Win32 Malware

Win32 Malware

offline
  • Pridružio: 18 Nov 2015
  • Poruke: 7

Zdravo. Koristim Windows 8.1 64 bitna verzija . Skenirao sam sa Avastom i prijavio mi je da je naisao na sledece inficirane fajlove, slika ispod. Pritisnuo sam dugme Close.


Ispratio sam uputstva za FRST64, ali cim sam ga pokrenuo pojavilo se sledece obavestenje (slika ispod).
Isao sam na dugme Close.


Nakon toga sam izvrsio skeniranje. Evo izvestaja

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Somnabulist (administrator) on MARKO (19-11-2015 00:13:17)
Running from C:\Users\Somnabulist\Desktop
Loaded Profiles: Somnabulist (Available Profiles: Somnabulist)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-18] (AVAST Software)
HKU\S-1-5-21-971146872-749371668-1217235381-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2328872 2014-02-16] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-18] (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:103dc193 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DE3D48B3-56E4-4038-BF8E-C369C43AEDF7}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-18] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-18] (AVAST Software)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-18] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-18]

Chrome:
=======
CHR Profile: C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-18]
CHR Extension: (Google документи) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18]
CHR Extension: (Google диск) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Google табеле) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-18]
CHR Extension: (Google документи офлајн) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-18]
CHR Extension: (Gmail) - C:\Users\Somnabulist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-18] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-18] (AVAST Software)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 07:26 - 2015-11-19 07:26 - 00003378 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-11-19 07:26 - 2015-11-19 07:26 - 00001442 _____ C:\Users\Somnabulist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-19 07:26 - 2015-11-19 07:26 - 00000020 ___SH C:\Users\Somnabulist\ntuser.ini
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Windows\Setup
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Windows\CSC
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Users\Somnabulist\AppData\Roaming\Adobe
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Users\Somnabulist\AppData\Local\VirtualStore
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Users\Somnabulist\AppData\Local\Packages
2015-11-19 07:26 - 2015-11-19 07:26 - 00000000 ____D C:\Users\Somnabulist
2015-11-19 07:26 - 2015-11-19 00:12 - 00000000 __SHD C:\ProgramData\NT Kernel
2015-11-19 07:26 - 2015-11-19 00:11 - 00011136 _____ C:\Users\Somnabulist\AppData\Roaming\msconfig.ini
2015-11-19 07:26 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Somnabulist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-19 07:26 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Somnabulist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-19 07:26 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Somnabulist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-19 07:26 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Somnabulist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-19 07:21 - 2015-11-19 07:26 - 00000000 ____D C:\Windows\Panther
2015-11-19 00:13 - 2015-11-19 00:13 - 00006792 _____ C:\Users\Somnabulist\Desktop\FRST.txt
2015-11-19 00:09 - 2015-11-19 00:09 - 02008576 _____ (Farbar) C:\Users\Somnabulist\Desktop\FRST64.exe
2015-11-19 00:06 - 2015-11-19 00:13 - 00000000 ____D C:\FRST
2015-11-18 23:46 - 2015-11-18 23:47 - 00000000 ____D C:\Users\Somnabulist\Desktop\hwmonitor_1.28
2015-11-18 23:43 - 2015-11-18 23:42 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-18 23:42 - 2015-11-18 23:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-18 23:42 - 2015-11-18 23:42 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-18 23:42 - 2015-11-18 23:42 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-18 23:42 - 2015-11-18 23:42 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-18 23:42 - 2015-11-18 23:42 - 00000000 ____D C:\Users\Somnabulist\AppData\Roaming\AVAST Software
2015-11-18 23:42 - 2015-11-18 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-18 23:41 - 2015-11-18 23:41 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-18 23:40 - 2015-11-18 23:40 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-18 23:39 - 2015-11-18 23:48 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-971146872-749371668-1217235381-1001
2015-11-18 23:39 - 2015-11-18 23:39 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-18 23:39 - 2015-11-18 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-18 23:38 - 2015-11-19 00:12 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-18 23:38 - 2015-11-18 23:43 - 00000954 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 23:38 - 2015-11-18 23:39 - 00000000 ____D C:\Users\Somnabulist\AppData\Local\Google
2015-11-18 23:38 - 2015-11-18 23:39 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-18 23:38 - 2015-11-18 23:38 - 00003926 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-18 23:38 - 2015-11-18 23:38 - 00003690 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-18 23:38 - 2015-11-18 23:38 - 00000000 ____D C:\Users\Somnabulist\AppData\Local\Deployment
2015-11-18 23:38 - 2015-11-18 23:38 - 00000000 ____D C:\Users\Somnabulist\AppData\Local\Apps\2.0
2015-11-18 23:37 - 2015-11-18 23:49 - 00007131 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 07:23 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-11-19 07:22 - 2013-08-22 16:37 - 00002664 _____ C:\Windows\DtcInstall.log
2015-11-19 07:22 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-11-19 07:22 - 2013-08-22 15:46 - 00011751 _____ C:\Windows\setupact.log
2015-11-19 07:21 - 2013-08-22 16:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-11-19 07:21 - 2013-08-22 15:44 - 00335784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-19 00:11 - 2013-09-30 05:02 - 00001354 _____ C:\Windows\PFRO.log
2015-11-19 00:11 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 00:11 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-18 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-18 23:40 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-18 23:37 - 2013-09-30 05:14 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-11-19 07:26 - 2015-11-19 00:11 - 0011136 _____ () C:\Users\Somnabulist\AppData\Roaming\msconfig.ini

