Potrebno hitno čišćenje računara

Potrebno hitno čišćenje računara

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Skidao sam neki torrent, i od tada imam problem sa računarom, ulazio mi je u safe mode, sam otvara programe, nesto mi u pozadini radi... izasao sam nekako iz safe mode, i dalje vidim da nije ono stari pc...
moze pomoc??

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by armin (administrator) on ARMIN-PC (CLEVO Co. E512xQ/E4129) (09-12-2020 16:40:43)
Running from C:\Users\armin\Desktop
Loaded Profiles: armin
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Dassault Systemes) [File not signed] C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google) C:\Users\armin\AppData\Local\Google\Chrome\User Data\SwReporter\86.249.200\software_reporter_tool.exe <4>
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Autodesk Sync] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [USBScan.exe] => C:\Program Files (x86)\USBScan\USBScan.exe -Hide
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [EaseUS FixTool] => "C:\Program Files (x86)\EaseUS\EaseUS Tools M\bin\UpdateExe.exe" autostart
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer\Run: [1013720632] => C:\ProgramData\msqhezfr.exe [76067456 2010-11-20] () [File not signed] [File is in use]
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [Viber] => "C:\Users\armin\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [utweb] => C:\Users\armin\AppData\Roaming\uTorrent Web\utweb.exe [5491328 2020-05-07] (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [Eye Saver] => C:\Program Files (x86)\Eye Saver\Eye Saver.exe [2628600 2019-11-30] (Leosoft EOOD -> )
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1320328 2013-04-15] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\MountPoints2: {9f4fa100-9aa3-11ea-85dd-8ca9821a4408} - E:\SISetup.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1320328 2013-04-15] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-23] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2011-04-02] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP1100LM: C:\Windows\system32\HP1100LM.DLL [290304 2011-04-02] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-09-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtusrucv.lnk [2019-12-29]
ShortcutAndArgument: gtusrucv.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\armin\AppData\Roaming\Microsoft\Windows\gtusrucv\eeadrrcw.exe"
Startup: C:\Users\armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-07-02]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A07B0A4-50CF-4EFC-9FF8-90246108B658} - System32\Tasks\GoogleUpdateTaskMachineCore1d0ad382b906333 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {0B54C2B7-0487-4AD4-A74F-3B7FA5A5E29E} - System32\Tasks\GoogleUpdateTaskMachineCore1d1acfda531a4d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {1DD5F38C-B704-47DF-BC0E-CE88C348A2E6} - System32\Tasks\GoogleUpdateTaskMachineUA1d06abd3fd2c67a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {232C57E6-60DA-4E1C-AA0E-F42F2D2A48A8} - System32\Tasks\GoogleUpdateTaskMachineCore1d02d2448b18cc5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {24A408C9-D8ED-41DF-A690-87387A865A58} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {296DB79B-E7B5-464D-8F1A-80DA5685517D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0ad382d19a105 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {39ABE0C4-6236-486E-BDD5-B38C44B24F0D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3A0E5A4A-5475-4CB0-A26E-A7E3BDFCBD36} - System32\Tasks\Microsoft Office 15 Sync Maintenance for armin-PC-Amar armin-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3EA7B52A-95A2-42D1-95F0-26E384350D69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F6DC8DB-34AF-4643-95FF-83E4D9FF4278} - System32\Tasks\Opera scheduled Autoupdate 1577661646 => C:\Users\armin\AppData\Local\Programs\Opera\launcher.exe
Task: {510105CD-6507-48C7-A7EB-50BD2758CE9F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f5dcc0916bc8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {51017090-D06B-401C-9335-A0C6543978AE} - System32\Tasks\GoogleUpdateTaskMachineCore1d15eaefbe5d665 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {5118D184-8F57-410A-AF33-F658608AF6D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {5B412689-C3BB-4184-B73D-16358C8618EF} - System32\Tasks\{7D01B9CE-A4FF-4D6B-AD8D-F2BA8B79D6BF} => C:\Windows\system32\pcalua.exe -a "C:\Users\armin\Downloads\PES 2013\PESEDIT 6.0\Installer.exe" -d "C:\Users\armin\Downloads\PES 2013\PESEDIT 6.0"
