MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Pomoc

Napisano na dan: 8.8.2013
2

Pomoc
Pagination Prethodna strana

Idi na vrh

Poslao: 09 Avg 2013 22:37
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Napisano: 09 Avg 2013 22:22

Hvala vam, sve je bilo up to date.

Dopuna: 09 Avg 2013 22:37

I samo jos da kazem bio sam instalirao Anti-Malwerbytes, i on je ocitao nekih 20-tak malwera kojih sam obrisao

Poslao: 09 Avg 2013 23:11
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Marko Mrsic ::Napisano: 09 Avg 2013 22:22

Hvala vam, sve je bilo up to date.

Dopuna: 09 Avg 2013 22:37

I samo jos da kazem bio sam instalirao Anti-Malwerbytes, i on je ocitao nekih 20-tak malwera kojih sam obrisao

Hm ... mozes li da mi okacis log?

Poslao: 09 Avg 2013 23:36
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
malwarebytes.org

Database version: v2013.08.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marko :: MARKO-FCB67418A [administrator]

Protection: Enabled

09.08.2013 17:33:04
mbam-log-2013-08-09 (17-33-04).txt

Scan type: Full scan (C:\|D:\Smajli
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271971
Time elapsed: 50 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\Documents and Settings\Marko\Local Settings\Application Data\Flvto Youtube Downloader\adsetup.exe (PUP.Optional.Downware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marko\My Documents\Downloads\GOMPLAYERENSETUP-oc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marko\My Documents\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP102\A0076418.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078408.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078410.dll (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078411.exe (PUP.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078418.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078458.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078460.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080826.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080827.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080838.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080839.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP60\A0032098.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP61\A0033138.exe (PUP.Optional.Downware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP65\A0040210.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040373.dll (Adware.BProtector) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040374.exe (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040375.exe (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.

(end)



i ovaj log
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 17:24:13 +0200 MARKO-FCB67418A Marko MESSAGE Executing scheduled update: Daily
2013/08/09 17:31:43 +0200 MARKO-FCB67418A Marko MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.08.09.04
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE Starting database refresh
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE Stopping IP protection
2013/08/09 17:32:35 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection stopped successfully
2013/08/09 17:33:03 +0200 MARKO-FCB67418A Marko MESSAGE Database refreshed successfully
2013/08/09 17:33:03 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 17:34:25 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 20:59:38 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 21:24:48 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 23:31:15 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Starting protection
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Protection started successfully
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Starting IP protection
2013/08/09 23:33:50 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully

Poslao: 09 Avg 2013 23:52
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Kao sto sam i predpostavio, detektovani fajlovi ne predstavljaju aktivan malware. Nemas razloga za brigu. Wink

Trik je u tome da je MBAM krenuo agresivno protiv raznih adware-a i toolbarova (PUP = possible unwanted programs) a ostalo sto je detektovao je zahvaceno heuristikom (u pitanju je system restore).

Za vise informacija o PUP detekcijama klik i klik

- Resetuj system restore i detekcija vezana za "System Volume Information" ce nestati:
http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....a-7-8.html

- Sve ostalo (PUP.Optional.<naziv detekcije>) je ono sto MBAM smatra kao nepozeljen program ( adware - toolbar ) ali nista od toga nije maliciozno.

Takodje korisna tema za citanje:
http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html


Takodje za note, DelFix je resetovao system restore po pokretanju.

09.08.2013 17:33:04 --> Pustio si MBAM
09 Avg 2013 21:50 --> dao sam ti DelFix

Sto znaci da je MBAM detekcija koja je vezana za "System Volume Information" nastala pre pustanja DelFix alata.

Poslao: 09 Avg 2013 23:55
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Hvala jos jednom Poljubac

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Ko je trenutno na forumu
 

Ukupno su 1038 korisnika na forumu :: 20 registrovanih, 3 sakrivenih i 1015 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, dekir, djuradj, doloress, flash12, kybonacci, Mercury, Milos ZA, Milos1389, nebojsag, raykan, ruma, sabros, Sass Drake, tmanda323, Viceroy, voja64, zbazin, šumar bk2