problem sa memorijskom karticom

1

problem sa memorijskom karticom

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

e ovako,kada povezem kompjuter sa telefonom preko opcije masovna memorija otvori mi folder memoriske ali u njemu je kreirana kopija memorijske ,znaci :

mem. kartica --> kopija mem. kartice --> pa tek folderi na mem. kartici

umesto da cim udjem u mem. karticu da mi pokaze foldere,

problem se javio pre nekih 5 dana......koristim win. 7 ult. 32 bit-a

uradio sam i malwere scan i evo izvestaja:

>>> MCShield AllScans.txt <<<



>>> MCShield ::Anti-Malware Tool:: v 2.5.4.20 / DB: 2013.2.17.1 / NT6.1 <<<


19/02/2013 17:59:11 > Drive C: - scan started (no label ~73 GB, NTFS HDD )...



=> The drive is clean.


19/02/2013 17:59:12 > Drive D: - scan started (Local Disk ~76 GB, NTFS HDD )...



=> The drive is clean.


19/02/2013 17:59:24 > Drive F: - scan started (BOKI ~1910 MB, FAT flash drive )...

>>> F:\autorun.inf > Action failed.

>>> F:\desktop.ini - Malware > Deleted. (13.02.19. 18.25 desktop.ini.797619; MD5: d80c46bac5f9df7eb83f46d3f30bf426)

>>> F:\BOKI (2GB).lnk - Suspicious > Renamed. (MD5: cfae0fcf9dd7185b72813e428bac4ee6)

> Resetting attributes: F:\ < Successful.

> Resetting attributes: F:\@bgsr_1 < Successful.

> Resetting attributes: F:\@mms < Successful.

> Resetting attributes: F:\@Playlists < Successful.

> Resetting attributes: F:\@wcache < Successful.

> Resetting attributes: F:\Application < Successful.

> Resetting attributes: F:\Audio < Successful.

> Resetting attributes: F:\Ebook < Successful.

> Resetting attributes: F:\javastore < Successful.

> Resetting attributes: F:\lmw < Successful.

> Resetting attributes: F:\muzika < Successful.


=> Malicious files : 1/1 deleted.
=> Suspicious files : 1/2 renamed.
=> Hidden folders : 11/11 unhidden.

____________________________________________

::::: Scan duration: 26min 26sec :::::::::::
____________________________________________

19/02/2013 18:25:34 > Drive G: - scan started (no label ~unknown size, FAT flash drive )...

>>> G:\autorun.inf > Action failed.

>>> G:\desktop.ini - Malware > Deleted. (13.02.19. 18.25 desktop.ini.311485; MD5: d80c46bac5f9df7eb83f46d3f30bf426)


=> Malicious files : 1/1 deleted.
=> Suspicious files : 0/1 renamed.

____________________________________________

::::: Scan duration: 26min 32sec :::::::::::
____________________________________________

ime mem. kartice je BOKI.... (ukoliko zatreba jos neki test napisite)
hvala...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Boki, isprati ovo uputstvo

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Ako imas 32-bitni sistem, DDS.txt, Attach.txt, Gmer1, Gmer 2 izvestaje...

Ako imas 64-bitni sistem, OTL.txt i Extras.txt

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

kad se zavrsi prvo skeniranje GMER-on ne mogu naci ovo Options > Only non MS files ,tj. nemam opciju only non MS files pod options.

imam:
IRP hooks
NTAPI registry scan
IRP files scan
-----------------
file version info
3rd party

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Boki, umesto Only non MS files izaberi 3rd party...

Uputstvo je izmenjeno za taj deo, pa ga konsultuj...

