MyCity » Ambulanta -> Arhiva Ambulante » zarazen Facebook

zarazen Facebook

Napisano na dan: 7.4.2013
1

zarazen Facebook
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Apr 2013 05:27
Idi na vrh
offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Kako da se oslobodim virusa na facebook-u.Kada hocu da udjem na bilo koji profil on me obavestava da mi je pristup zabranjem i da postoji pretnja malicioznog malvera, ali kada skeniram sistem antimalverom i avirom nema nista.Ne detektuje ni jednu pretnju.Sta uraditi?

Poslao: 07 Apr 2013 08:56
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav,

Isprati uputstvo i dostavi izvestaje

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 08 Apr 2013 05:55
Idi na vrh
offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Postovani,
problem je poceo pre skoro 3 nedelje.Na svom profilu sam otvorila nesto sto ocigledno nisam smela,tacnije izgledalo je kao da me prijatelj oznacio u nekom programu i to sam otvorila.Nakon par sekundi se pojavila poruka da moram biti prijavljena iako sam uveliko otvorila svoj nalog.Pokusala sam da ucinim trazeno ali je stigla poruka da postoji pretnja malicioznog malvera pa mi je facebook nalog onemgucen.Skenirala sam sistem Avirom i Malwarebytes Anti-Malware i nista nije pronadjeno.U oba slucaja je stiglo obavestenje da maliciozne stavke nisu pronadjene.I pored toga ne mogu da udjem na svoj profil.Pokusala sam sa drugog kompa i nije bilo problema.koristim modemski internet brzina je 3,6mbps a program na lap topu je XP VISTA. Pokusala sam da preuzmem DDS ali kada pokusam dvoklikom da ga otvorim ceo sistem zabaguje. Ovaj problem resavam jedino prekidom dovoda struje u laptop da se uagasi jer drugacije ni na sta ne reaguje.

Poslao: 08 Apr 2013 09:56
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow Probaj da preimenujes DDS u neki od ovih naziva, pa probaj onda da ga pokrenes

iexplore.exe
winlogon.exe
explore.exe



Arrow Ako nece i dalje, isprati sledece uputstvo


Preuzmi program OTL sa donjeg linka na Desktop:

OTL download
Klikni na dati link i u prozoru koji se otvori, klikni na dugme Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati datoteku, odaberi Desktop i klikni na dugme Save.
Dvoklikom pokreni OTL;

klikni na dugme Run Scan;

po završetku skeniranja, izveštaj će se otvoriti u programu Notepad (napomena: izveštaj će automatski biti sačuvan na Desktopu kao OTL.Txt) .

Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.




Arrow Ujedno isprati i ovo uputstvo


Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Poslao: 08 Apr 2013 11:37
Idi na vrh
offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

