Problem sa kineskim virusnim programom

Problem sa kineskim virusnim programom

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Napisano: 20 Jan 2017 19:03

- Prije mjesec dana mi se počelo pojavljivati da kada uđem u chrome izbaci se stranica kao na slici (1) Ušao sam u task manager i vidio da su istalirana 2 kineska programa kao na slici (2)
- Ne koristim antivirusni program.
- Pokušao sam da deinstaliram program u control panelu ali mi nije učitalo te kineske programe.

Slika (1)


Slika (2)


Skenirao sam kompjuter sam "FRST64" programom. Evo šta je izašlo:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 20 Jan 2017 19:06

Interesuje me kako je došlo do instaliranja ovih programa. Je li moguće da sam ih pokupio preko torrenta, jer sam skidao neke programe? Koji besplatni antivirusni program biste mi preporučili da spriječim ovakve programe da se instaliraju, jer sam i prije imao problema sa ovim programima ?

Dopuna: 20 Jan 2017 19:10

Probao sam sa ADW Cleanerom da obrišem ove programe, i on ih obriše na nekoliko dana, ali se oni ponovo sami instaliraju.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Amar (administrator) on AMAR-PC (20-01-2017 18:55:47)
Running from C:\Users\Amar\Downloads
Loaded Profiles: Amar & UpdatusUser (Available Profiles: Amar & UpdatusUser & amar-PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Windows\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 13.0\ErrorReportLauncher.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 13.0\x86\FileIOSurrogate.exe
(Sony Creative Software Inc.) C:\Program Files\Sony\Vegas Pro 13.0\x86\sfvstserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(联想软件) C:\Program Files (x86)\Lenovo\Lsf\LsfHelper.exe
(联想软件) C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3894383191-3516363779-2002392177-1004\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{115EF0E8-F4C7-45ED-93B3-5CF4FB330A84}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)