Task: {698754F7-A229-446D-90E2-46CD8BDBCFF0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f5dcbfa100cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {7339A319-C77B-4756-996F-626ABDC15659} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7517B756-C9BA-4ED7-9DD9-DCEAA443FDBB} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {83853B85-A1FD-4B34-B8CD-A3C12F5C3EB9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {87988A22-0117-43EE-A4C0-8FB90CF6A5F3} - System32\Tasks\update-S-1-5-21-3658772538-1096541145-719832770-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8825B581-CB64-4760-B589-2AC4A0AFCBED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {9473B490-62CF-45F8-9847-647B0362138F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {9765808A-A399-4C3D-ACD5-3049D3B78C10} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC582892-8E0A-4398-9D56-1F5D6E98A0F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {C3043DE7-D3D4-463C-ABDF-E101E4512DA9} - System32\Tasks\Opera scheduled assistant Autoupdate 1577661662 => C:\Users\armin\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\armin\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {C3FACB40-20AE-42C9-83D9-94A13ECB1967} - System32\Tasks\GoogleUpdateTaskMachineUA1d1acfdb604c89 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)
Task: {C9B37AEC-6E4B-4529-BCCD-9CC1FA2A3E25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-23] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => E:\\AdwCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d02d2448b18cc5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0ad382b906333.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f5dcbfa100cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15eaefbe5d665.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d06abd3fd2c67a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0ad382d19a105.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f5dcc0916bc8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3658772538-1096541145-719832770-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.255.5 172.16.255.6
Tcpip\..\Interfaces\{65828413-8B80-405F-968B-3EE15641FA12}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{67F7E848-0AA7-43D3-8662-4A9413FE0106}: [DhcpNameServer] 172.16.255.5 172.16.255.6
Tcpip\..\Interfaces\{BC8FAF14-90DA-4149-B95A-1514E2C36F16}: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3658772538-1096541145-719832770-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\armin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default [2020-12-09]
CHR StartupUrls: Default -> "hxxp://www.google.ba/"
CHR Extension: (Slides) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-29]
CHR Extension: (Safe Torrent Scanner) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2020-11-21]
CHR Extension: (Docs) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28]
CHR Extension: (AdGuard AdBlocker) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-11-28]
CHR Extension: (YouTube) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Sheets) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-21]
CHR Profile: C:\Users\armin\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-01]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [35840 2005-09-06] (Dassault Systemes) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-05-12] (Mixbyte Inc -> Freemake)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-05-11] (Hewlett-Packard Company -> HP)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
S3 JME; system32\DRIVERS\JME.sys [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-09 16:40 - 2020-12-09 16:42 - 000021380 _____ C:\Users\armin\Desktop\FRST.txt
2020-12-09 16:40 - 2020-12-09 16:14 - 002288640 _____ (Farbar) C:\Users\armin\Desktop\FRST64.exe
2020-12-09 16:18 - 2020-12-09 16:18 - 000000236 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2020-12-09 16:02 - 2020-12-09 16:02 - 317768387 _____ C:\Windows\MEMORY.DMP
2020-12-09 16:02 - 2020-12-09 16:02 - 000271048 _____ C:\Windows\Minidump\120920-19702-01.dmp
2020-12-09 16:02 - 2020-12-09 16:02 - 000000000 ____D C:\Windows\Minidump
2020-12-09 15:46 - 2020-12-09 15:53 - 000000000 ____D C:\Users\armin\AppData\LocalLow\IGDump
2020-12-09 15:26 - 2020-12-09 15:29 - 000000000 ____D C:\Windows\w
