zarazen Facebook

2

zarazen Facebook

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Napisano: 08 Apr 2013 19:28

sve sam to uradila ali ponovo je isto. deinstalirala sam malver i destiklirala Aviru ali isto Sad

Dopuna: 08 Apr 2013 19:29

pri tom nemam aviru 2012 ali imam opciju za nju pa sam destiklirala

Dopuna: 08 Apr 2013 19:30

enable real-time protection

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Isprati onda samo drugi i treci korak...

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

mycity.rs/must-login.png





OTL logfile created on: 4/8/2013 8:12:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\milos\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.48 Mb Total Physical Memory | 93.96 Mb Available Physical Memory | 12.39% Memory free
1.81 Gb Paging File | 1.04 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 49.16 Gb Free Space | 87.96% Space Free | Partition Type: NTFS
Drive E: | 23.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPWINDOWS7 | User Name: milos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 11:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
PRC - [2013/04/02 00:47:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/04/02 00:46:16 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/04/02 00:46:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/04/02 00:46:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/25 19:31:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\Telenor Internet.exe
PRC - [2008/08/18 20:17:14 | 001,616,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 19:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
PRC - [2007/09/02 08:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/09/02 08:12:18 | 000,586,240 | ---- | M] () -- C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
PRC - [2007/06/20 10:21:06 | 001,912,832 | ---- | M] (Otaku Software) -- C:\Program Files\Windows7\TopDesk\topdesk.exe
PRC - [2007/04/06 16:15:40 | 000,518,656 | ---- | M] (KSoft) -- C:\Program Files\Windows7\RunMe\RunMe.exe
PRC - [2006/05/21 05:43:08 | 000,180,224 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012/11/25 19:31:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\Telenor Internet.exe
MOD - [2012/09/19 13:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/11/18 10:20:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Telenor Internet\LocaleMgrPlugin.dll
MOD - [2008/11/18 10:19:56 | 000,159,744 | ---- | M] () -- C:\Program Files\Telenor Internet\SMSPlugin.dll
MOD - [2008/11/18 10:19:12 | 000,032,768 | ---- | M] () -- C:\Program Files\Telenor Internet\NotifyServicePlugin.dll
MOD - [2008/11/18 10:17:30 | 000,057,344 | ---- | M] () -- C:\Program Files\Telenor Internet\ConfigFilePlugin.dll
MOD - [2008/11/18 10:16:36 | 000,098,304 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceMgrPlugin.dll
MOD - [2008/11/18 10:14:44 | 000,114,688 | ---- | M] () -- C:\Program Files\Telenor Internet\NetInfoPlugin.dll
MOD - [2008/11/18 10:12:44 | 000,086,016 | ---- | M] () -- C:\Program Files\Telenor Internet\DialUpPlugin.dll
MOD - [2008/11/18 10:11:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceMgrUIPlugin.dll
MOD - [2008/11/18 10:08:06 | 000,651,264 | ---- | M] () -- C:\Program Files\Telenor Internet\NDISAPI.dll
MOD - [2008/05/23 11:19:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Telenor Internet\XCodec.dll
MOD - [2008/05/23 11:19:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Telenor Internet\DeviceOperate.dll
MOD - [2008/05/23 11:19:28 | 000,147,456 | ---- | M] () -- C:\Program Files\Telenor Internet\DetectDev.dll
MOD - [2008/05/23 11:19:22 | 000,524,288 | ---- | M] () -- C:\Program Files\Telenor Internet\atcomm.dll
MOD - [2008/04/14 00:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/05 19:20:04 | 000,007,680 | ---- | M] () -- C:\Program Files\Windows7\VisualTaskTips\VttHooks.dll
MOD - [2007/09/02 08:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 08:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/09/02 08:12:18 | 000,586,240 | ---- | M] () -- C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
MOD - [2007/08/23 11:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Telenor Internet\isaputrace.dll
MOD - [2007/07/31 10:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Telenor Internet\FileManager.dll
MOD - [2007/06/20 10:20:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Windows7\TopDesk\topdesk153.dll
MOD - [2006/11/27 11:26:30 | 000,375,808 | ---- | M] () -- C:\Program Files\Windows7\RunMe\rmfoldermenu.dll
MOD - [2006/05/21 05:43:08 | 000,180,224 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe
MOD - [2006/05/21 05:43:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\UberIcon.dll
MOD - [2006/05/21 05:43:06 | 000,053,248 | ---- | M] () -- C:\Program Files\Windows7\UberIcon\Plugins\iBounce\fx.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/02 00:47:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/04/02 00:46:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/07 06:11:56 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqxnjcz.sys -- (utqxnjcz)
DRV - [2013/04/02 00:47:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/02 00:47:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/02 00:47:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/15 22:36:16 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/02 13:52:50 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2009/08/05 13:44:44 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2009/03/25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/30 06:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 06:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 12:40:22 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/03/29 06:45:14 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2004/10/18 15:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