FireFox:
========
FF DefaultProfile: jduq6fb8.default
FF ProfilePath: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default [2017-01-18]
FF Homepage: Mozilla\Firefox\Profiles\jduq6fb8.default -> hxxp://faststartpage.com/
FF Extension: (YouTube mp3) - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\info@youtube-mp3.org.xpi [2016-12-31]
FF Extension: (iMacros for Firefox) - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\jduq6fb8.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-12-31] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Google Docs) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-13]
CHR Extension: (Adguard AdBlocker) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-23]
CHR Extension: (YouTube) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-01-04] (Macrovision Europe Ltd.) [File not signed]
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [File not signed]
S4 LenovoPcManagerService; C:\Program Files (x86)\Lenovo\PCManager\LenovoPcManagerService.exe [829256 2016-11-05] (Lenovo Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U2 Windows; C:\Windows\svchost.exe [177152 2016-11-05] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R3 netfitsprocadapter; C:\Windows\System32\DRIVERS\netfitsproc.sys [30480 2016-11-05] (Netfits)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
U0 aswVmm; no ImagePath
S3 DIRECTIO; \??\C:\Program Files (x86)\PerformanceTest\DirectIo.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 18:53 - 2017-01-20 18:55 - 00036918 _____ C:\Users\Amar\Downloads\Addition.txt
2017-01-20 18:51 - 2017-01-20 18:55 - 00012216 _____ C:\Users\Amar\Downloads\FRST.txt
2017-01-20 18:51 - 2017-01-20 18:51 - 02419712 _____ (Farbar) C:\Users\Amar\Downloads\FRST64.exe
2017-01-20 18:48 - 2017-01-20 18:48 - 00002581 _____ C:\Users\Amar\Downloads\430285_1066977474_AdwCleaner[S0].txt
2017-01-20 15:24 - 2017-01-20 15:24 - 04364900 _____ C:\Users\Amar\Downloads\handwriting - green screen.mp4
2017-01-19 22:04 - 2017-01-19 22:04 - 00011712 _____ C:\Users\Amar\Desktop\subscribe start.veg
2017-01-18 19:56 - 2017-01-18 19:56 - 00000000 ____D C:\Users\Amar\AppData\LocalLow\uTorrent
2017-01-18 10:41 - 2017-01-18 10:41 - 00000000 ____D C:\Users\Amar\AppData\Roaming\IsolatedStorage
2017-01-18 10:27 - 2017-01-18 10:27 - 00000000 ____D C:\Users\Amar\Documents\OFX Presets
2017-01-18 10:27 - 2017-01-18 10:27 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Vegasaur
2017-01-18 10:27 - 2017-01-18 10:27 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-01-18 10:26 - 2017-01-18 10:27 - 00000000 ____D C:\ProgramData\Vegasaur
2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\ProgramData\VEGAS Pro
2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\Program Files\Vegasaur
2017-01-18 10:25 - 2017-01-18 10:26 - 33054344 _____ (Vegasaur.com ) C:\Users\Amar\Downloads\Vegasaur_Setup_2.7.1.exe
2017-01-18 09:46 - 2017-01-18 10:16 - 00021536 _____ C:\Users\Amar\Desktop\subscribe button (vegas).mp4.sfk
2017-01-18 09:15 - 2017-01-18 09:14 - 00473293 _____ C:\Users\Amar\Desktop\subscribe button (vegas).mp4
2017-01-18 09:05 - 2017-01-18 09:38 - 00021536 _____ C:\Users\Amar\Desktop\Subscribe button click green screen.mp4.sfk
2017-01-17 20:54 - 2017-01-17 20:50 - 00717606 _____ C:\Users\Amar\Desktop\Subscribe button click green screen.mp4
2017-01-17 20:50 - 2017-01-17 20:50 - 00717606 _____ C:\Users\Amar\Downloads\Subscribe button click green screen.mp4
2017-01-11 13:29 - 2017-01-11 13:30 - 06293184 _____ (Piriform Ltd) C:\Users\Amar\Downloads\spsetup130.exe
2017-01-11 12:32 - 2017-01-11 12:32 - 04121824 _____ (Husdawg, LLC) C:\Users\Amar\Downloads\Detection.exe
2017-01-04 12:16 - 2017-01-04 12:16 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-04 12:06 - 2017-01-04 12:06 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
2017-01-04 12:04 - 2017-01-04 12:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-01-04 12:02 - 2017-01-04 12:02 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-01-04 12:01 - 2017-01-04 12:01 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-01-04 12:00 - 2017-01-04 12:00 - 00000000 ____D C:\Windows\SysWOW64\spool
2017-01-04 11:59 - 2017-01-04 11:59 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2017-01-03 19:32 - 2017-01-03 19:32 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Google.Apis.Auth
2017-01-03 17:25 - 2017-01-03 17:25 - 57067887 _____ C:\Users\Amar\Documents\54. MUMIJEVI - Tajni recept - 1.DIO.mp4
2017-01-03 17:24 - 2017-01-03 17:24 - 13398232 _____ C:\Users\Amar\Documents\54. MUMIJEVI - Tajni recept - 2.DIO.mp4
2017-01-03 16:07 - 2017-01-03 17:50 - 01114208 _____ C:\Users\Amar\Documents\► Planet Earth_ Amazing nature scenery (1080p HD).mp4.sfk
2017-01-03 15:53 - 2017-01-03 15:53 - 164452506 _____ C:\Users\Amar\Documents\► Planet Earth_ Amazing nature scenery (1080p HD).mp4
2017-01-03 11:33 - 2017-01-03 11:33 - 00000814 _____ C:\Users\UpdatusUser\Desktop\Subtitle Workshop.lnk
2017-01-03 11:33 - 2017-01-03 11:33 - 00000814 _____ C:\Users\amar-PC\Desktop\Subtitle Workshop.lnk
2017-01-03 11:33 - 2017-01-03 11:33 - 00000814 _____ C:\Users\Amar\Desktop\Subtitle Workshop.lnk
2017-01-03 11:33 - 2017-01-03 11:33 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft
2017-01-03 11:33 - 2017-01-03 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft
2017-01-03 11:32 - 2017-01-03 11:32 - 01088191 _____ C:\Users\Amar\Downloads\subtitleworkshop251.zip
2016-12-31 16:33 - 2016-12-31 16:33 - 00000000 _____ C:\Users\Amar\Downloads\transcript.txt
2016-12-31 01:47 - 2016-12-31 01:47 - 00000000 ____D C:\Users\Amar\AppData\Roaming\sp6_log