2020-12-09 15:26 - 2020-12-09 15:29 - 000000000 ____D C:\Windows\c
2020-12-09 15:26 - 2020-09-23 10:29 - 000001054 _____ C:\Windows\d.bat
2020-12-09 15:26 - 2020-09-01 15:41 - 000014546 _____ C:\Windows\c.bat
2020-12-09 15:26 - 2020-09-01 15:39 - 000000526 _____ C:\Windows\ct.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000320 _____ C:\Windows\e.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000308 _____ C:\Windows\d.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000302 _____ C:\Windows\mn.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000302 _____ C:\Windows\mf.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000001 _____ C:\Windows\y.txt
2020-12-09 13:13 - 2020-12-09 15:19 - 000004954 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for armin-PC-Amar armin-PC
2020-12-09 12:31 - 2020-12-09 12:31 - 035422763 _____ C:\Users\Amar\Downloads\madina-book-3-english-key.pdf
2020-12-02 19:46 - 2020-12-02 19:46 - 000083442 _____ C:\Users\Amar\Downloads\Kombinatorika.pdf
2020-12-02 19:29 - 2020-12-02 19:29 - 040751124 _____ C:\Users\Amar\Downloads\Nacrtna-geometrija-primena-Osnovni-udzbenik-Radojka-Gligoric.pdf
2020-12-02 18:25 - 2020-12-02 18:25 - 013939264 _____ C:\Users\Amar\Downloads\filozofija - skripta.pdf
2020-12-01 22:05 - 2020-12-01 22:05 - 000000000 ____D C:\Users\Amar\AppData\Local\Viber
2020-11-29 21:36 - 2020-12-09 15:52 - 000000000 ____D C:\Program Files (x86)\VirtualDVV
2020-11-29 21:36 - 2020-11-29 21:36 - 000000000 ____D C:\Windows\SysWOW64\VirtualDVD Windows10 InstallData
2020-11-29 21:36 - 2020-11-29 21:36 - 000000000 ____D C:\Windows\SysWOW64\VirtualDVD InstallData
2020-11-29 21:36 - 2020-11-29 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualDVV
2020-11-28 22:24 - 2020-11-28 22:24 - 000000000 ____D C:\Users\Amar\AppData\Local\Simple_Timer
2020-11-28 21:22 - 2020-11-28 22:25 - 000000000 ____D C:\Users\Amar\Documents\programiranje
2020-11-28 00:24 - 2020-11-28 00:24 - 018490120 _____ C:\Users\Amar\Downloads\Quadratics Equations, Inequalities, and Functions (Zambak) ( PDFDrive ).pdf
2020-11-23 22:22 - 2020-11-23 22:22 - 000000000 ____D C:\Users\armin\.zekr
2020-11-23 12:03 - 2020-11-23 12:05 - 000000000 ____D C:\Users\Amar\.zekr
2020-11-23 12:02 - 2020-11-23 12:02 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Sun
2020-11-23 12:02 - 2020-11-23 12:02 - 000000000 ____D C:\Users\Amar\AppData\LocalLow\Sun
2020-11-23 12:02 - 2020-11-23 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-11-23 12:02 - 2020-11-23 12:01 - 000114232 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-11-23 12:01 - 2020-11-23 12:01 - 000000000 ____D C:\Program Files (x86)\Java
2020-11-23 11:57 - 2020-11-23 11:57 - 000000000 ____D C:\Users\armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arapski Rjecnik 2
2020-11-23 11:57 - 2020-11-23 11:57 - 000000000 ____D C:\Program Files (x86)\Arapski Rjecnik 2
2020-11-22 22:27 - 2020-11-22 22:27 - 000088613 _____ C:\Users\Amar\Downloads\PolovinaNoci.exe
2020-11-22 01:48 - 2020-11-22 01:48 - 001730555 _____ C:\Users\Amar\Downloads\NACRTNA-GEOMETRIJA-I.pdf
2020-11-21 20:22 - 2020-11-21 20:23 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Dev-Cpp
2020-11-21 19:26 - 2020-11-21 19:42 - 000000000 ____D C:\Users\armin\AppData\Roaming\Dev-Cpp
2020-11-21 19:26 - 2020-11-21 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2020-11-21 19:25 - 2020-11-21 19:25 - 000000000 ____D C:\Program Files (x86)\Dev-Cpp
2020-11-21 19:22 - 2020-11-21 19:22 - 050433966 _____ C:\Users\Amar\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe
2020-11-21 19:17 - 2020-11-21 19:20 - 000000000 ____D C:\Users\Amar\AppData\Roaming\TDM-GCC
2020-11-21 19:15 - 2020-11-21 19:20 - 000000000 ____D C:\TDM-GCC-64
2020-11-21 19:00 - 2020-11-21 19:03 - 000000000 ____D C:\Users\armin\AppData\Roaming\CodeBlocks
2020-11-21 18:59 - 2020-11-21 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2020-11-20 22:27 - 2020-11-20 22:27 - 000308019 _____ C:\Users\Amar\Downloads\etfBodovi.exe
2020-11-16 20:30 - 2020-11-16 20:30 - 000000000 ____D C:\Users\Amar\Documents\Zoom
2020-11-16 18:40 - 2020-11-16 18:40 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-11-10 10:35 - 2020-11-10 10:35 - 002856736 _____ (MyCity) C:\Users\Amar\Downloads\MCShield-Setup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2060-08-18 17:02 - 2016-10-28 16:48 - 002023424 ____N (Inprise Corporation) C:\Windows\SysWOW64\Vcl50.bpl
2060-08-18 17:02 - 2016-10-28 16:48 - 001496064 ____N (Inprise Corporation) C:\Windows\SysWOW64\CC3250MT.DLL
