Onda makni Nod-a , pukni trial od Kasperskog,updejtaj database,očisti pa ako ti se ne sviđa vrati NOD.
Pogledaj i ovaj REMOVAL : Ne znam kako da ga attach-am jer ima linkova za neke alate i tutorijale pa ću ga paste-at:
Please download Process Explorer by Systernals from
HERE
Also download KillBox by Option^Explicit from
HERE
Then boot up in SAFE MODE
the rest of this fix must be done in safe mode.
Unzip Process Explorer and double click on
procexp.exe
In the top section of the Process Explorer screen double click on
winlogon.exe to bring up the winlogon.exe properties screen. Click on the
Threads tab at the top.
Once you see this screen click on each instance of
<bad file from 02 and 020> once and then click the
kill button.
After you have killed all of the
<bad file from 02 and 020> under winlogon click
OK.
Also look for any .ini or bak files or other dll's with either the same name or the file name in reverse & kill them as well
Example:
<bad filename from 02 and 020>.bak
<bad filename from 02 and 020>.ini
<bad filename from 02 and 020>.reg etc
or
<bad filename(reversed) from 02 and 020>.dll
<bad filename(reversed) from 02 and 020>.bak
<bad filename(reversed) from 02 and 020>.ini etc
Next double click on
explorer.exe and again click once on each instance of
<bad file from 02 and 020> then click the
kill button.
Also look for any .ini or bak files or reverse named dll's with either the same name or the file name in reverse & kill them as well. See above for examples
Click on the
Threads tab at the top.
Once you have done that click
OK again.
Next run HijackThis and place a check beside each of the following.
<Hijack fix goes here>
Now click
fix checked and close HijackThis.
Please copy the text in
BOLD below, and paste it into a blank notepad window.
Save it as
vundo.reg and in the save as type box choose
all files.
Once you have saved it
double click it and
allow it to merge with the registry.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\CLSID\{581F22DA-7202-4F21-AEF3-114787156016}]
[-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[-HKEY_CLASSES_ROOT\MSEvents.MSEvents]
[-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1]
Double click on Killbox.exe and check the Delete on Reboot button.
Enter the following filepath and filename into the "Full path of file to delete" box:
<Full pathname of bad 02 and 020>
Click the red and white "Delete File" button.
Click "Yes" at the first prompt .
Click "No" at the second.
Repeat those same steps for any of the same named or reversed named .bak, .ini. reg, etc, files you may have found earlier.
Once you have entered in all the files, reboot.
After your computer has rebooted please run Hijackthis and post a new log.
==============================================
Optional Fix if problems are encountered when trying to Killbox the bad file:
Copy/paste the following quote box into a new text document.
Citiraj:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[HKEY_CLASSES_ROOT\CLSID\{581F22DA-7202-4F21-AEF3-114787156016}]
[HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
[HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]
[HKEY_CLASSES_ROOT\MSEvents.MSEvents]
[HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1]
|
Double click on Killbox.exe and check the Delete on Reboot button.
Enter the following into the "Full path of file to delete" box:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]
Click the red and white "Delete File" button.
Click "Yes" at the first prompt .
Click "No" at the second.
Repeat those same steps for each of the lines in the above quote box.
When done Copy/Paste this into the "Full path of file to delete" box:
<Full pathname of bad 02 and 020>
Click the red and white "Delete File" button.
Click "Yes" at the first prompt .
Click "Yes" at the second.
Bad file 02 i 020 se naravno odnosi na vundo zaraze u HJT-logu..