2016-12-31 01:31 - 2017-01-20 18:48 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-31 01:31 - 2017-01-18 19:57 - 00000000 ____D C:\Users\Amar\AppData\LocalLow\Mozilla
2016-12-31 01:31 - 2016-12-31 01:31 - 00000000 ____D C:\Users\Amar\Documents\iMacros
2016-12-31 01:31 - 2016-12-31 01:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-31 01:25 - 2016-12-31 01:25 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2016-12-31 01:24 - 2016-12-31 01:47 - 00011421 _____ C:\Windows\LDPINST.LOG
2016-12-31 01:24 - 2016-12-31 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-12-31 01:24 - 2016-12-31 01:25 - 00000000 ____D C:\ProgramData\Logishrd
2016-12-31 01:24 - 2016-12-31 01:24 - 00000000 ____D C:\Program Files\Logitech
2016-12-31 01:23 - 2016-12-31 01:47 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2016-12-31 01:23 - 2016-12-31 01:25 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Logitech
2016-12-31 01:23 - 2016-12-31 01:23 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Logishrd
2016-12-29 10:14 - 2016-12-29 10:14 - 04562778 _____ C:\Users\Amar\Downloads\60 second timer.mp4
2016-12-28 10:08 - 2016-12-28 10:17 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{db1e3474-ccdc-11e6-bad9-001fd0d81833}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 10:08 - 2016-12-28 10:17 - 00524288 ___SH C:\Users\UpdatusUser\NTUSER.DAT{db1e3474-ccdc-11e6-bad9-001fd0d81833}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 10:08 - 2016-12-28 10:17 - 00065536 ___SH C:\Users\UpdatusUser\NTUSER.DAT{db1e3474-ccdc-11e6-bad9-001fd0d81833}.TM.blf
2016-12-25 16:04 - 2016-12-25 16:04 - 00001151 _____ C:\Users\Public\Desktop\VideoScribe.lnk
2016-12-25 16:04 - 2016-12-25 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoScribe
2016-12-25 16:04 - 2016-12-25 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sparkol VideoScribe
2016-12-25 16:04 - 2016-12-25 16:04 - 00000000 ____D C:\ProgramData\com.sparkol.VideoScribeDesktop
2016-12-25 16:04 - 2016-12-25 16:04 - 00000000 ____D C:\Program Files (x86)\Sparkol
2016-12-23 18:43 - 2016-12-23 18:43 - 00002610 _____ C:\Users\Amar\Desktop\grey background.jpg
2016-12-23 16:37 - 2016-12-23 16:38 - 00000000 ____D C:\Users\Amar\Desktop\facebook
2016-12-23 13:07 - 2016-12-23 13:07 - 10213528 _____ C:\Users\Amar\Downloads\YTDInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 18:55 - 2015-06-18 11:36 - 00000000 ____D C:\FRST
2017-01-20 18:48 - 2016-11-13 07:30 - 00001490 _____ C:\Users\Amar\Desktop\Google Chrome.lnk
2017-01-20 18:48 - 2015-06-17 15:28 - 00001212 _____ C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-20 18:31 - 2015-04-26 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 17:10 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 17:10 - 2009-07-14 05:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 17:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 09:41 - 2015-10-23 19:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 21:10 - 2015-04-20 14:48 - 00000000 ____D C:\Users\Amar\AppData\Roaming\uTorrent
2017-01-18 20:09 - 2015-04-20 13:09 - 00000000 ___RD C:\Users\Amar\Desktop\Icons
2017-01-18 19:57 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-18 19:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-18 10:16 - 2015-06-14 21:11 - 00000000 ____D C:\Users\Amar\Documents\SonyVegasPro13
2017-01-18 09:13 - 2015-04-27 10:35 - 00000000 ____D C:\Users\Amar\Documents\Camtasia Studio
2017-01-16 14:28 - 2015-05-26 15:11 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Audacity
2017-01-16 10:07 - 2015-05-24 15:48 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Sony
2017-01-13 11:17 - 2015-04-26 10:27 - 00000000 ____D C:\Users\Amar\AppData\Local\Adobe
2017-01-11 13:40 - 2015-06-18 19:27 - 00000000 ____D C:\AdwCleaner
2017-01-11 11:57 - 2015-10-23 19:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 11:31 - 2015-04-26 10:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 11:31 - 2015-04-26 10:28 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 11:31 - 2015-04-26 10:28 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 11:31 - 2015-04-26 10:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 11:31 - 2015-04-26 10:28 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-04 13:38 - 2009-07-14 05:45 - 05252728 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-04 12:18 - 2015-04-23 19:24 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Adobe
2017-01-04 12:16 - 2015-04-20 14:49 - 00115800 _____ C:\Users\Amar\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-04 12:06 - 2015-04-27 09:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-04 12:05 - 2015-04-27 09:22 - 00000000 ____D C:\ProgramData\Adobe
2016-12-31 01:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-31 01:32 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-31 01:31 - 2015-10-02 20:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-31 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-12-31 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files
2016-12-31 00:23 - 2015-04-27 11:11 - 00005120 _____ C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-30 21:03 - 2015-06-15 21:35 - 00000000 ____D C:\Users\Amar\AppData\Local\Windows Live
2016-12-28 10:14 - 2015-04-23 14:03 - 00000000 ____D C:\Users\Amar\AppData\Local\Microsoft Help
2016-12-28 10:08 - 2015-04-28 10:40 - 00000000 ____D C:\Users\UpdatusUser
2016-12-25 16:04 - 2016-10-22 08:45 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-12-25 16:04 - 2015-04-20 21:53 - 00000000 __SHD C:\System Volume Information
2016-12-23 14:08 - 2015-04-20 13:01 - 00000000 ____D C:\Users\Amar\AppData\Local\Microsoft
2016-12-23 14:08 - 2009-07-14 04:20 - 00000000 ___SD C:\ProgramData\Microsoft

