VirTool

1

VirTool

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Napisano: 12 Jul 2014 14:59

MSE mi je trazilo skeniranje ja sam dozvolio da se skenira,nakon toga otisao sam u History i vidio da imam dva VirTool,da li je virus?

Dopuna: 12 Jul 2014 15:00

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nije virus (fajl infektor) već je u pitanju autorun.inf okidač na prenosivim diskovima.

Možeš ih izbgrisati, a ako želiš da provjerimo tvoj sistem moraćeš ispratiti uputstvo za otvaranje teme i postaviti tražene izvještaje.

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
Ran by Luta (administrator) on LUTA-PC on 12-07-2014 15:26:46
Running from C:\Users\Luta\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [Google Update] => C:\Users\Luta\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-08] (Google Inc.)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [uTorrent] => C:\Users\Luta\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4B7A7833FCECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_90.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Luta\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "hxxp://www.google.co.uk/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-05-22] (Microsoft Corporation) [File not signed]
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [252784 2010-07-14] ()

==================== Drivers (Whitelisted) ====================

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2009-10-29] (ZTE Incorporated) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl789522b8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC7FC027-5368-4E5F-82D5-A44AAA98E208}\MpKsl789522b8.sys [39464 2014-07-12] (Microsoft Corporation)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks) [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2011-10-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2011-10-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2011-10-27] (MCCI Corporation)
S3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2008-07-24] () [File not signed]
S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2008-07-24] () [File not signed]
S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S1 AntiKill; No ImagePath
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U2 sppspv;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 15:26 - 2014-07-12 15:27 - 00009396 _____ () C:\Users\Luta\Desktop\FRST.txt
2014-07-12 15:26 - 2014-07-12 15:26 - 00000000 ____D () C:\FRST
2014-07-12 15:24 - 2014-07-12 15:24 - 01075200 _____ (Farbar) C:\Users\Luta\Desktop\FRST.exe
2014-07-11 12:58 - 2014-07-12 09:55 - 00000224 _____ () C:\Windows\setupact.log
2014-07-11 12:58 - 2014-07-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 11:55 - 2014-07-10 16:07 - 00000000 ____D () C:\Users\Luta\Desktop\The.Wolf.Among.Us.Episode.5-CODEX
2014-07-09 20:52 - 2014-07-09 20:52 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Qualys
2014-07-07 15:25 - 2014-07-07 15:25 - 00000000 ____D () C:\Program Files\EaseUS
2014-07-02 00:35 - 2014-07-02 12:04 - 00000000 ____D () C:\Users\Luta\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2014-06-30 18:53 - 2014-06-30 19:10 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-30 11:11 - 2014-06-30 11:11 - 00000000 ____D () C:\Users\Luta\Desktop\Dino Merlin 2014 - Hotel Nacional (Album)
2014-06-29 00:51 - 2014-07-05 12:42 - 00000000 ____D () C:\Users\Luta\Downloads\PESEdit.com 2014 Patch 4.4
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 12:37 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-18 12:37 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-16 16:20 - 2014-06-17 19:16 - 00000000 ____D () C:\Users\Luta\Downloads\PesEgyWorldCupPatchPes13ByWalidTity_201406
2014-06-15 13:09 - 2014-06-18 12:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-15 10:41 - 2014-06-15 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-12 15:27 - 2014-07-12 15:26 - 00009396 _____ () C:\Users\Luta\Desktop\FRST.txt
2014-07-12 15:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-07-12 15:26 - 2014-07-12 15:26 - 00000000 ____D () C:\FRST
2014-07-12 15:24 - 2014-07-12 15:24 - 01075200 _____ (Farbar) C:\Users\Luta\Desktop\FRST.exe
2014-07-12 15:02 - 2012-03-17 15:59 - 00000000 ____D () C:\ProgramData\MCShield
2014-07-12 14:39 - 2012-01-08 22:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000UA.job
2014-07-12 14:38 - 2014-05-02 18:46 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\uTorrent
2014-07-12 14:12 - 2012-01-08 09:44 - 01339582 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 13:52 - 2013-11-28 20:47 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000UA.job
2014-07-12 10:03 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:03 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:55 - 2014-07-11 12:58 - 00000224 _____ () C:\Windows\setupact.log
2014-07-12 09:55 - 2012-01-08 06:55 - 00000000 ____D () C:\Users\Luta
2014-07-12 09:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 21:39 - 2012-01-08 22:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000Core.job
2014-07-11 19:52 - 2013-11-28 20:47 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000Core.job
2014-07-11 15:38 - 2014-01-20 04:30 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Audacity
2014-07-11 12:58 - 2014-07-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 16:07 - 2014-07-10 11:55 - 00000000 ____D () C:\Users\Luta\Desktop\The.Wolf.Among.Us.Episode.5-CODEX
2014-07-09 20:52 - 2014-07-09 20:52 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Qualys
2014-07-09 14:32 - 2012-01-08 06:53 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 13:15 - 2012-01-18 01:47 - 00000000 ____D () C:\Users\Luta\Desktop\NIKOLA
2014-07-09 00:02 - 2013-05-17 01:22 - 00000000 ____D () C:\Users\Luta\Desktop\MUZIKA
2014-07-07 15:25 - 2014-07-07 15:25 - 00000000 ____D () C:\Program Files\EaseUS
2014-07-07 14:02 - 2012-08-21 07:01 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Skype
2014-07-07 01:45 - 2012-01-10 03:11 - 00000000 ____D () C:\Users\Luta\Desktop\LUKA
2014-07-05 12:42 - 2014-06-29 00:51 - 00000000 ____D () C:\Users\Luta\Downloads\PESEdit.com 2014 Patch 4.4
2014-07-05 12:36 - 2012-07-29 18:02 - 00000000 ____D () C:\Users\Luta\Desktop\MOJI FILMOVI
2014-07-03 18:50 - 2012-12-07 23:03 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Liteon
2014-07-02 12:04 - 2014-07-02 00:35 - 00000000 ____D () C:\Users\Luta\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2014-06-30 19:12 - 2012-02-15 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-06-30 19:10 - 2014-06-30 18:53 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-30 11:11 - 2014-06-30 11:11 - 00000000 ____D () C:\Users\Luta\Desktop\Dino Merlin 2014 - Hotel Nacional (Album)
2014-06-28 15:49 - 2013-08-10 04:45 - 00000311 _____ () C:\Users\Luta\Desktop\Documents\sasa.txt
2014-06-26 15:40 - 2009-07-14 06:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-26 00:48 - 2014-05-11 13:26 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 00:48 - 2014-05-11 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 00:48 - 2014-05-11 13:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 12:19 - 2014-05-04 05:27 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 12:19 - 2012-08-21 07:00 - 00000000 ____D () C:\ProgramData\Skype
2014-06-18 12:53 - 2014-01-15 01:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 12:47 - 2012-02-25 15:42 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 12:24 - 2014-06-15 13:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-17 19:16 - 2014-06-16 16:20 - 00000000 ____D () C:\Users\Luta\Downloads\PesEgyWorldCupPatchPes13ByWalidTity_201406
2014-06-15 11:15 - 2014-01-21 14:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-15 10:43 - 2014-06-15 10:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 12:18

