VirTool

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 12 Jul 2014 14:59

MSE mi je trazilo skeniranje ja sam dozvolio da se skenira,nakon toga otisao sam u History i vidio da imam dva VirTool,da li je virus?

Dopuna: 12 Jul 2014 15:00

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije virus (fajl infektor) već je u pitanju autorun.inf okidač na prenosivim diskovima.

Možeš ih izbgrisati, a ako želiš da provjerimo tvoj sistem moraćeš ispratiti uputstvo za otvaranje teme i postaviti tražene izvještaje.

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
Ran by Luta (administrator) on LUTA-PC on 12-07-2014 15:26:46
Running from C:\Users\Luta\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [Google Update] => C:\Users\Luta\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-08] (Google Inc.)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Run: [uTorrent] => C:\Users\Luta\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-2787396597-1344915912-1888278398-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4B7A7833FCECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_90.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Luta\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Luta\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "hxxp://www.google.co.uk/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Luta\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-05-22] (Microsoft Corporation) [File not signed]
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [252784 2010-07-14] ()

==================== Drivers (Whitelisted) ====================

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2009-10-29] (ZTE Incorporated) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl789522b8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC7FC027-5368-4E5F-82D5-A44AAA98E208}\MpKsl789522b8.sys [39464 2014-07-12] (Microsoft Corporation)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks) [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2011-10-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2011-10-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2011-10-27] (MCCI Corporation)
S3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2008-07-24] () [File not signed]
S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2008-07-24] () [File not signed]
S3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105088 2009-10-29] (ZTE Incorporated) [File not signed]
S1 AntiKill; No ImagePath
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U2 sppspv;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 15:26 - 2014-07-12 15:27 - 00009396 _____ () C:\Users\Luta\Desktop\FRST.txt
2014-07-12 15:26 - 2014-07-12 15:26 - 00000000 ____D () C:\FRST
2014-07-12 15:24 - 2014-07-12 15:24 - 01075200 _____ (Farbar) C:\Users\Luta\Desktop\FRST.exe
2014-07-11 12:58 - 2014-07-12 09:55 - 00000224 _____ () C:\Windows\setupact.log
2014-07-11 12:58 - 2014-07-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 11:55 - 2014-07-10 16:07 - 00000000 ____D () C:\Users\Luta\Desktop\The.Wolf.Among.Us.Episode.5-CODEX
2014-07-09 20:52 - 2014-07-09 20:52 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Qualys
2014-07-07 15:25 - 2014-07-07 15:25 - 00000000 ____D () C:\Program Files\EaseUS
2014-07-02 00:35 - 2014-07-02 12:04 - 00000000 ____D () C:\Users\Luta\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2014-06-30 18:53 - 2014-06-30 19:10 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-30 11:11 - 2014-06-30 11:11 - 00000000 ____D () C:\Users\Luta\Desktop\Dino Merlin 2014 - Hotel Nacional (Album)
2014-06-29 00:51 - 2014-07-05 12:42 - 00000000 ____D () C:\Users\Luta\Downloads\PESEdit.com 2014 Patch 4.4
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 12:37 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-18 12:37 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-16 16:20 - 2014-06-17 19:16 - 00000000 ____D () C:\Users\Luta\Downloads\PesEgyWorldCupPatchPes13ByWalidTity_201406
2014-06-15 13:09 - 2014-06-18 12:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-15 10:41 - 2014-06-15 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-12 15:27 - 2014-07-12 15:26 - 00009396 _____ () C:\Users\Luta\Desktop\FRST.txt
2014-07-12 15:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-07-12 15:26 - 2014-07-12 15:26 - 00000000 ____D () C:\FRST
2014-07-12 15:24 - 2014-07-12 15:24 - 01075200 _____ (Farbar) C:\Users\Luta\Desktop\FRST.exe
2014-07-12 15:02 - 2012-03-17 15:59 - 00000000 ____D () C:\ProgramData\MCShield
2014-07-12 14:39 - 2012-01-08 22:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000UA.job
2014-07-12 14:38 - 2014-05-02 18:46 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\uTorrent
2014-07-12 14:12 - 2012-01-08 09:44 - 01339582 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 13:52 - 2013-11-28 20:47 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000UA.job
2014-07-12 10:03 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:03 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:55 - 2014-07-11 12:58 - 00000224 _____ () C:\Windows\setupact.log
2014-07-12 09:55 - 2012-01-08 06:55 - 00000000 ____D () C:\Users\Luta
2014-07-12 09:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 21:39 - 2012-01-08 22:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000Core.job
2014-07-11 19:52 - 2013-11-28 20:47 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2787396597-1344915912-1888278398-1000Core.job
2014-07-11 15:38 - 2014-01-20 04:30 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Audacity
2014-07-11 12:58 - 2014-07-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 16:07 - 2014-07-10 11:55 - 00000000 ____D () C:\Users\Luta\Desktop\The.Wolf.Among.Us.Episode.5-CODEX
2014-07-09 20:52 - 2014-07-09 20:52 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Qualys
2014-07-09 14:32 - 2012-01-08 06:53 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 13:15 - 2012-01-18 01:47 - 00000000 ____D () C:\Users\Luta\Desktop\NIKOLA
2014-07-09 00:02 - 2013-05-17 01:22 - 00000000 ____D () C:\Users\Luta\Desktop\MUZIKA
2014-07-07 15:25 - 2014-07-07 15:25 - 00000000 ____D () C:\Program Files\EaseUS
2014-07-07 14:02 - 2012-08-21 07:01 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Skype
2014-07-07 01:45 - 2012-01-10 03:11 - 00000000 ____D () C:\Users\Luta\Desktop\LUKA
2014-07-05 12:42 - 2014-06-29 00:51 - 00000000 ____D () C:\Users\Luta\Downloads\PESEdit.com 2014 Patch 4.4
2014-07-05 12:36 - 2012-07-29 18:02 - 00000000 ____D () C:\Users\Luta\Desktop\MOJI FILMOVI
2014-07-03 18:50 - 2012-12-07 23:03 - 00000000 ____D () C:\Users\Luta\AppData\Roaming\Liteon
2014-07-02 12:04 - 2014-07-02 00:35 - 00000000 ____D () C:\Users\Luta\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2014-06-30 19:12 - 2012-02-15 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-06-30 19:10 - 2014-06-30 18:53 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-30 11:11 - 2014-06-30 11:11 - 00000000 ____D () C:\Users\Luta\Desktop\Dino Merlin 2014 - Hotel Nacional (Album)
2014-06-28 15:49 - 2013-08-10 04:45 - 00000311 _____ () C:\Users\Luta\Desktop\Documents\sasa.txt
2014-06-26 15:40 - 2009-07-14 06:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-26 00:48 - 2014-05-11 13:26 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 00:48 - 2014-05-11 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 00:48 - 2014-05-11 13:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-21 12:19 - 2014-06-21 12:19 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 12:19 - 2014-05-04 05:27 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 12:19 - 2012-08-21 07:00 - 00000000 ____D () C:\ProgramData\Skype
2014-06-18 12:53 - 2014-01-15 01:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 12:47 - 2012-02-25 15:42 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 12:24 - 2014-06-15 13:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-17 19:16 - 2014-06-16 16:20 - 00000000 ____D () C:\Users\Luta\Downloads\PesEgyWorldCupPatchPes13ByWalidTity_201406
2014-06-15 11:15 - 2014-01-21 14:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-15 10:43 - 2014-06-15 10:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 12:18