==================== Files in the root of some directories =======

2016-11-13 07:28 - 2016-11-13 08:53 - 7065600 _____ () C:\Program Files (x86)\GUTE244.tmp
2015-05-18 16:02 - 2015-10-02 14:54 - 0000024 _____ () C:\Users\Amar\AppData\Roaming\appdataFr25.bin
2015-07-08 23:42 - 2015-07-08 23:42 - 0000112 _____ () C:\Users\Amar\AppData\Roaming\JP2K CS6 Prefs
2015-09-29 14:45 - 2015-09-29 14:46 - 225111747 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-09-29 14:45 - 2015-09-29 14:46 - 0002615 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2015-04-27 11:11 - 2016-12-31 00:23 - 0005120 _____ () C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-30 14:43 - 2016-09-30 14:43 - 0000017 _____ () C:\Users\Amar\AppData\Local\resmon.resmoncfg
2015-05-24 16:54 - 2015-05-24 16:54 - 0000000 _____ () C:\Users\Amar\AppData\Local\Temp.dat
2015-06-08 22:30 - 2015-06-08 22:30 - 0000424 _____ () C:\Users\Amar\AppData\Local\UserProducts.xml
2015-09-16 21:24 - 2015-09-16 21:25 - 0000000 _____ () C:\Users\Amar\AppData\Local\{504D41A7-5467-424F-BF52-2A2F4EB85207}
2016-11-11 13:26 - 2016-11-11 13:26 - 0000000 _____ () C:\Users\Amar\AppData\Local\{79C96F4C-FD07-4039-8A40-42F8A3753A40}
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Some files in TEMP:
====================
C:\Users\Amar\AppData\Local\Temp\libeay32.dll
C:\Users\Amar\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Amar\AppData\Local\Temp\msvcr120.dll
C:\Users\Amar\AppData\Local\Temp\sqlite3.dll
C:\Users\Amar\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-18 20:46

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nije ti pametno da ne korsitiš AV program.




Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Start

GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3894383191-3516363779-2002392177-1004\User: Restriction <======= ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\jduq6fb8.default -> hxxp://faststartpage.com/
U2 Windows; C:\Windows\svchost.exe [177152 2016-11-05] () [File not signed] <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxplоrеr.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chromе (2).lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chromе.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Chrоme.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Eхрlоrеr.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Мinecrаft.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.rehcnual tfarcenim.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Chromе.lnk -> C:\Users\Amar\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
ShortcutWithArgument: C:\Users\Amar\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Amar\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Amar\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [20324]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [360904]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1157922]
FirewallRules: [{E2D43F8B-334B-448B-A3E4-F8D56CFEF916}] => C:\Users\Amar\AppData\Local\Temp\nsyC5D0.tmp\CnetInstaller-75012480.exe
FirewallRules: [{0E27A34D-76F1-4F11-9D6F-F8D27F054C12}] => C:\Users\Amar\AppData\Local\Temp\nsyC5D0.tmp\CnetInstaller-75012480.exe
FirewallRules: [{B0A50A0F-4484-4888-8B3E-59C084122C80}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FD4089B8-343A-4B10-8263-30C23141ACA2}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCmgrInstallGuide.exe
FirewallRules: [{0997E982-E0D2-47B4-B46B-10DFDD9EF066}] => C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9CBE99DE-64B5-4084-99FB-7417C06F1888}] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{7096D26E-8FB9-406C-B029-747D19C8A414}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe
FirewallRules: [{56F2C360-B69E-4422-9DA8-E8FE7E137A60}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCMgr.exe
FirewallRules: [{60DDF8ED-73FC-4AA5-909A-A3EDDD3220D4}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe
FirewallRules: [{DE659C69-E179-4D49-AC28-4F4C04AEFC07}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMDL.exe
FirewallRules: [{FED4B66F-2CE4-4C15-9457-DB071D0D41FA}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\bugreport.exe
FirewallRules: [{44D71677-E853-42BC-A479-9983686BA843}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCFileOpen.exe
FirewallRules: [{36225F80-59CB-4E10-9F5F-A908B642743C}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCLeakScan.exe
FirewallRules: [{D7891BD4-FDA2-43F8-B5C9-B4BD1F507AA7}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPConfig.exe
FirewallRules: [{318A410F-B534-4ABA-9A09-32441CBFDEDC}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCSoftMgr.exe
FirewallRules: [{7D341280-C24E-4DE9-A9AE-EAD562A222C9}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{3FAB8E97-6114-40AD-AB7F-9E3B41177E69}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCBTU.exe
FirewallRules: [{A0375E12-C54E-4B91-99B8-34AD78523D81}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCClinic.exe
FirewallRules: [{B31188B2-CBCA-4D02-95A8-7EDCC0D7E09C}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCLaunch.exe
FirewallRules: [{CA68290A-AA31-4657-8D7F-E13F68786078}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{9928135A-13B7-4A2C-A874-9082150AAD39}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCSoftGame.exe
FirewallRules: [{A27A5445-43EC-4256-B41E-35CCD9AD9ED1}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCSysOptimize.exe
FirewallRules: [{C04FAF86-A0C7-4357-A2C5-01561EF5B14D}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCUpdateAVLib.exe
FirewallRules: [{AA661979-C57C-4326-BEFA-9157E9E0E1C1}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQRepair.exe
FirewallRules: [{D124BE7E-6C3F-4A96-B9EF-29DBBC2836B4}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\Uninst.exe
FirewallRules: [{1714F908-4377-4BED-9D62-93BBC66055D3}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCPatch.exe
FirewallRules: [{259B337D-8193-43CE-BD2F-03663163D32B}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TpkUpdate.exe
FirewallRules: [{F0351C80-C62C-4658-B539-9EE61BF1B8B3}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMRouterMgr.exe
FirewallRules: [{477A8A87-5778-41D0-A962-D636324726B4}] => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMAccountProtection.exe
C:\Windows\svchost.exe
C:\Users\Amar\AppData\Roaming\Browsers
C:\Users\Amar\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
File: C:\Program Files (x86)\Lenovo\Lsf\LsfHelper.exe
File: C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe
EmptyTemp:

End


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Uradio sam Fix i više nema onih programa.
Evo fixlog:
https://www.mycity.rs/must-login.png

Kako da spriječim ponovno instaliranje ovih virusa? Koji antivirusni program biste mi preporučili? Da li sam te viruse pokupio sa torrenta?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Najvjerovatnije si ih pokupio u potrazi za torentima.


Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.
Ako je arhiva bila veća od 10MiB, samo to napomeni u odgovoru i nemoj je uploadovati.




Arrow Korak 2

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe.

Pokreni MyCity.exe.

U End user Licence Agreement dijalogu klikni na Accept.
Takođe, u KSN Statement dijalogu klikni na Accept.

Klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Uradio sam korak 1 i poslao sam ga u ambulantu.
Evo korak 2:
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

reuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Skenirao sam:
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.







Arrow

Instaliraj AV program. Od besplatnih na raspolaganju imaš: Avira Free, Avast Free, AVG Free, Sophos Home, Microsoft Security Essentials, Panda Cloud AV, itd.

Ko je trenutno na forumu
 

Ukupno su 525 korisnika na forumu :: 12 registrovanih, 1 sakriven i 512 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Acivi, cikadeda, havoc995, Japidson, JOntra, MilosKop, Mixelotti, novator, Ognjen D., TBF1D, Vl veliki, yrraf