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
Task: {8509A160-B69C-4405-8B5E-3CEC0B587433} - \Go for FilesUpdate No Task File <==== ATTENTION


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Luta at 2014-07-12 15:45:53 Run:1
Running from C:\Users\Luta\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
Task: {8509A160-B69C-4405-8B5E-3CEC0B587433} - \Go for FilesUpdate No Task File <==== ATTENTION
*****************

C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml => Moved successfully.
C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp' => Key deleted successfully.
"C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8509A160-B69C-4405-8B5E-3CEC0B587433}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8509A160-B69C-4405-8B5E-3CEC0B587433}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate' => Key deleted successfully.

==== End of Fixlog ====


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Čist si. Ostaje ti još da ukloniš korišćenje alate:

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • pr1Ze
  • Pridružio: 20 Apr 2012
  • Poruke: 1640

Napisano: 12 Jul 2014 16:40

Hvala puno @ Sass Drake

Dopuna: 12 Jul 2014 16:43

Jos ovo mogu li kako da izbrisem iz karantine

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Desni klik na bijelu površinu -> Obriši sve.

Ko je trenutno na forumu
 

Ukupno su 787 korisnika na forumu :: 38 registrovanih, 3 sakrivenih i 746 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, arsa, babaroga, babo5, bata melenčan, Belac91, branko7, Brankoni, cikadeda, Denox, Dimitrise93, doloress, draggan, Georgius, Korisnik038, Kruger, kybonacci, lukac, Marko Marković, Markoni29, mercedesamg, Milan A. Nikolic, Milos ZA, moldway, NoOneEver Dreams, panonski mornar, rovac, S2M, sakota79, Singidunumac, Snorks, sombrero, tomigun, Toni, USSVoyager, virked, wizzardone