Kompjuter me zeza

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 16 Sep 2014 10:28

Imao sam neki USB, koristio sam USBNORISK ali sam ipak mojoj nepažnjom izgleda nešto "zakačio".
Sada imam problem da neki portable programi neće da rade, Corel X6 neće da se pokrene i slično.
Rizični USB-u sam odmah "prekratio" muke čekićem.

Ako može pomoć!




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Eldar (administrator) on APUK-ACD6AE443F on 16-09-2014 10:20:13
Running from C:\Documents and Settings\Eldar\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CANON INC.) C:\WINDOWS\system32\CAPRPCSK.EXE
(Savard Software) C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CAPON] => C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [22528 2001-02-05] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [155648 2012-11-10] (Apple Computer, Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
Startup: C:\Documents and Settings\Eldar\Start Menu\Programs\Startup\TurboLaunch.lnk
ShortcutTarget: TurboLaunch.lnk -> C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe (Savard Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.80.160.8 80.80.160.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16
FF Keyword.URL: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\WebSearch.xml
FF Extension: Foxdie - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\Foxdie@tanjihay.com [2012-11-11]
FF Extension: FT GraphiteGlow - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2012-11-11]
FF Extension: Classic Compact Options - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2012-11-11]
FF Extension: Tab Mix Plus - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-25]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR CustomProfile: C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google Search) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2014-01-25] (Adobe Systems Incorporated) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-15] (Mozilla Foundation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [158720 2004-08-23] ( ) [File not signed]
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] ( )
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S2 RapidPort; C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [22912 2001-02-05] (CANON INC.)
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 10:20 - 2014-09-16 10:20 - 00011299 _____ () C:\Documents and Settings\Eldar\Desktop\FRST.txt
2014-09-16 10:20 - 2014-09-16 10:20 - 00000000 ____D () C:\FRST
2014-09-16 10:19 - 2014-09-16 10:19 - 01097728 _____ (Farbar) C:\Documents and Settings\Eldar\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 10:20 - 2014-09-16 10:20 - 00011299 _____ () C:\Documents and Settings\Eldar\Desktop\FRST.txt
2014-09-16 10:20 - 2014-09-16 10:20 - 00000000 ____D () C:\FRST
2014-09-16 10:20 - 2012-11-10 16:38 - 00000000 ____D () C:\Documents and Settings\Eldar\Local Settings\Temp
2014-09-16 10:19 - 2014-09-16 10:19 - 01097728 _____ (Farbar) C:\Documents and Settings\Eldar\Desktop\FRST.exe
2014-09-16 10:17 - 2012-11-11 12:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-16 10:17 - 2012-11-10 22:20 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 10:17 - 2012-11-10 22:20 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 10:17 - 2012-11-10 16:35 - 00138605 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-16 10:15 - 2012-11-10 17:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-16 10:15 - 2012-11-10 17:31 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-16 10:15 - 2012-11-10 17:28 - 00398032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-16 10:15 - 2012-11-10 16:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-16 10:15 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

Some content of TEMP:
====================
C:\Documents and Settings\Eldar\Local Settings\Temp\lJtJlSTfLkrrccOLjwvM.DLL
C:\Documents and Settings\Eldar\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Eldar\Local Settings\Temp\ose00001.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Dopuna: 16 Sep 2014 23:03

Na disku D sam imao neke portable programe koji su bili zaraženi sa Salinity.gen virusom. Danas mi je komp počeo kočiti, pa sam instalirao Kaspersky, koji je to odmah pronašao i neutralisao, tako da je sada sve OK.
Ja imam Ghost fajl, pa sam kasnije sve vratio i za sada mi deluje sve OK.
Ako nešto bude, ja se opet javljam.

Hvala na razumevanju

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Homepage: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16
FF Keyword.URL: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16&l=1&q=
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\WebSearch.xml
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Eldar at 2014-09-17 18:14:33 Run:1
Running from C:\Documents and Settings\Eldar\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Homepage: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16
FF Keyword.URL: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16&l=1&q=
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\WebSearch.xml
EmptyTemp:
*****************

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); => Error: No automatic fix found for this entry.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\askcom.xml => Moved successfully.
C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\searchplugins\WebSearch.xml => Moved successfully.
EmptyTemp: => Removed 675.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku






Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:32:41 PM > Drive C: - scan started (no label ~80 GB, NTFS HDD )...



=> The drive is clean.


9/17/2014 10:32:41 PM > Drive D: - scan started (no label ~386 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:34:25 PM > Drive I: - scan started (New Volume ~596 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:34:43 PM > Drive I: - scan started (no label ~149 GB, NTFS HDD )...


> I:\Recycled
> I:\Recycled\desktop.ini (MD5: ad0b0b4416f06af436328a3c12dc491b)

>>> I:\Recycled - Malware (folder) > Deleted. (14.09.17. 22.34 Recycled.941631)


=> Malicious files : 1/1 deleted.
=> Malicious folders : 1/1 deleted.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:35:11 PM > Drive I: - scan started (no label ~149 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:36:18 PM > Drive I: - scan started (KINGSTON ~1902 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.14.1 / Windows XP <<<


9/17/2014 10:36:52 PM > Drive I: - scan started (no label ~7687 MB, FAT32 flash drive )...



=> The drive is clean.




Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.17.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Eldar :: APUK-ACD6AE443F [administrator]

9/17/2014 10:40:09 PM
mbar-log-2014-09-17 (22-40-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 278088
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tvoj kompjuter je čist što se malware-a tiče. Ako i dalje imaš problema predlažem ti da otvoriš temu u Windows potforumu.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ivance95, hvala veliko na pomoći.
Sada se lakše diše, bar znam da nema ničega opasnog.

Pozdrav i puno uspeha u daljem radu.