|
Poslao: 29 Dec 2014 20:54
|
offline
- v358
- Novi MyCity građanin
- Pridružio: 29 Dec 2014
- Poruke: 16
|
Pozdrav, skenirao sam sa Avastom komp i evo sta je pronasao :
Nisam ih uklonio.
FRST izvestaj:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by v358win (administrator) on V358 on 29-12-2014 11:38:51
Running from C:\Users\v358win\Desktop
Loaded Profile: v358win (Available profiles: v358win)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\ProgramData\NT Kernel\NTKernel.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-29] (AVAST Software)
HKU\S-1-5-21-452044520-4055168981-2684586079-1001\...\Winlogon: [Shell] C:\ProgramData\NT Kernel\NTKernel.exe [290816 2014-02-15] () <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-452044520-4055168981-2684586079-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]
Chrome:
=======
CHR Profile: C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\v358win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-29 19:48 - 2014-12-29 19:48 - 00000000 __SHD () C:\Recovery
2014-12-29 19:45 - 2014-12-29 10:54 - 00000000 ____D () C:\Windows\Panther
2014-12-29 11:38 - 2014-12-29 11:39 - 00006544 _____ () C:\Users\v358win\Desktop\FRST.txt
2014-12-29 11:38 - 2014-12-29 11:38 - 00000000 ____D () C:\FRST
2014-12-29 11:37 - 2014-12-29 11:37 - 02123264 _____ (Farbar) C:\Users\v358win\Desktop\FRST64.exe
2014-12-29 11:21 - 2014-12-29 11:21 - 00000000 ____D () C:\Users\v358win\AppData\Roaming\Dropbox
2014-12-29 11:11 - 2014-12-29 11:11 - 00000000 ____D () C:\Users\v358win\AppData\Roaming\AVAST Software
2014-12-29 11:10 - 2014-12-29 11:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-29 11:10 - 2014-12-29 11:10 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1419880247609
2014-12-29 11:10 - 2014-12-29 11:10 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-29 11:10 - 2014-12-29 11:10 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-29 11:10 - 2014-12-29 11:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-29 11:10 - 2014-12-29 11:10 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-29 11:10 - 2014-12-29 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 11:07 - 2014-12-29 11:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 11:06 - 2014-12-29 11:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-29 11:05 - 2014-12-29 11:05 - 05006864 _____ (AVAST Software) C:\Users\v358win\Downloads\avast_free_antivirus_setup_online.exe
2014-12-29 11:04 - 2014-12-29 11:04 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 11:04 - 2014-12-29 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 11:03 - 2014-12-29 11:17 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-452044520-4055168981-2684586079-1001
2014-12-29 11:02 - 2014-12-29 11:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 11:02 - 2014-12-29 11:07 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 11:02 - 2014-12-29 11:04 - 00000000 ____D () C:\Users\v358win\AppData\Local\Google
2014-12-29 11:02 - 2014-12-29 11:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 11:02 - 2014-12-29 11:02 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-29 11:02 - 2014-12-29 11:02 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-29 11:02 - 2014-12-29 11:02 - 00000000 ____D () C:\Users\v358win\AppData\Local\Deployment
2014-12-29 11:02 - 2014-12-29 11:02 - 00000000 ____D () C:\Users\v358win\AppData\Local\Apps\2.0
2014-12-29 10:59 - 2014-12-29 10:59 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5612B485-2F60-425A-970D-56EC9D4E6179}
2014-12-29 10:59 - 2014-12-29 10:59 - 00000000 ____D () C:\Users\v358win\AppData\Roaming\Macromedia
2014-12-29 10:56 - 2014-12-29 11:35 - 00000000 __RDO () C:\Users\v358win\SkyDrive
2014-12-29 10:55 - 2014-12-29 11:38 - 00008512 _____ () C:\Users\v358win\AppData\Roaming\msconfig.ini
2014-12-29 10:55 - 2014-12-29 11:36 - 00045097 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 10:55 - 2014-12-29 10:55 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-12-29 10:54 - 2014-12-29 10:56 - 00000000 ____D () C:\Users\v358win
2014-12-29 10:54 - 2014-12-29 10:55 - 00000000 ____D () C:\Users\v358win\AppData\Local\Packages
2014-12-29 10:54 - 2014-12-29 10:54 - 00003378 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2014-12-29 10:54 - 2014-12-29 10:54 - 00001442 _____ () C:\Users\v358win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-29 10:54 - 2014-12-29 10:54 - 00000020 ___SH () C:\Users\v358win\ntuser.ini
2014-12-29 10:54 - 2014-12-29 10:54 - 00000000 ____D () C:\Windows\Setup
2014-12-29 10:54 - 2014-12-29 10:54 - 00000000 ____D () C:\Users\v358win\AppData\Roaming\Adobe
2014-12-29 10:54 - 2014-12-29 10:54 - 00000000 ____D () C:\Users\v358win\AppData\Local\VirtualStore
2014-12-29 10:54 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\v358win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 10:54 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\v358win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 10:54 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\v358win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-29 10:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\v358win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 10:52 - 2014-12-29 10:52 - 00000000 ____D () C:\Windows\CSC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-29 19:50 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-12-29 19:48 - 2013-08-22 07:37 - 00002664 _____ () C:\Windows\DtcInstall.log