Files to move or delete:
====================
C:\Users\Somnabulist\AppData\Roaming\msconfig.ini


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-19 07:21

==================== End of FRST.txt ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

2015-11-19 07:26 - 2015-11-19 00:12 - 00000000 __SHD C:\ProgramData\NT Kernel
2015-11-19 07:26 - 2015-11-19 00:11 - 00011136 _____ C:\Users\Somnabulist\AppData\Roaming\msconfig.ini
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).





Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 18 Nov 2015
  • Poruke: 7

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
malwarebytes.org

Database version:
main: v2015.11.19.05
rootkit: v2015.11.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.16438
Somnabulist :: MARKO [administrator]

11/19/2015 11:32:45 PM
mbar-log-2015-11-19 (23-32-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 306503
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Somnabulist (2015-11-19 23:29:21) Run:1
Running from C:\Users\Somnabulist\Desktop
Loaded Profiles: Somnabulist (Available Profiles: Somnabulist)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2015-11-19 07:26 - 2015-11-19 00:12 - 00000000 __SHD C:\ProgramData\NT Kernel
2015-11-19 07:26 - 2015-11-19 00:11 - 00011136 _____ C:\Users\Somnabulist\AppData\Roaming\msconfig.ini
EmptyTemp:
*****************

C:\ProgramData\NT Kernel => moved successfully
C:\Users\Somnabulist\AppData\Roaming\msconfig.ini => moved successfully
EmptyTemp: => 374.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:29:24 ====

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Question

Kakvo je sata stanje sistema?

offline
  • Pridružio: 18 Nov 2015
  • Poruke: 7

Napisano: 20 Nov 2015 18:33

Sve je u redu.


Dopuna: 20 Nov 2015 18:34

poslao sam fajl preko mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi onda bilo to.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 18 Nov 2015
  • Poruke: 7

Hvala puno na pomoci. Pozdrav.

Ko je trenutno na forumu
 

Ukupno su 779 korisnika na forumu :: 37 registrovanih, 6 sakrivenih i 736 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Sale, AleksSE, Apok, aramis s, Atomski čoban, Belac91, Brankoni, darkangel, denisnapast2015, Djokislav, draggan, dragoljub11987, Duško, FOX, gorantrojka, goxin, Hoegaarden, ILGromovnik, Kruger, ljuba, MB120mm, mercedesamg, riva, sabros, shone34, Smd, sokars, Stanlio, Steeeefan, stegonosa, Toper, trajkoni018, vlvl, Voivoda, YU-UKI, Živković