OTL logfile created on: 4/8/2013 11:20:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\milos\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.48 Mb Total Physical Memory | 250.13 Mb Available Physical Memory | 32.98% Memory free
1.81 Gb Paging File | 1.27 Gb Available in Paging File | 69.80% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 49.17 Gb Free Space | 87.98% Space Free | Partition Type: NTFS
Drive E: | 23.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPWINDOWS7 | User Name: milos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 11:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
PRC - [2013/04/02 00:47:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/02 00:46:16 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/04/02 00:46:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/04/02 00:46:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/11/25 19:31:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\Telenor Internet.exe
PRC - [2008/08/18 20:17:14 | 001,616,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 19:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
PRC - [2007/09/02 08:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/20 10:21:06 | 001,912,832 | ---- | M] (Otaku Software) -- C:\Program Files\Windows7\TopDesk\topdesk.exe
PRC - [2007/04/06 16:15:40 | 000,518,656 | ---- | M] (KSoft) -- C:\Program Files\Windows7\RunMe\RunMe.exe
PRC - [2006/05/21 05:43:08 | 000,180,224 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/11/25 19:31:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\Telenor Internet.exe
MOD - [2012/09/19 13:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/11/18 10:20:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Telenor Internet\LocaleMgrPlugin.dll
MOD - [2008/11/18 10:19:56 | 000,159,744 | ---- | M] () -- C:\Program Files\Telenor Internet\SMSPlugin.dll
MOD - [2008/11/18 10:19:12 | 000,032,768 | ---- | M] () -- C:\Program Files\Telenor Internet\NotifyServicePlugin.dll
MOD - [2008/11/18 10:17:30 | 000,057,344 | ---- | M] () -- C:\Program Files\Telenor Internet\ConfigFilePlugin.dll
MOD - [2008/11/18 10:16:36 | 000,098,304 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceMgrPlugin.dll
MOD - [2008/11/18 10:14:44 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\NetInfoPlugin.dll
MOD - [2008/11/18 10:12:44 | 000,086,016 | ---- | M] () -- C:\Program Files\Telenor Internet\DialUpPlugin.dll
MOD - [2008/11/18 10:11:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceMgrUIPlugin.dll
MOD - [2008/11/18 10:08:06 | 000,651,264 | ---- | M] () -- C:\Program Files\Telenor Internet\NDISAPI.dll
MOD - [2008/05/23 11:19:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Telenor Internet\XCodec.dll
MOD - [2008/05/23 11:19:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceOperate.dll
MOD - [2008/05/23 11:19:28 | 000,147,456 | ---- | M] () -- C:\Program Files\Telenor Internet\DetectDev.dll
MOD - [2008/05/23 11:19:22 | 000,524,288 | ---- | M] () -- C:\Program Files\Telenor Internet\atcomm.dll
MOD - [2008/04/14 00:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/05 19:20:04 | 000,007,680 | ---- | M] () -- C:\Program Files\Windows7\VisualTaskTips\VttHooks.dll
MOD - [2007/09/02 08:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 08:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/08/23 11:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Telenor Internet\isaputrace.dll
MOD - [2007/07/31 10:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Telenor Internet\FileManager.dll
MOD - [2007/06/20 10:20:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Windows7\TopDesk\topdesk153.dll
MOD - [2006/11/27 11:26:30 | 000,375,808 | ---- | M] () -- C:\Program Files\Windows7\RunMe\rmfoldermenu.dll
MOD - [2006/05/21 05:43:08 | 000,180,224 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe
MOD - [2006/05/21 05:43:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon.dll
MOD - [2006/05/21 05:43:06 | 000,053,248 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\Plugins\iBounce\fx.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/02 00:47:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/04/02 00:46:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/07 06:11:56 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqxnjcz.sys -- (utqxnjcz)
DRV - [2013/04/02 00:47:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/02 00:47:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/02 00:47:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/15 22:36:16 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/02 13:52:50 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2009/08/05 13:44:44 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2009/03/25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/30 06:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 06:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 12:40:22 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/03/29 06:45:14 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2004/10/18 15:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com/?crg=3.1010000.10002
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=CC41000B5D13FF4F
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=CC41000B5D13FF4F
IE - HKCU\..\SearchScopes\{A93890EC-D505-4B8B-9414-A8F7CA2B7F2E}: "URL" = websearch.ask.com/redirect?client=ie&tb=AWR&o=1955&src=crm&q={searchTerms}&locale=&apn_ptnrs=^A17&apn_dtid=^YYYYYY^YY^RS&apn_uid=804d9578-4882-4aa4-b518-692a5c1993f0&apn_sauid=27CCBD9B-98A9-4A52-8BFC-8AB789F08D6E
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268099
IE - HKCU\..\SearchScopes\{BA6B3E72-5F0D-4F4C-BA55-5A827145B19A}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = bing.com/search?FORM=UP22DF&PC=UP22&dt=040213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