2014-12-29 19:48 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-29 19:47 - 2013-08-22 06:46 - 00011981 _____ () C:\Windows\setupact.log
2014-12-29 19:46 - 2013-09-29 20:02 - 00000804 _____ () C:\Windows\PFRO.log
2014-12-29 19:46 - 2013-08-22 06:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-29 19:45 - 2013-08-22 07:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-12-29 11:07 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\restore
2014-12-29 11:03 - 2013-09-29 20:14 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 11:02 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 10:57 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 10:57 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-29 10:56 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
Files to move or delete:
====================
C:\Users\v358win\AppData\Roaming\msconfig.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-29 19:46
==================== End Of Log ============================
Addition izvestaj:
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 09:42
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
() C:\ProgramData\NT Kernel\NTKernel.exe
HKU\S-1-5-21-452044520-4055168981-2684586079-1001\...\Winlogon: [Shell] C:\ProgramData\NT Kernel\NTKernel.exe [290816 2014-02-15] () <==== ATTENTION
C:\Users\v358win\AppData\Roaming\msconfig.ini
EmptyTemp:
U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 12:56
|
offline
- v358
- Novi MyCity građanin
- Pridružio: 29 Dec 2014
- Poruke: 16
|
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by v358win at 2014-12-30 12:50:45 Run:1
Running from C:\Users\v358win\Desktop
Loaded Profile: v358win (Available profiles: v358win)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
() C:\ProgramData\NT Kernel\NTKernel.exe
HKU\S-1-5-21-452044520-4055168981-2684586079-1001\...\Winlogon: [Shell] C:\ProgramData\NT Kernel\NTKernel.exe [290816 2014-02-15] () <==== ATTENTION
C:\Users\v358win\AppData\Roaming\msconfig.ini
EmptyTemp:
*****************
[1264] C:\ProgramData\NT Kernel\NTKernel.exe => Process closed successfully.
HKU\S-1-5-21-452044520-4055168981-2684586079-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\v358win\AppData\Roaming\msconfig.ini => Moved successfully.
EmptyTemp: => Removed 74.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:50:50 ====
|
|
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 14:40
|
offline
- v358
- Novi MyCity građanin
- Pridružio: 29 Dec 2014
- Poruke: 16
|
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by v358win at 2014-12-30 14:37:13 Run:2
Running from C:\Users\v358win\Desktop
Loaded Profile: v358win (Available profiles: v358win)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\NT Kernel
*****************
C:\ProgramData\NT Kernel => Moved successfully.
==== End of Fixlog 14:37:13 ====
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 14:43
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Nisi mi rekao kakvo je sada stanje.
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 15:05
|
offline
- v358
- Novi MyCity građanin
- Pridružio: 29 Dec 2014
- Poruke: 16
|
Napisano: 30 Dec 2014 14:47
Javicu vam, samo da Avast zavrsi skeniranje.
Dopuna: 30 Dec 2014 15:05
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 15:45
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Našao je samo obrisan fajl u FRST-ovom karantinu. Nemoj ga još brisati.
Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:
C:\FRST\Quarantine
i pošalji ga preko sljedećeg linka:
http://www.mycity.rs/ambulanta-upload.php
Kada ovo uradiš onda ga možeš obrisati.
Obavićemo još i ARK provjeru:
Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.
 Dvoklikom pokreni MBAR ( ) na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;
• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;
Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.
>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.
>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.
Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.
Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt
Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 16:13
|
offline
- v358
- Novi MyCity građanin
- Pridružio: 29 Dec 2014
- Poruke: 16
|
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
malwarebytes.org
Database version: v2014.12.30.05
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.16438
v358win :: V358 [administrator]
12/30/2014 3:53:57 PM
mbar-log-2014-12-30 (15-53-57).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 310498
Time elapsed: 15 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 30 Dec 2014 16:18
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Sada si čist. Ostaje ti još da uradiš sljedeće.
|
|
|
|
|
|