[2013/04/05 16:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [KRun] C:\Program Files\Windows7\RunMe\RunMe.exe (KSoft)
O4 - HKLM..\Run: [Pie Dock] C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe ()
O4 - HKLM..\Run: [Visual Task Tips] C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\Telenor Internet\Telenor Internet.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [TopDesk] C:\Program Files\Windows7\TopDesk\topdesk.exe (Otaku Software)
O4 - HKCU..\Run: [TransBar] C:\Program Files\Windows7\TransBar\TransBar.exe (AKSoftware)
O4 - HKCU..\Run: [UberIcon] C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\milos\Start Menu\Programs\Startup\Windows Seven Dock.lnk = C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} download.microsoft.com/download/E/5/6/E5611.....ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A600DD56-8D61-42F5-9152-C5F524550DBC}: NameServer = 217.65.192.101 217.65.192.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\milos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\milos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/24 16:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/04 18:34:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell - "" = AutoRun
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cc268f80-3725-11e2-b0cb-000b5d2ec393}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell - "" = AutoRun
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d98f07c0-5229-11e2-b102-000b5d13ff4f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/20 19:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 19:21:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/08 16:30:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/08 11:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
[2013/04/08 11:05:21 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\milos\Desktop\iexplore.exe
[2013/04/08 08:31:25 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us (1).exe
[2013/04/08 08:22:52 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us.exe
[2013/04/08 08:18:44 | 000,393,072 | ---- | C] (Softonic ) -- C:\Documents and Settings\milos\Desktop\SoftonicDownloader_for_microsoft-office-word-viewer.exe
[2013/04/08 07:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/04/07 05:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Desktop\avz4
[2013/04/05 17:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Bundled software uninstaller
[2013/04/05 16:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/04/05 16:59:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2013/04/05 16:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/05 16:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Macromedia
[2013/04/03 19:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Adobe
[2013/04/03 19:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/04/03 19:30:25 | 000,000,000 | ---D | C] -- C:\7d55f6e5e5dea4f9dc05e81fb24c
[2013/04/02 06:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Skype
[2013/04/02 06:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/02 06:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/02 06:20:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/04/02 06:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2013/03/28 06:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/03/23 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/03/18 19:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2013/03/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Malwarebytes
[2013/03/18 08:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/03/17 20:46:17 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/17 20:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Application Data\Apple Computer
[2013/03/17 09:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Desktop\Plants vs. Zombies origin
[2013/03/16 15:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/03/16 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/03/16 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/03/16 15:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/03/16 15:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Apple
[2013/03/16 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/03/16 15:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/03/16 15:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milos\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/08 20:09:26 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/04/08 20:06:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 20:06:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/08 19:57:09 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 18:08:06 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\milos\Desktop\adwcleaner.exe
[2013/04/08 11:37:05 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\milos\Desktop\pg5p2svt.exe
[2013/04/08 11:19:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milos\Desktop\OTL.exe
[2013/04/08 11:05:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\milos\Desktop\iexplore.exe
[2013/04/08 08:31:28 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us (1).exe
[2013/04/08 08:24:19 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\milos\Desktop\wordview_en-us.exe
[2013/04/08 08:18:46 | 000,393,072 | ---- | M] (Softonic ) -- C:\Documents and Settings\milos\Desktop\SoftonicDownloader_for_microsoft-office-word-viewer.exe
[2013/04/07 06:11:56 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utqxnjcz.sys
[2013/04/06 14:35:40 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\milos\Start Menu\Programs\Startup\Windows Seven Dock.lnk
[2013/04/06 05:26:33 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/06 05:26:33 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 15:27:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 15:27:15 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/05 15:23:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 06:20:14 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/04/02 00:47:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/04/02 00:47:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/04/02 00:47:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/03/31 20:55:24 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/03/30 10:35:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/18 10:57:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoTube.lnk
[2013/03/16 15:34:37 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/08 18:08:02 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\milos\Desktop\adwcleaner.exe
[2013/04/08 11:37:04 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\milos\Desktop\pg5p2svt.exe
[2013/04/07 05:53:15 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqxnjcz.sys
[2013/04/02 06:20:14 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/30 14:29:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/03/18 10:57:52 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoTube.lnk
[2013/03/16 15:34:36 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/03/16 15:32:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/16 15:32:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/11/24 22:51:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/24 22:50:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/24 22:48:22 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/24 16:33:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/11/24 16:31:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/24 16:18:23 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/24 16:15:19 | 000,013,622 | ---- | C] () -- C:\Documents and Settings\milos\STARTUP.reg
[2012/11/24 16:09:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/24 15:58:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/23 04:32:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/03/17 21:18:38 | 000,002,691 | ---- | M] ()(C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk
[2013/03/17 21:18:38 | 000,002,691 | ---- | C] ()(C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Application Data\Microsoft\Internet Explorer\Quick Launch\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk
[2013/03/17 21:18:38 | 000,002,679 | ---- | C] ()(C:\Documents and Settings\milos\Start Menu\Programs\?????????? ?? ??????? - ????????? ??, ???????? ?? ??? ???????? ????.lnk) -- C:\Documents and Settings\milos\Start Menu\Programs\Добродошли на Фејсбук - Пријавите се, учланите се или сазнајте више.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBC416F8