[2013/04/05 16:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Game Downloader Toolbar) - {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Game Downloader Toolbar) - {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SimilarSites) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Downloader Toolbar) - {21D046AB-7009-4C75-BBD9-B0B00D7122BC} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [KRun] C:\Program Files\Windows7\RunMe\RunMe.exe (KSoft)
O4 - HKLM..\Run: [Pie Dock] C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe ()
O4 - HKLM..\Run: [Visual Task Tips] C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\Telenor Internet\Telenor Internet.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [TopDesk] C:\Program Files\Windows7\TopDesk\topdesk.exe (Otaku Software)
O4 - HKCU..\Run: [TransBar] C:\Program Files\Windows7\TransBar\TransBar.exe (AKSoftware)
O4 - HKCU..\Run: [UberIcon] C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\milos\Start Menu\Programs\Startup\Windows Seven Dock.lnk = C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O9 - Extra Button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} download.microsoft.com/download/E/5/6/E5611.....ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A600DD56-8D61-42F5-9152-C5F524550DBC}: NameServer = 217.65.192.101 217.65.192.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\milos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\milos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/24 16:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/04 18:34:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell - "" = AutoRun
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cc268f84-3725-11e2-b0cb-000b5d2ec393}\Shell - "" = AutoRun
O33 - MountPoints2\{cc268f84-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc268f84-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell - "" = AutoRun
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 11:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
[2013/04/08 11:05:21 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\milos\Desktop\iexplore.exe
[2013/04/08 08:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/04/08 08:31:25 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us (1).exe
[2013/04/08 08:22:52 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us.exe
[2013/04/08 08:18:44 | 000,393,072 | ---- | C] (Softonic ) -- C:\Documents and Settings\milos\Desktop\SoftonicDownloader_for_microsoft-office-word-viewer.exe
[2013/04/08 07:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/04/07 05:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Desktop\avz4
[2013/04/05 17:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Bundled software uninstaller
[2013/04/05 16:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/04/05 16:59:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/04/05 16:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\BabSolution
[2013/04/05 16:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/04/05 16:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/05 16:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/04/05 16:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Babylon
[2013/04/05 16:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Macromedia
[2013/04/03 19:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Adobe
[2013/04/03 19:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/04/03 19:30:25 | 000,000,000 | ---D | C] -- C:\7d55f6e5e5dea4f9dc05e81fb24c
[2013/04/02 06:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Skype
[2013/04/02 06:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/02 06:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/02 06:20:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/04/02 06:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2013/03/28 06:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/03/23 10:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Downloader
[2013/03/23 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/03/18 19:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2013/03/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Malwarebytes
[2013/03/18 08:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/03/17 20:46:17 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/17 20:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Apple Computer
[2013/03/17 09:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Desktop\Plants vs. Zombies origin
[2013/03/16 15:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/03/16 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/03/16 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/03/16 15:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/03/16 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Apple
[2013/03/16 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/03/16 15:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/03/16 15:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/08 11:30:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/04/08 11:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
[2013/04/08 11:14:59 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/04/08 11:13:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 11:12:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/08 11:05:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\milos\Desktop\iexplore.exe
[2013/04/08 10:57:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 08:31:28 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us (1).exe
[2013/04/08 08:24:19 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us.exe
[2013/04/08 08:18:46 | 000,393,072 | ---- | M] (Softonic ) -- C:\Documents and Settings\milos\Desktop\SoftonicDownloader_for_microsoft-office-word-viewer.exe
[2013/04/07 06:11:56 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utqxnjcz.sys
[2013/04/06 14:35:40 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\milos\Start Menu\Programs\Startup\Windows Seven Dock.lnk
[2013/04/06 05:26:33 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/06 05:26:33 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 15:27:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 15:27:15 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/05 15:23:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 06:20:14 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/04/02 00:47:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/04/02 00:47:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/04/02 00:47:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/03/31 20:55:24 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/03/30 10:35:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/18 10:57:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoTube.lnk
[2013/03/16 15:34:37 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/08 08:32:02 | 000,002,038 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/04/07 05:53:15 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqxnjcz.sys
[2013/04/02 06:20:14 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/30 14:29:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/03/18 10:57:52 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoTube.lnk
[2013/03/16 15:34:36 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/03/16 15:32:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/16 15:32:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/11/24 22:51:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/24 22:50:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/24 22:48:22 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/24 16:33:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/11/24 16:31:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/24 16:18:23 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/24 16:15:19 | 000,013,622 | ---- | C] () -- C:\Documents and Settings\milos\STARTUP.reg
[2012/11/24 16:09:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/24 15:58:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/23 04:32:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/03/17 21:18:38 | 000,002,691 | ---- | M] ()(C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk
[2013/03/17 21:18:38 | 000,002,691 | ---- | C] ()(C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk
[2013/03/17 21:18:38 | 000,002,679 | ---- | C] ()(C:\Documents and Settings\milos\Start Menu\Programs\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Start Menu\Programs\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBC416F8

< End of report >

Poslao: 08 Apr 2013 11:52
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Odlicno, dostavi mi jos Gmer izvestaje...