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

evo dodatnih fajlova:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.13.2
Run by boki at 19:24:57 on 2013-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.1013.284 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
D:\prolazni\systemcare\Advanced SystemCare 5\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\New folder\MCShield\MCShieldRTM.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.soft-quick.info/
uSearch Bar = Preserve
mStart Page = hxxp://websearch.soft-quick.info/
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: {013a635f-e3aa-4371-b682-ece95ca974b0} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\boki\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MCShield Monitor] d:\new folder\mcshield\mcshieldrtm.exe
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mExplorerRun: [0] c:\progra~2\locals~1\temp\msoppo.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C}\449637365737D2D2142464331393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C}\6596C61602D456469647562716E60223 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\boki\appdata\roaming\mozilla\firefox\profiles\2lkjynw4.default-1346234435416\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\boki\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\boki\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-22 18:11; 50fec7786fd6f@50fec7786fda9.com; c:\users\boki\appdata\roaming\mozilla\firefox\profiles\2lkjynw4.default-1346234435416\extensions\50fec7786fd6f@50fec7786fda9.com
FF - ExtSQL: 2013-02-12 18:33; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\prolazni\systemcare\advanced systemcare 5\ASCService.exe [2013-2-12 913792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-12 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-12 44808]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2012-5-3 219360]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2012-5-3 68136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-7 3467768]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-9-2 1500160]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-3 242240]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2012-5-3 51712]
R3 vm331avs;VC0334 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2012-12-3 977920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-7-26 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-26 52224]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2012-5-3 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2012-5-3 398720]
.
=============== Created Last 30 ================
.
2013-02-19 16:58:47 -------- d-----w- c:\programdata\MCShield
2013-02-19 16:58:30 -------- d-----w- c:\users\boki\New folder
2013-02-12 17:13:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-12 17:12:20 41224 ----a-w- c:\windows\avastSS.scr
2013-02-12 17:11:33 -------- d-----w- c:\program files\AVAST Software
2013-02-12 07:06:08 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1974a341-cd70-4760-ab16-b7a91ef55269}\mpengine.dll
2013-02-10 07:17:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 07:45:12 -------- d-----w- c:\users\boki\appdata\roaming\driveridentifier
2013-01-31 17:06:08 -------- d-----r- c:\program files\Skype
2013-01-22 16:45:21 -------- d-----w- c:\programdata\CLSoft LTD
2013-01-22 16:45:19 -------- d-----w- c:\program files\SoftQuick
2013-01-22 16:44:23 -------- d-----w- c:\program files\ContinueToSave
2013-01-22 16:44:19 -------- d-----w- c:\programdata\continuetosave
.
==================== Find3M ====================
.
2013-02-19 18:22:40 17488 ----a-w- c:\windows\gdrv.sys
2013-02-16 16:18:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-16 16:18:37 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 07:17:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 07:17:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-19 11:58:25 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2013-01-18 18:35:35 1536 ----a-w- c:\windows\system32\RtkMsgs.dll
2012-12-22 15:52:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 15:52:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 19:25:45.89 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Boki, imas 3 antivirusa na racunaru, tacnije prisutni su ostaci od ESET-a i Microsoft Security Essentials. Potrebno ih je ukloniti.



Korak 1.

Arrow Preuzmi ESET Uninstaller. Restartuj racunar u Safe Mode po ovom uputstvu. Pokreni alat i isprati instrukcije. Kada se zavrsi restartuj racunar normalno.



Arrow Preuzmi Microsoft Security Essentials installer na Desktop:

http://mse.dlservice.microsoft.com/download/A/3/8/.....nstall.exe

Arrow Pritisni dugme i R, otvoriće se ovakav prozor:



Arrow Prevuci fajl koji je predhodno preuzet u Open sekciju:





Arrow Potrebno je da dodati na kraju " /U"(bez navodnika, i sa razmakom između putanje i /U).




Arrow U prozoru koji se otvori, klikni na Uninstall.



Korak 2.

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
:files
c:\progra~2\locals~1\temp\msoppo.exe

:reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"0"=-

:commands
[emptytemp]

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

nece da skine ovo za Security Essentials ,a kod nod32 sam uradio kako je receno i dobio ovaj log fil
https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Za ESET nisi dobro ispratio, kada ti se pojave izlistani programi, pritisni 1, pa Enter, pa potvrdi sa Y...

MSE skini sa ovog linka, izgleda da je problem sa serverima...

http://download.microsoft.com/download/A/3/8/A38FF....._en_us.exe

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

Napisano: 20 Feb 2013 15:24

okk sad cu ponovo uraditi pa javljam ,da bi preso na ovaj 2. korak Smile

Dopuna: 20 Feb 2013 15:34

Sto se tice MSE uspesno sam odradio,kao i za ESET....evo log file-a
https://www.mycity.rs/must-login.png
sad prelazim na ddrugi korak Smile

Dopuna: 20 Feb 2013 15:42

evo rezultata OTM-a :

All processes killed
========== FILES ==========
File move failed. c:\progra~2\locals~1\temp\msoppo.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: boki
->Temp folder emptied: 11501636 bytes
->Temporary Internet Files folder emptied: 26418907 bytes
->Java cache emptied: 2456093 bytes
->FireFox cache emptied: 434331194 bytes
->Google Chrome cache emptied: 62507976 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1375375125 bytes

Total Files Cleaned = 1,824.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02202013_153548

Files moved on Reboot...
c:\progra~2\locals~1\temp\msoppo.exe moved successfully.

Registry entries deleted on Reboot...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, sada mi dostavi svez DDS.txt izvestaj...

Ko je trenutno na forumu
 

Ukupno su 617 korisnika na forumu :: 4 registrovanih, 1 sakriven i 612 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Battlehammer, bojank, wolf431, Živković