ajde da pokusam

2

ajde da pokusam

offline
  • Pridružio: 28 Apr 2012
  • Poruke: 62

jesam ...ali evo sta izlazi ponovo...

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sudeći po pozadini, vidim da FRST pokrećeš iz Download foldera, a ne sa Desktopa. Prebaci/kopiraj FRST.exe na Desktop i probaj opet da pokreneš fix.

offline
  • Pridružio: 28 Apr 2012
  • Poruke: 62

uradila sam kako ste rekli....evo sad mi je frst uradio posao....imam fixlog na desktopu....
mycity.rs/must-login.png

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by Administrator at 2015-05-01 22:22:24 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-04-06] (APN)
HKU\S-1-5-21-583907252-2077806209-839522115-500\...\Run: [PCPerformer] => "C:\Program Files\PC Performer\PCPerformer.exe" /RUNSCAN
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = isearch.omiga-plus.com/?type=hp&ts=14220574.....VT952EVMVX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = isearch.omiga-plus.com/web/?type=ds&ts=1422.....52EVMVX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = isearch.omiga-plus.com/?type=hp&ts=14220574.....VT952EVMVX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = isearch.omiga-plus.com/web/?type=ds&ts=1422.....52EVMVX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = isearch.omiga-plus.com/web/?type=ds&ts=1422.....52EVMVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = isearch.omiga-plus.com/web/?type=ds&ts=1422.....52EVMVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {0745903f-537a-47df-b632-555dc5bc790c} URL = findamo.com/search.html?&q={searchTerms}&cid=4151ch=2
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = isearch.omiga-plus.com/web/?type=ds&ts=1422.....52EVMVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {74db9f9c-a172-477b-8545-8d1b3e4d5fa1} URL = ww2.searchalgo.com/search.html?q={searchTerms}&cid=5031
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {799e8a7f-9a74-405f-a0f8-68c003365b01} URL = ww2.searchalgo.com/search.html?q={searchTerms}&cid=5031
SearchScopes: HKU\S-1-5-21-583907252-2077806209-839522115-500 -> {b86f66ba-c211-40c4-845f-99000d8a0793} URL = ww2.searchalgo.com/search.html?q={searchTerms}&cid=5031
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: No Name -> {319A461D-5202-4578-9EDC-CA35B9C0B561} -> No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe isearch.omiga-plus.com/?type=sc&ts=14220574.....VT952EVMVX
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\user.js [2015-02-03]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\firefox-add-ons.xml [2015-04-16]
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\google-default.xml [2015-04-16]
FF Extension: Search App by Ask - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2015-04-10]
FF Extension: Clock Hand 1.0.1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\{60b4ca60-5c76-463e-8bce-058498c2450d}.xpi [2015-02-03]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\extensions\fftoolbar2014@etech.com
Task: C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
C:\Program Files\AskPartnerNetwork
C:\Program Files\MyPC Backup
C:\Program Files\Reimage
C:\Program Files\PC Performer

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-14]
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKU\S-1-5-21-583907252-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\PCPerformer => value deleted successfully.
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0745903f-537a-47df-b632-555dc5bc790c}" => Key deleted successfully.
HKCR\CLSID\{0745903f-537a-47df-b632-555dc5bc790c} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74db9f9c-a172-477b-8545-8d1b3e4d5fa1}" => Key deleted successfully.
HKCR\CLSID\{74db9f9c-a172-477b-8545-8d1b3e4d5fa1} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{799e8a7f-9a74-405f-a0f8-68c003365b01}" => Key deleted successfully.
HKCR\CLSID\{799e8a7f-9a74-405f-a0f8-68c003365b01} => Key not found.
"HKU\S-1-5-21-583907252-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b86f66ba-c211-40c4-845f-99000d8a0793}" => Key deleted successfully.
HKCR\CLSID\{b86f66ba-c211-40c4-845f-99000d8a0793} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{319A461D-5202-4578-9EDC-CA35B9C0B561} => Key not found.
HKCR\CLSID\{319A461D-5202-4578-9EDC-CA35B9C0B561} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\user.js => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\firefox-add-ons.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\searchplugins\google-default.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi => not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\icw1u0k0.default-1413910281234\Extensions\{60b4ca60-5c76-463e-8bce-058498c2450d}.xpi => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => Moved successfully.
C:\WINDOWS\Tasks\ReimageUpdater.job not found.
"C:\Program Files\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
"C:\Program Files\PC Performer" => File/Directory not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:23:30 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sada isprati i treći korak iz uputstva kojeg sam ti dao.
http://www.mycity.rs/Ambulanta/ajde-da-pokusam.html#p1753913

offline
  • Pridružio: 28 Apr 2012
  • Poruke: 62

evo dragi ljudi i treci korak....

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Odlično. Reci mi kakvo je sada stanje sistema?




Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 28 Apr 2012
  • Poruke: 62

mycity.rs/must-login.png

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
malwarebytes.org

Database version:
main: v2015.05.02.06
rootkit: v2015.04.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER-C62F6B03F2 [administrator]

5/3/2015 12:50:46 AM
mbar-log-2015-05-03 (00-50-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305344
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 28 Apr 2012
  • Poruke: 62

ja ovo ne nalazim...u dokumentima nema....

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nalaze se u C:\ no nije ni bitno sad jer nema potrebe da mi to uplaoduješ. Ostaje ti još samo da uradiš sljedeće.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



Pozdrav.

Ko je trenutno na forumu
 

Ukupno su 859 korisnika na forumu :: 43 registrovanih, 4 sakrivenih i 812 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, babaroga, baltazarxxx, blue, Cigi, darcaud, Dragan1998, Drug pukovnik, FOX, Georgius, goxsys, HrcAk47, ikan, kaisarevic1, Kibice, kybonacci, ladro, ljiljak, manda87, Marko Marković, MB120mm, meelosh64, Milan A. Nikolic, Milos ZA, miodrag, Mixelotti, moldway, Najax, Nekicoveculjak, nemkea71, pacika, raketaš, Recce, Regrut Boskica, S-lash, sakota79, Smiljke, Srki94, Toni, vathra, yufighter, zodiac94, |_MeD_|