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
Task: {8509A160-B69C-4405-8B5E-3CEC0B587433} - \Go for FilesUpdate No Task File <==== ATTENTION


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Luta at 2014-07-12 15:45:53 Run:1
Running from C:\Users\Luta\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF SearchPlugin: C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR HKLM\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-08-21]
Task: {8509A160-B69C-4405-8B5E-3CEC0B587433} - \Go for FilesUpdate No Task File <==== ATTENTION
*****************

C:\Users\Luta\AppData\Roaming\Mozilla\Firefox\Profiles\czeeoebj.default\searchplugins\mb2-customized-web-search.xml => Moved successfully.
C:\Users\Luta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp' => Key deleted successfully.
"C:\Users\Luta\AppData\Roaming\speedtest4354\speedtest4354.crx" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8509A160-B69C-4405-8B5E-3CEC0B587433}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8509A160-B69C-4405-8B5E-3CEC0B587433}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate' => Key deleted successfully.

==== End of Fixlog ====


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Čist si. Ostaje ti još da ukloniš korišćenje alate:

• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 12 Jul 2014 16:40

Hvala puno @ Sass Drake

Dopuna: 12 Jul 2014 16:43

Jos ovo mogu li kako da izbrisem iz karantine

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Desni klik na bijelu površinu -> Obriši sve.