< End of report >



mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kazi mi kakvo je sada stanje?

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Napisano: 09 Apr 2013 1:35

isto sve.Isti problem ponovone mogu da otvorim profil. Evo sta pise -Your account has been temporarily locked because we have detected malicious software on your computer. Malware is malicious software that tries to access your personal information, slows your connection, and could cause other problems when you use Facebook. Your computer can become infected with malware when you click or share spammy links.

Dopuna: 09 Apr 2013 1:36

A nakon toga ovo-You will have to wait 24 hours to get back into your account. Sve to se i ranije desavalo

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ajde da probamo jos jednu soluciju

Arrow Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:files
C:\WINDOWS\System32\drivers\etc\hosts.ics

:commands
[resethosts]
[emptytemp]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Arrow Takodje, uradi i sledece:

U gornjem desnom uglu Google Chrome-a klikni na tri crtice, a zatim na Tools --> Clear Browsing Data

Cekiraj sve kucice i izaberi iz padajuceg menija the beginning of the time, a zatim klikni na Clear Browsing Data. Ugasi i ponovo pokreni Google Chrome, pa proveri stanje...

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Napisano: 10 Apr 2013 5:57

mycity.rs/must-login.png

Dopuna: 10 Apr 2013 6:17

evo sta pise kad pokusam da otvorim profil
Because you have Login Notifications enabled, you will receive a notification when you log in from a new browser. Please save this browser if you use it often.

Save Browser

Don't Save

Dopuna: 10 Apr 2013 6:21

Nakon toga ponovo obavestenje pretnje malicioznim stavkama i ponovno vracanja na 24 sata cekanja.Kad istekne to vreme, uspem da udjem ali nakon par sekundi trazi ponovnu prijavu a onda i sve nanovo sto sam navela

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Napisano: 10 Apr 2013 9:41

kada udjem u ALATE potom u DODATKE tu je Adobe Flash Player 3.38 ali ne mogu da ga onemogucim. Kako to da izvedem

Dopuna: 10 Apr 2013 9:43

Sve sto ste naveli je zapravo moj problem jer kada uspem da udjem sa drugog racunara na profil vidm da sam KAO lajkovala sve same turske stranice

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Imas kantu pored njega, otcekiraj Enabled, pa zatim na kantu da ga obrises...

offline
  • sarasa 
  • Novi MyCity građanin
  • Pridružio: 06 Apr 2013
  • Poruke: 17

Da imam ali mi ne dozvoljava i nemam kantu evo sta stoji
Adobe Flash Player 3.38
Adobe Flash Player Дозволе
ИД: oohihabmclafciafgmimanggjobnmceg
(Овим додатком се управља и не може да се уклони или онемогући.)
Провери приказе: _generated_background_page.html

Ko je trenutno na forumu
 

Ukupno su 1364 korisnika na forumu :: 32 registrovanih, 6 sakrivenih i 1326 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, babaroga, bojcistv, celik, darkangel, Dorcolac, FileFinder, GandorCC, Georgius, hatman, kinez88, kolle.the.kid, Magistar78, MB120mm, Mixelotti, nebkv, Nemanja.M, nenaddz, oganj123, procesor, RJ, rodoljub, royst33, S2M, Skywhaler, Toper, vathra, VitezKoja, vladulns, YugoSlav, zlaya011