucije Kvint, mercedesamg, mile23, milenko crazy north, milutin134, Mixelotti, Mlav, ObelixSRB, Oscar, pein, Petar35, raptorsi, RJ, Sir Budimir, SlaKoj, slonic_tonic, SR-3m, Srle993, stegonosa, Sumadija34, theNedjeljko, tmanda323, Trpe Grozni, trundle, Tvrtko I, vaso1, vathra, Vatreni Zmaj, Vlada1389, YU-UKI, zeo, zillbg, šumar bk2