2060-08-18 17:02 - 2016-10-28 16:48 - 000248832 ____N (Inprise Corporation) C:\Windows\SysWOW64\Vclx50.bpl
2060-08-18 16:40 - 2016-10-28 16:47 - 000909824 ____N (Inprise Corporation) C:\Windows\SysWOW64\Cp3245mt.dll
2060-08-18 16:40 - 2016-10-28 16:47 - 000024064 ____N (Inprise Corporation) C:\Windows\SysWOW64\Borlndmm.dll
2020-12-09 16:41 - 2019-02-10 14:01 - 000000000 ____D C:\FRST
2020-12-09 16:38 - 2020-06-28 19:16 - 000000000 ____D C:\Users\armin\AppData\Roaming\uTorrent Web
2020-12-09 16:37 - 2016-02-03 19:16 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15eaefbe5d665.job
2020-12-09 16:37 - 2015-09-23 09:49 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f5dcbfa100cc.job
2020-12-09 16:37 - 2015-06-22 23:09 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0ad382b906333.job
2020-12-09 16:37 - 2015-01-10 23:25 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d02d2448b18cc5.job
2020-12-09 16:37 - 2015-01-10 23:25 - 000000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2020-12-09 16:37 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-09 16:35 - 2015-07-03 13:04 - 000000000 ____D C:\Windows\pss
2020-12-09 16:17 - 2019-12-29 20:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-09 15:52 - 2020-06-23 00:44 - 000000000 ____D C:\Users\Amar
2020-12-09 15:52 - 2019-12-29 20:31 - 000000000 ____D C:\Users\armin\AppData\Local\ScrSnap
2020-12-09 15:48 - 2015-01-10 23:25 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2020-12-09 15:26 - 2020-07-29 00:27 - 000000000 ____D C:\Users\armin\AppData\Roaming\uTorrent
2020-12-09 15:25 - 2015-07-02 12:40 - 000000388 _____ C:\Windows\Tasks\update-sys.job
2020-12-09 15:17 - 2019-07-08 19:53 - 000000000 ____D C:\Users\armin\AppData\Local\BitTorrentHelper
2020-12-09 15:14 - 2015-03-30 08:43 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d06abd3fd2c67a.job
2020-12-09 15:12 - 2015-07-02 12:40 - 000000388 _____ C:\Windows\Tasks\update-S-1-5-21-3658772538-1096541145-719832770-1000.job
2020-12-09 14:56 - 2015-09-23 09:49 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f5dcc0916bc8.job
2020-12-09 14:54 - 2015-06-22 23:09 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0ad382d19a105.job
2020-12-09 12:32 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-12-09 12:32 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-12-08 21:37 - 2015-01-10 23:07 - 000003926 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{5382C8B4-A7F0-4BC1-B7F7-245DA214E929}
2020-12-08 21:29 - 2020-09-13 07:51 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-12-08 21:29 - 2020-09-13 07:51 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-12-08 21:28 - 2020-03-31 19:10 - 000004432 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-12-08 21:28 - 2020-03-31 19:10 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-12-08 21:28 - 2014-12-08 16:51 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 21:28 - 2014-12-08 16:51 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 21:28 - 2014-12-08 16:51 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-08 21:28 - 2014-12-08 16:51 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-07 21:42 - 2020-07-14 20:18 - 000000000 ____D C:\Users\Amar\AppData\Roaming\ViberPC
2020-12-07 21:41 - 2020-07-14 20:18 - 000000000 ____D C:\Users\Amar\Documents\ViberDownloads
2020-12-04 22:51 - 2020-06-30 19:01 - 000000000 ____D C:\Users\Amar\Desktop\server
2020-12-04 17:15 - 2016-05-13 10:51 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d1acfdb604c89
2020-12-04 17:15 - 2016-05-13 10:51 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d1acfda531a4d
2020-12-02 18:45 - 2018-01-04 23:23 - 000000000 ____D C:\Users\Amar\Desktop\dokumenti
2020-12-02 15:42 - 2020-07-29 02:42 - 000000000 ____D C:\Users\Amar\Documents\Camtasia Studio
2020-12-02 10:43 - 2009-07-14 06:08 - 000032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-11-24 17:58 - 2018-09-15 15:08 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-24 17:57 - 2018-09-15 15:08 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-23 22:22 - 2014-10-29 01:22 - 000000000 ____D C:\Users\armin
2020-11-23 12:03 - 2020-06-23 00:44 - 000000000 ____D C:\Users\Amar\AppData\Local\VirtualStore
2020-11-16 20:29 - 2019-06-14 19:52 - 000000000 ____D C:\Users\armin\AppData\Local\ElevatedDiagnostics
2020-11-16 18:40 - 2020-09-09 16:25 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Zoom