Poslao: 08 Apr 2013 14:56
Idi na vrh
offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Napisano: 08 Apr 2013 14:55

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 08 Apr 2013 14:56

pogresno sam oznacila umesto Gmer3 samo 3.da li je to problem? Nisam bas vicna Sad

Poslao: 08 Apr 2013 16:21
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Idemo dalje Smile



Korak 1.

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=CC41000B5D13FF4F
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=CC41000B5D13FF4F
IE - HKCU\..\SearchScopes\{A93890EC-D505-4B8B-9414-A8F7CA2B7F2E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AWR&o=1955&src=crm&q={searchTerms}&locale=&apn_ptnrs=^A17&apn_dtid=^YYYYYY^YY^RS&apn_uid=804d9578-4882-4aa4-b518-692a5c1993f0&apn_sauid=27CCBD9B-98A9-4A52-8BFC-8AB789F08D6E
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268099
IE - HKCU\..\SearchScopes\{BA6B3E72-5F0D-4F4C-BA55-5A827145B19A}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002
O2 - BHO: (Game Downloader Toolbar) - {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Game Downloader Toolbar) - {21d046ab-7009-4c75-bbd9-b0b00d7122bc} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SimilarSites) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites)
O3 - HKCU\..\Toolbar\WebBrowser: (Game Downloader Toolbar) - {21D046AB-7009-4C75-BBD9-B0B00D7122BC} - C:\Program Files\Game_Downloader\prxtbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Alawar Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

:Files
C:\Program Files\Ask.com
C:\Program Files\Game_Downloader
C:\Program Files\SimilarSites
C:\WINDOWS\System32\Extensions
C:\WINDOWS\System32\searchplugins
C:\Documents and Settings\milos\Application Data\BabSolution
C:\Program Files\Delta
C:\Documents and Settings\All Users\Application Data\Babylon
C:\Documents and Settings\milos\Application Data\Babylon
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

:Commands
[emptytemp]


Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Korak 2.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Pokreni ga, a zatim klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok
Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Korak 3.

Ponovo pokreni program OTL dvoklikom na ikonu.

Klikni na Run Scan i dostavi mi novi izvestaj nakon sto se skeniranje zavrsi. Takodje, na Desktop-u bi trebao biti i Extras.txt, pa dostavi i njega.

Poslao: 08 Apr 2013 18:24
Idi na vrh
offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

imam problem sa prvim korakom, odradim sve sto se trazi ali kad kliknem na Run Fix sa desktopa sve nestane ostane samo OTL prozor i na njemu u vrhu pise Not Rasponding.Sta da radim Sad Pokusacu ponovo ali bice to ko zna koji put ;(

Poslao: 08 Apr 2013 19:04
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Napisano: 08 Apr 2013 19:03

Iskljuci Antivirus i deinstaliraj Malware Bytes, posto on zna da pravi ovaj problem...

Dopuna: 08 Apr 2013 19:04

Kako iskljuciti antivirus --> http://www.mycity.rs/MyCity-Laboratorija/Iskljucivanje-zastitnog-softvera.html

Ti imas Aviru, pa gledaj za nju.

MyCity » Ambulanta -> Arhiva Ambulante » zarazen Facebook

Ko je trenutno na forumu
 

Ukupno su 805 korisnika na forumu :: 14 registrovanih, 2 sakrivenih i 789 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ben Roj, Bokiboks, darios, dragoljub11987, kuntalo, kybonacci, novator, nuke92, Simon simonović, slonic_tonic, Vzor50, Zikapk, zlaya011, šumar bk2