MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Pomoc

Napisano na dan: 8.8.2013
2

Pomoc
Pagination Prethodna strana

Idi na vrh

Poslao: 09 Avg 2013 22:37
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Napisano: 09 Avg 2013 22:22

Hvala vam, sve je bilo up to date.

Dopuna: 09 Avg 2013 22:37

I samo jos da kazem bio sam instalirao Anti-Malwerbytes, i on je ocitao nekih 20-tak malwera kojih sam obrisao



Poslao: 09 Avg 2013 23:11
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Marko Mrsic ::Napisano: 09 Avg 2013 22:22

Hvala vam, sve je bilo up to date.

Dopuna: 09 Avg 2013 22:37

I samo jos da kazem bio sam instalirao Anti-Malwerbytes, i on je ocitao nekih 20-tak malwera kojih sam obrisao

Hm ... mozes li da mi okacis log?



Poslao: 09 Avg 2013 23:36
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Link mogu videti samo ulogovani korisnici]

Database version: v2013.08.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marko :: MARKO-FCB67418A [administrator]

Protection: Enabled

09.08.2013 17:33:04
mbam-log-2013-08-09 (17-33-04).txt

Scan type: Full scan (C:\|D:\Smajli
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271971
Time elapsed: 50 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\Documents and Settings\Marko\Local Settings\Application Data\Flvto Youtube Downloader\adsetup.exe (PUP.Optional.Downware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marko\My Documents\Downloads\GOMPLAYERENSETUP-oc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marko\My Documents\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP102\A0076418.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078408.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078410.dll (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078411.exe (PUP.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078418.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078458.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP103\A0078460.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080826.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080827.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080838.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP105\A0080839.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP60\A0032098.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP61\A0033138.exe (PUP.Optional.Downware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP65\A0040210.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040373.dll (Adware.BProtector) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040374.exe (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2F0FEDCF-D525-44D0-9521-8B5A624030C1}\RP66\A0040375.exe (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.

(end)



i ovaj log
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 17:24:04 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 17:24:13 +0200 MARKO-FCB67418A Marko MESSAGE Executing scheduled update: Daily
2013/08/09 17:31:43 +0200 MARKO-FCB67418A Marko MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.08.09.04
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE Starting database refresh
2013/08/09 17:32:33 +0200 MARKO-FCB67418A Marko MESSAGE Stopping IP protection
2013/08/09 17:32:35 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection stopped successfully
2013/08/09 17:33:03 +0200 MARKO-FCB67418A Marko MESSAGE Database refreshed successfully
2013/08/09 17:33:03 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 17:34:25 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 20:59:22 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 20:59:38 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 21:24:19 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 21:24:48 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Starting protection
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Protection started successfully
2013/08/09 23:30:51 +0200 MARKO-FCB67418A Marko MESSAGE Starting IP protection
2013/08/09 23:31:15 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Starting protection
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Protection started successfully
2013/08/09 23:33:13 +0200 MARKO-FCB67418A MESSAGE Starting IP protection
2013/08/09 23:33:50 +0200 MARKO-FCB67418A Marko MESSAGE IP Protection started successfully

Poslao: 09 Avg 2013 23:52
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Kao sto sam i predpostavio, detektovani fajlovi ne predstavljaju aktivan malware. Nemas razloga za brigu. Wink

Trik je u tome da je MBAM krenuo agresivno protiv raznih adware-a i toolbarova (PUP = possible unwanted programs) a ostalo sto je detektovao je zahvaceno heuristikom (u pitanju je system restore).

Za vise informacija o PUP detekcijama klik i klik

- Resetuj system restore i detekcija vezana za "System Volume Information" ce nestati:
[Link mogu videti samo ulogovani korisnici]

- Sve ostalo (PUP.Optional.<naziv detekcije>) je ono sto MBAM smatra kao nepozeljen program ( adware - toolbar ) ali nista od toga nije maliciozno.

Takodje korisna tema za citanje:
[Link mogu videti samo ulogovani korisnici]


Takodje za note, DelFix je resetovao system restore po pokretanju.

09.08.2013 17:33:04 --> Pustio si MBAM
09 Avg 2013 21:50 --> dao sam ti DelFix

Sto znaci da je MBAM detekcija koja je vezana za "System Volume Information" nastala pre pustanja DelFix alata.

Poslao: 09 Avg 2013 23:55
Idi na vrh
offline
  • Marko
  • Pridružio: 24 Okt 2012
  • Poruke: 145

Hvala jos jednom Poljubac

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc

Ko je trenutno na forumu
 

Ukupno su 1002 korisnika na forumu :: 74 registrovanih, 7 sakrivenih i 921 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4. Ozrenska, 6aurora9, _stipa_, A.R.Chafee.Jr., acov34, Areal84, babaroga, bato_banjaluka, BLACKBIRD201284, BUDDAR70, casual03, celik, crnogorac, darkojbn, Desmond, djboj, Duce, Emanuel Arsenijevič, Gall, GeoM, Gheljda, goranjovic, hvost, Ir, janezek67, jarovitt, Jonbonjovi, Kalem, kovinacc, lacko, ladro, laurusri, ljuba.b, Mackomen, MarkoD, Mi lao shu, Mineral, minmatar34957, mir, mrav pesadinac, nevjerna beba, operniki, Orijen, Pero, Prečanin30, PrincipL, procesor, Pururin, raso76, RokajSnimaj, samo opusteno, septembar, Sevetar, sickmouse, Simonsen23, Srpska zauvjek, sslay, strn, synergia, tachinni, Tanasko, troki1971, ujke, umpah-pah, varda, Velizar Laro, XBMC, zafon031, Zeljo980, zlatkoa987, zrno, Zvlade, zvomar, Đurđevdan