==================== Files in the root of some directories ========

2015-01-22 10:32 - 2010-11-20 13:17 - 076067456 ___SH () C:\ProgramData\msqhezfr.exe
2015-01-22 10:32 - 2010-11-20 13:17 - 084018560 ___SH () C:\ProgramData\mssivchco.exe
2020-07-29 02:19 - 2020-07-29 02:19 - 000000046 _____ () C:\Users\armin\AppData\Roaming\Camdata.ini
2020-07-29 02:19 - 2020-07-29 02:19 - 000000408 _____ () C:\Users\armin\AppData\Roaming\CamLayout.ini
2020-07-29 02:19 - 2020-07-29 02:19 - 000000408 _____ () C:\Users\armin\AppData\Roaming\CamShapes.ini
2020-07-29 02:19 - 2020-07-29 02:19 - 000004535 _____ () C:\Users\armin\AppData\Roaming\CamStudio.cfg
2020-07-29 02:16 - 2020-07-29 02:16 - 000000096 _____ () C:\Users\armin\AppData\Roaming\version2.xml
2020-09-16 19:11 - 2020-09-16 19:11 - 000000000 _____ () C:\Users\armin\AppData\Local\oobelibMkey.log
2017-02-26 20:56 - 2017-02-26 20:56 - 000002715 _____ () C:\Users\armin\AppData\Local\recently-used.xbel
2016-10-07 21:15 - 2016-10-07 21:15 - 000000017 _____ () C:\Users\armin\AppData\Local\resmon.resmoncfg
2015-07-02 12:40 - 2015-07-02 12:40 - 000000003 _____ () C:\Users\armin\AppData\Local\updater.log
2015-07-02 12:40 - 2017-05-06 14:10 - 000000425 _____ () C:\Users\armin\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-10-08 17:13
==================== End of FRST.txt ========================

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 23 Maj 2020
  • Poruke: 139

Zdravo amar54k,

Moje ime ovde je L3g1oN i ja cu ti pomagati oko malware problema na tvom kompjuteru. Ja sam trenutno pripravnik i moji se odgovori moraju prvo odobriti od strane iskusnijeg helpera, pa mozda potraje malo duze izmedju odgovora. Pozitivna strana je da vise od jednog para ociju prolazi kroz tvoje logove, tako da manje sanse da ce se nesto propustiti.


