isearch.omiga-plus 2

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo, završio sam i ovaj sken sa zoekom - potrajalo to oko pola sata
Ne, nema više reklama, još od sinoć, sad je sve OK.
Nego, ja sam hteo tebe nešto da pitam - kako da se zaštitim na vreme od ovakvih napasti ? Postoji li neki real-time program koji štiti od njih ?
Ja ne znam kako sam "zapatio" ovo smeće, klinac je skidao nešto i verovatno je kliknuo ili čekirao nešto...

Čekam odgovor.

PS - zoeka Baidu AV prepoznaje kao Trojan.Backdoor.Heur.gen


Zoek.exe v5.0.0.0 Updated 08-January-2015
Tool run by User on Thu 01/08/2015 at 18:07:07.45.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-01-07-222737.log 19489 bytes

==== Empty Folders Check ======================

C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\Mirillis deleted successfully
C:\Program Files\Solveig Multimedia deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\User\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\User\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6644625B-EA4D-44FF-8E5E-DE6985A0E755} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82CD4980-1CFC-4094-8E59-BAE5BFB7233E} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1E79AF-A313-460B-B0C1-B76C56D23124} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8EFECE1-1269-440A-9AC2-FD1FE0E97D2} deleted successfully
HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3641395576-2003788952-3425881642-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default

user.js not found
---- Lines NetCrawl removed from prefs.js ----
user_pref("extensions.NetCrawl.asul", "1404291815533");
user_pref("extensions.NetCrawl.aul", "1404291843864");
user_pref("extensions.NetCrawl.irl", true);
user_pref("extensions.NetCrawl.is", "isgiwhRS");
user_pref("extensions.NetCrawl.ug", "2CFACF30-EFFC-4103-AB81-5D3DA40D71E3");
---- FireFox user.js and prefs.js backups ----

prefs_20150108_0629_.backup

ProfilePath: C:\Users\User\AppData\Roaming\Thunderbird\Profiles\n3h9i4ig.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150108_0629_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\100 deleted
C:\PROGRA~2\GreatSoft deleted
C:\PROGRA~2\Baidu deleted
C:\PROGRA~2\InstallMate deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
"C:\Users\User\AppData\Roaming\IPCDU" deleted
"C:\Users\User\AppData\Roaming\TBOUAKE" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
- Undetermined - [Link mogu videti samo ulogovani korisnici]
- Undetermined - gmailwatcher@sonthakit
- Undetermined - {4176DFF4-4698-11DE-BEEB-45DA55D89593}
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Undetermined - [Link mogu videti samo ulogovani korisnici]
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- EZ to MP3 Converter - %ProfilePath%\extensions\youtube-mp3@eztomp3.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Gmail Watcher - %ProfilePath%\extensions\gmailwatcher@sonthakit.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- PageTweak - %ProfilePath%\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
D2377C9458EFEB094E38B8C874AA214C - C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
76EFD64CD206B93E2EB5320A23C19AD7 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
2AB6A7F373290AE20A19CF5F306E8C97 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
F6D12679B9112358AC705A1308156F59 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater
E6728F685FA215AF79869CB1B5D4A56C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
FC5807B1A2BCEE041A4159431ADD111B - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\User\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\User\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dpcomnokkgidfbnbfhfpofbgieghedec - C:\Program Files\EzToMP3\eztomp3.crx[09/17/2012 07:13 PM]

EZ to MP3 Converter - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://google.com/"
"Default_Page_URL"="https://google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1f5e940c-6d8a-479e-a708-0f863b767e63 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DKZ16YL will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LBNX09O will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANWSDDKT will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIUQYPUY will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K6076F6 will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y0DMW19 will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77QOL0AA will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6RPEP1 will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5T5ORAGJ will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYMJYSWF will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HL67ZGAN will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3CPI1CN will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DKZ16YL will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LBNX09O will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANWSDDKT will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIUQYPUY will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\zqpgwt7a.default\cache2 emptied successfully
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\yasearch-xb\packages\{0433ad9d-a247-4892-bfaf-58b408d5ed2a}\modules\common\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=12 4034442 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DKZ16YL" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LBNX09O" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANWSDDKT" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIUQYPUY" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K6076F6" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y0DMW19" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77QOL0AA" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6RPEP1" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5T5ORAGJ" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYMJYSWF" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HL67ZGAN" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3CPI1CN" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DKZ16YL" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LBNX09O" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANWSDDKT" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIUQYPUY" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Thu 01/08/2015 at 18:38:31.96 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obavićemo još ARK provjeru. Odgovore na pitanja dobićeš na kada završimo sa ovim.




Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo izveštaja - nije bilo infekcije

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 1Ovo se svidja korisniku: RJ
  
  Registruj se da bi pohvalio/la poruku!

To bi onda bilo to.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.






Pročitaj ove teme i znaćeš kako da izbjegavaš ovakve stvari ubuduće:

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]






Preporučujem ti da instaliraš Service Pack 1 za tvoj Windows 7 operativni sistem.
Možeš ga preuzeti sa ovog linka:

Windows 7 SP1 x86

Nakon toga, pokreni Windows Update. Imaj na umu da ovo može jako dugo da traje ako se odlučiš da ovo uradiš.