Posle update win 7 pojavio mi se crni ekran

1

Posle update win 7 pojavio mi se crni ekran

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 04 Feb 2015 2:12

prntscr.com/60sv39

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 04 Feb 2015 2:13

Digao sam novi sistem 11neco11 mi je dao link od windowsa i kad sam digao i odradio update pojavila mi se crna pozadina nestala je slika

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Napisano: 04 Feb 2015 2:32

Sistem ti je čist što se malwarea tiče.

Dopuna: 04 Feb 2015 2:33

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 04 Feb 2015 2:41

uradio sam to

Dopuna: 04 Feb 2015 3:12

prntscr.com/60tatj
sta znaci ovaj prozor sto mi se otvorio ?

Dopuna: 04 Feb 2015 3:35

i opet mi se pojavljuju one reklame ja kad god udjem negde zakacim nesto nemogu da verujem vise kao da idem nzm gde

Dopuna: 04 Feb 2015 4:19

prntscr.com/60tt92
opet cu postaviti izvestaj i ako mozes da mi kazes sta pogresno radim,zbog cega mi se pojavljuju stranice i xtab i te stvari u cemu je problem?dok sam trazio drajvere vec sam skinuo nzm ni ja sta sve,sve mi je bolje sa starijim windowsima imam original cd-ove i nisam morao toliko da skidam sa neta :S


mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obriši te stavke koje je MBAM pronašao, pa mi onda postavi nove FRST.txt i Addition.txt izvještaje.

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 05 Feb 2015 14:24

on je to sve stavio u quarantine

Dopuna: 05 Feb 2015 14:56

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 05 Feb 2015 15:20

prntscr.com/61cvlu
ovo mi izbaci kad pokusam new tab

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&q={searchTerms}
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&ts=1423014607&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&ts=1423014607&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&ts=1423014607&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&ts=1423014607&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603&ts=1423014607&type=default&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1423014561&from=amt&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1892060320603
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: mystartsearch
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\1kvknn5z.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\1kvknn5z.default\extensions\faststartff@gmail.com
C:\ProgramData\IHProtectUpDate
C:\ProgramData\WindowsMangerProtect
C:\Users\Dezika\AppData\Roaming\mystartsearch
Tasks\{B258D161-54E5-4742-A7E0-275F8D8A90D3} => pcalua.exe -a C:\Users\Dezika\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
C:\Users\Dezika\AppData\Roaming\mystartsearch
Task: {8E6570CA-B262-4F19-9A16-9F8DFFD3ACD0} - System32\Tasks\AVZPCDVU => C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe <==== ATTENTION
Task: {B091252C-AE3A-492C-B2D5-22EFC1859D6F} - System32\Tasks\MI => C:\Users\Dezika\AppData\Roaming\MI.exe <==== ATTENTION
C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe
C:\Users\Dezika\AppData\Roaming\MI.exe
Task: C:\Windows\Tasks\AVZPCDVU.job => C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe <==== ATTENTION
Task: C:\Windows\Tasks\MI.job => C:\Users\Dezika\AppData\Roaming\MI.exe <==== ATTENTION
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

Napisano: 05 Feb 2015 17:18

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-02-2015 01
Ran by Dezika at 2015-02-05 17:15:18 Run:1
Running from C:\Users\Dezika\Desktop
Loaded Profiles: Dezika (Available profiles: Dezika)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\mystartsearch\uninstallmanager.exe <====== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mystartsearch.com/?type=hp&ts=142301456.....2060320603
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mystartsearch.com/web/?type=ds&ts=14230.....0320603&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mystartsearch.com/?type=hp&ts=142301456.....2060320603
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = mystartsearch.com/web/?type=ds&ts=14230.....0320603&q={searchTerms}
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = mystartsearch.com/?type=hp&ts=142301456.....2060320603
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mystartsearch.com/?type=hp&ts=142301456.....2060320603
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = mystartsearch.com/web/?type=ds&ts=14230.....0320603&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = mystartsearch.com/web/?type=ds&ts=14230.....0320603&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = mystartsearch.com/web/?utm_source=b&utm.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = mystartsearch.com/web/?utm_source=b&utm.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = mystartsearch.com/web/?utm_source=b&utm.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = mystartsearch.com/web/?utm_source=b&utm.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3609390036-2450797130-3040472919-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = mystartsearch.com/web/?utm_source=b&utm.....default&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe mystartsearch.com/?type=sc&ts=142301456.....2060320603
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: mystartsearch
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\1kvknn5z.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Dezika\AppData\Roaming\Mozilla\Firefox\Profiles\1kvknn5z.default\extensions\faststartff@gmail.com
C:\ProgramData\IHProtectUpDate
C:\ProgramData\WindowsMangerProtect
C:\Users\Dezika\AppData\Roaming\mystartsearch
Tasks\{B258D161-54E5-4742-A7E0-275F8D8A90D3} => pcalua.exe -a C:\Users\Dezika\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Dezika\AppData\Roaming\mystartsearch
Task: {8E6570CA-B262-4F19-9A16-9F8DFFD3ACD0} - System32\Tasks\AVZPCDVU => C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe <==== ATTENTION
Task: {B091252C-AE3A-492C-B2D5-22EFC1859D6F} - System32\Tasks\MI => C:\Users\Dezika\AppData\Roaming\MI.exe <==== ATTENTION
C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe
C:\Users\Dezika\AppData\Roaming\MI.exe
Task: C:\Windows\Tasks\AVZPCDVU.job => C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe <==== ATTENTION
Task: C:\Windows\Tasks\MI.job => C:\Users\Dezika\AppData\Roaming\MI.exe <==== ATTENTION
EmptyTemp:
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3609390036-2450797130-3040472919-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Users\Dezika\AppData\Roaming\mystartsearch => Moved successfully.
Tasks\{B258D161-54E5-4742-A7E0-275F8D8A90D3} => pcalua.exe -a C:\Users\Dezika\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt => Error: No automatic fix found for this entry.
"C:\Users\Dezika\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E6570CA-B262-4F19-9A16-9F8DFFD3ACD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E6570CA-B262-4F19-9A16-9F8DFFD3ACD0}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVZPCDVU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVZPCDVU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B091252C-AE3A-492C-B2D5-22EFC1859D6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B091252C-AE3A-492C-B2D5-22EFC1859D6F}" => Key deleted successfully.
C:\Windows\System32\Tasks\MI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MI" => Key deleted successfully.
"C:\Users\Dezika\AppData\Roaming\AVZPCDVU.exe" => File/Directory not found.
"C:\Users\Dezika\AppData\Roaming\MI.exe" => File/Directory not found.
C:\Windows\Tasks\AVZPCDVU.job => Moved successfully.
C:\Windows\Tasks\MI.job => Moved successfully.
EmptyTemp: => Removed 903.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:15:46 ====

Dopuna: 05 Feb 2015 17:24

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 10 Jan 2015
  • Poruke: 192
  • Gde živiš: Novi Sad

prntscr.com/61ig33
izbacilo mi ovo

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Zatvori MBAM kao što ti kaže na slici.

Ko je trenutno na forumu
 

Ukupno su 760 korisnika na forumu :: 26 registrovanih, 5 sakrivenih i 729 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., altec.gs, Bane san, bata melenčan, chica, Drug pukovnik, FOX, Georgius, goxin, GveX, ikan, janezek67, kulus, kybonacci, Marko Marković, Milan A. Nikolic, Mlav, nenad81, perica5, Pohovani_00, royst33, suton, Toper, vasa.93, vladas87, W123