ajde da pokusam

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

jesam ...ali evo sta izlazi ponovo...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sudeći po pozadini, vidim da FRST pokrećeš iz Download foldera, a ne sa Desktopa. Prebaci/kopiraj FRST.exe na Desktop i probaj opet da pokreneš fix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

uradila sam kako ste rekli....evo sad mi je frst uradio posao....imam fixlog na desktopu....
[Link mogu videti samo ulogovani korisnici]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by Administrator at 2015-05-01 22:22:24 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-04-06] (APN)
HKU\S-1-5-21-583907252-2077806209-839522115-500\...\Run: [PCPerformer] => "C:\Program Files\PC Performer\PCPerformer.exe" /RUNSCAN
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {0745903f-537a-47df-b632-555dc5bc790c} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&cid=4151ch=2
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {74db9f9c-a172-477b-8545-8d1b3e4d5fa1} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&cid=5031
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {799e8a7f-9a74-405f-a0f8-68c003365b01} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&cid=5031
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {b86f66ba-c211-40c4-845f-99000d8a0793} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&cid=5031
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: No Name -> {319A461D-5202-4578-9EDC-CA35B9C0B561} -> No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Link mogu videti samo ulogovani korisnici]
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\user.js [2015-02-03]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\firefox-add-ons.xml [2015-04-16]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\google-default.xml [2015-04-16]
FF Extension: Search App by Ask - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2015-04-10]
FF Extension: Clock Hand 1.0.1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\{60b4ca60-5c76-463e-8bce-058498c2450d}.xpi [2015-02-03]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\extensions\fftoolbar2014@etech.com
Task: C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
C:\Program Files\AskPartnerNetwork
C:\Program Files\MyPC Backup
C:\Program Files\Reimage
C:\Program Files\PC Performer

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-14]
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-21-583907252-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\PCPerformer => value deleted successfully.
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0745903f-537a-47df-b632-555dc5bc790c}" => Key deleted successfully.
HKCR\CLSID\{0745903f-537a-47df-b632-555dc5bc790c} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74db9f9c-a172-477b-8545-8d1b3e4d5fa1}" => Key deleted successfully.
HKCR\CLSID\{74db9f9c-a172-477b-8545-8d1b3e4d5fa1} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{799e8a7f-9a74-405f-a0f8-68c003365b01}" => Key deleted successfully.
HKCR\CLSID\{799e8a7f-9a74-405f-a0f8-68c003365b01} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b86f66ba-c211-40c4-845f-99000d8a0793}" => Key deleted successfully.
HKCR\CLSID\{b86f66ba-c211-40c4-845f-99000d8a0793} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{319A461D-5202-4578-9EDC-CA35B9C0B561} => Key not found.
HKCR\CLSID\{319A461D-5202-4578-9EDC-CA35B9C0B561} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\user.js => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\google-default.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi => not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\{60b4ca60-5c76-463e-8bce-058498c2450d}.xpi => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => Moved successfully.
C:\WINDOWS\Tasks\ReimageUpdater.job not found.
"C:\Program Files\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
"C:\Program Files\PC Performer" => File/Directory not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:23:30 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada isprati i treći korak iz uputstva kojeg sam ti dao.
[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

evo dragi ljudi i treci korak....

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlično. Reci mi kakvo je sada stanje sistema?






Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[Link mogu videti samo ulogovani korisnici]

Database version:
main: v2015.05.02.06
rootkit: v2015.04.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER-C62F6B03F2 [administrator]

5/3/2015 12:50:46 AM
mbar-log-2015-05-03 (00-50-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305344
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

[Link mogu videti samo ulogovani korisnici]


Javi kada to uradiš i sačekaj dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ja ovo ne nalazim...u dokumentima nema....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nalaze se u C:\ no nije ni bitno sad jer nema potrebe da mi to uplaoduješ. Ostaje ti još samo da uradiš sljedeće.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.


Pozdrav.