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM\...\Policies\Explorer\Run: [1013720632] => C:\ProgramData\msqhezfr.exe [76067456 2010-11-20] () [File not signed] [File is in use]
Startup: C:\Users\armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtusrucv.lnk [2019-12-29]
ShortcutAndArgument: gtusrucv.lnk -> C:\Windows\System32\cmd.exe => /c start "" "C:\Users\armin\AppData\Roaming\Microsoft\Windows\gtusrucv\eeadrrcw.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

C:\ProgramData\msqhezfr.exe
C:\Users\armin\AppData\Roaming\Microsoft\Windows\gtusrucv
2015-01-22 10:32 - 2010-11-20 13:17 - 084018560 ___SH () C:\ProgramData\mssivchco.exe
2020-12-09 15:26 - 2020-12-09 15:29 - 000000000 ____D C:\Windows\w
2020-12-09 15:26 - 2020-12-09 15:29 - 000000000 ____D C:\Windows\c
2020-12-09 15:26 - 2020-09-23 10:29 - 000001054 _____ C:\Windows\d.bat
2020-12-09 15:26 - 2020-09-01 15:41 - 000014546 _____ C:\Windows\c.bat
2020-12-09 15:26 - 2020-09-01 15:39 - 000000526 _____ C:\Windows\ct.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000320 _____ C:\Windows\e.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000308 _____ C:\Windows\d.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000302 _____ C:\Windows\mn.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000302 _____ C:\Windows\mf.reg
2020-12-09 15:26 - 2020-08-23 22:36 - 000000001 _____ C:\Windows\y.txt

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Reci mi i kakvo je stanje sistema nakon restarta.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

FIXLOG:
https://www.mycity.rs/must-login.png
stanje je bolje dosta, ne otvaraju mi se oni programi vise

offline
  • Pridružio: 23 Maj 2020
  • Poruke: 139

Hvala na logu.

Odradi jos jedno skeniranje FRST-om kao prvog puta sa Desktopa i dostavi oba izvestaja.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Hvala puno L3g1oN Smile
FRST NOVI:
https://www.mycity.rs/must-login.png
Addition:
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 23 Maj 2020
  • Poruke: 139

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

HKU\S-1-5-21-3658772538-1096541145-719832770-1003\...\ChromeHTML: ->  <==== ATTENTION
HKLM\...\Run: [Autodesk Sync] => [X]
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3658772538-1096541145-719832770-1000\...\MountPoints2: {9f4fa100-9aa3-11ea-85dd-8ca9821a4408} - E:\SISetup.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

Fixlog:
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 23 Maj 2020
  • Poruke: 139

Tvoj sistem je sada cist sto se malwera tice.

1. Preimenuj FRST sa Desktopa u uninstall i pokreni ga. Sistem ce zatraziti restart i nakon toga ce FRST sa svim svojim dodatnim fajlovima biti obrisan.

2.
Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.

Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.


3. Mogu primetiti da si se vec par puta javljao Ambulanti za pomoc sa slicnim problemima, koji najverovatnije poticu od koriscenja P2P (Peer-to-Peer) programa, takozvanog torenta. Moj ti je savet da ga sto manje koristis i da pazis sta i odakle skidas, jer ces verovatno vrlo brzo ponovo nahvatiti neku infekciju.

4. Takodje se moze primetiti iz tvojih logova da nemas nijedan antivirusni program instaliran na sistemu (osim Windows-ovog Defendera i to outdated). Instaliraj neki besplatni kako bi se bar malo zastitio, na primer Avast.

offline
  • Pridružio: 11 Okt 2014
  • Poruke: 358

hvala puno L3g1oN na pomoci i na savjetima, želim ti sve najbolje, čuvaj se, svako dobro i lijep pozdrav

Ko je trenutno na forumu
 

Ukupno su 804 korisnika na forumu :: 30 registrovanih, 8 sakrivenih i 766 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Aleksandar Tomić, babaroga, bojankrstc, Boris BM, Brana01, cenejac111, Dimitrije Paunovic, doktor1964, gasha, Georgius, Ivan001, kikisp, Marko Marković, Mcdado, Mi lao shu, milenko crazy north, Milos ZA, milos.cbr, Petarvu, procesor, rodoljub, sasa87, stegonosa, Stija zmija, Toper, Tvrtko I, vathra, vukovi, Zimbabwe