Ne umem!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Ni sam ne znam sta se i kada desilo. Avira je pocela da opominje da imam neko djubre. U ove stvari se ni malo ne rezumem. Jedino sto ja mogu da uradim je da skeniram i predlozim brisanje ali to sam radio nekoliko puta. Svaki put kada se sistem podigne opet se pojavljuje isti problem. Nije obrisano!!!
Evo slike ako nesto znaci:


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,



Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:OTL
SRV - [2011/12/27 17:38:45 | 000,019,456 | ---- | M] () [Auto | Running] -- C:\Users\srdjan\Application Data\Microsoft\VfxdSys Drivers\vfxdsysadm.exe -- (VFXDSys Compatibility Synchronisation)
FF - prefs.js..extensions.enabledItems: plugin3@gameplaylabs.com:3.0
 [2011/04/20 22:03:47 | 000,000,000 | ---D | M] (Media Plugin) -- C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2011/01/03 09:39:53 | 000,000,000 | ---D | M]     
[2011/01/03 09:39:53 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM
CHR - Extension: Media Plugin = C:\Users\srdjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\2.0_0\
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

:Files
C:\Program Files (x86)\AutocompletePro\
C:\Users\srdjan\Application Data\Microsoft\VfxdSys Drivers\

:Commands
[purity]
[EmptyTemp]
[Reboot]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 28 Dec 2011 14:31

All processes killed
========== OTL ==========
Error: No service named VFXDSys Compatibility Synchronisation was found to stop!
Service\Driver key VFXDSys Compatibility Synchronisation not found.
C:\Users\srdjan\Application Data\Microsoft\VfxdSys Drivers\VfxdSysAdm.exe moved successfully.
Prefs.js: plugin3@gameplaylabs.com:3.0 removed from extensions.enabledItems
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\META-INF folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\defaults\preferences folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\defaults folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\chrome\locale\en-US folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\chrome\locale folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\chrome\content folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com\chrome folder moved successfully.
C:\Users\srdjan\AppData\Roaming\Mozilla\Firefox\Profiles\bt2s6scg.default\extensions\plugin3@gameplaylabs.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com not found.
C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM folder moved successfully.
C:\Users\srdjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\2.0_0 folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webscache.com\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
========== FILES ==========
C:\Program Files (x86)\AutocompletePro folder moved successfully.
C:\Users\srdjan\Application Data\Microsoft\VfxdSys Drivers folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: srdjan
->Temp folder emptied: 28286813 bytes
->Temporary Internet Files folder emptied: 11169500 bytes
->Java cache emptied: 458583 bytes
->FireFox cache emptied: 48898736 bytes
->Google Chrome cache emptied: 101977213 bytes
->Flash cache emptied: 3789 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16493560 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12282011_142758

Files\Folders moved on Reboot...
C:\Users\srdjan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Dopuna: 28 Dec 2011 15:03

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje na računaru, ima li problema?



Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Dec 2011 20:19

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
srdjan :: SRDJAN-PC [administrator]

12/28/2011 7:52:19 PM
mbam-log-2011-12-28 (19-52-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176611
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msjavadll (Bot.Jnana) -> Data: javaw -jar "C:\Users\srdjan\.jnana\jnana.tsa" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana (Bot.jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\x64 (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x86 (Bot.jnana) -> Quarantined and deleted successfully.

Files Detected: 47
C:\Users\srdjan\.jnana\jnana.tsa (Bot.Jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\aft.html (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\binp3 (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\body.html (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\cad.scp (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\error.gif (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\hec3pt (Bot.jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\hek9b (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\image.gif (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\index.html (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\java.png (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\ki4m.bat (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\left.jpg (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\load.gif (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\mit3d.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\mitm (Bot.jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\NirCmd.chm (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\nircmd.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\nircmd.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\nircmdc.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\ofex.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\pex.bsl (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\ph.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\pien.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\pre.html (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\Process.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\promqry.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\right.jpg (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\RingOnRequest.lock (Bot.jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\rpe (Bot.jnana) -> Delete on reboot.
C:\Users\srdjan\.jnana\rpe.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\sqlite_jni.dll (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\sud.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\ul.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\Unlocker.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\UnlockerDriver5.sys (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\web.zip (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\youtube.jpg (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\zero.JPG (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x64\kprocesshacker.sys (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x64\peview.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x64\ph.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x64\tpok.vbs (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x86\kprocesshacker.sys (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x86\peview.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x86\ph.exe (Bot.jnana) -> Quarantined and deleted successfully.
C:\Users\srdjan\.jnana\x86\tpok.vbs (Bot.jnana) -> Quarantined and deleted successfully.

(end)

Dopuna: 28 Dec 2011 20:19

Auuuuu sta je djubretaaaaa!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

MBAM je pokupio bota.


Ponovo pokreni OTL i klikni na opciju CleanUp.

Neophodno je isključiti i ponovo uključiti System Restore.
To možeš uraditi po sledećem uputstvu:

http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....sta-7.html



AMF Tim.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala Vam. Bili ste od velike pomoci.