Poslao: 28 Jan 2017 22:27
|
offline
- bojan12342
- Zaslužni građanin
- Pridružio: 12 Nov 2012
- Poruke: 505
- Gde živiš: Banja Luka
|
ne mogu da obrisem nikako ovaj fanli90 stalno se pojavljue kada otvorim ili chrome ili mozilu probao sam malwerebytes i sa adwcleaner ali se opet pojavi brisao sam pretrazivace i opet instal ali opet isto
|
|
|
|
|
|
Poslao: 29 Jan 2017 00:21
|
offline
- return void
- Anti Malware Fighter
Rank 1
- Pridružio: 02 Jan 2008
- Poruke: 2167
|
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [CT7PyAZXY-.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\CT7PyAZXY-.exe [1192448 2017-01-28] ()
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [nS+q-7t-Lx.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\nS+q-7t-Lx.exe [1437184 2017-01-28] (dshgghsd)
C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}
HKLM\...\Providers\1j5dun8q: C:\Program Files\Nabsthenoly Core\local32spl.dll
C:\Program Files\Nabsthenoly Core
ShellExecuteHooks: No Name - {50F91B90-DE41-11E6-950F-64006A5CFC23} - C:\Users\korisnik\AppData\Roaming\Chsetazle\Masersegisuward.dll -> No File
C:\Users\korisnik\AppData\Roaming\Chsetazle
R2 Pettckirertain; C:\Program Files\Cluvigegowory\pdyCnt.dll [149504 2017-01-28] () [File not signed]
C:\Program Files\Cluvigegowory
2017-01-28 16:23 - 2017-01-28 16:23 - 00000000 ____D C:\Users\korisnik\AppData\Local\NetworkTiles
2017-01-28 16:11 - 2017-01-28 16:51 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Chsetazle
2017-01-28 16:11 - 2017-01-28 16:11 - 00000000 ____D C:\Users\korisnik\AppData\Local\Vhachthilige
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-28 16:11 - 2017-01-28 16:11 - 00149504 _____ () c:\program files\cluvigegowory\pdycnt.dll
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "CT7PyAZXY-.exe"
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "nS+q-7t-Lx.exe"
File: C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
Hosts:
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Nakon toga,
Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
|
|
|
|
|
|
Poslao: 04 Feb 2017 22:19
|
offline
- romano.comic
- Novi MyCity građanin
- Pridružio: 04 Feb 2017
- Poruke: 1
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by PC (04-02-2017 22:10:04) Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [CT7PyAZXY-.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\CT7PyAZXY-.exe [1192448 2017-01-28] ()
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [nS+q-7t-Lx.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\nS+q-7t-Lx.exe [1437184 2017-01-28] (dshgghsd)
C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}
HKLM\...\Providers\1j5dun8q: C:\Program Files\Nabsthenoly Core\local32spl.dll
C:\Program Files\Nabsthenoly Core
ShellExecuteHooks: No Name - {50F91B90-DE41-11E6-950F-64006A5CFC23} - C:\Users\korisnik\AppData\Roaming\Chsetazle\Masersegisuward.dll -> No File
C:\Users\korisnik\AppData\Roaming\Chsetazle
R2 Pettckirertain; C:\Program Files\Cluvigegowory\pdyCnt.dll [149504 2017-01-28] () [File not signed]
C:\Program Files\Cluvigegowory
2017-01-28 16:23 - 2017-01-28 16:23 - 00000000 ____D C:\Users\korisnik\AppData\Local\NetworkTiles
2017-01-28 16:11 - 2017-01-28 16:51 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Chsetazle
2017-01-28 16:11 - 2017-01-28 16:11 - 00000000 ____D C:\Users\korisnik\AppData\Local\Vhachthilige
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-28 16:11 - 2017-01-28 16:11 - 00149504 _____ () c:\program files\cluvigegowory\pdycnt.dll
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "CT7PyAZXY-.exe"
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "nS+q-7t-Lx.exe"
File: C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
Hosts:
EmptyTemp:
*****************
Restore point was successfully created.
ZNAČI ISTA STVAR, slijedio sam upute i ovo mi je izbacilo
|
|
|
|
Poslao: 05 Feb 2017 18:00
|
offline
- return void
- Anti Malware Fighter
Rank 1
- Pridružio: 02 Jan 2008
- Poruke: 2167
|
romano.comic ::Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by PC (04-02-2017 22:10:04) Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [CT7PyAZXY-.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\CT7PyAZXY-.exe [1192448 2017-01-28] ()
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\Run: [nS+q-7t-Lx.exe] => C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}\nS+q-7t-Lx.exe [1437184 2017-01-28] (dshgghsd)
C:\Users\korisnik\AppData\Roaming\{97d-95-e8-b74dc-a8008-b3bb-9e426}
HKLM\...\Providers\1j5dun8q: C:\Program Files\Nabsthenoly Core\local32spl.dll
C:\Program Files\Nabsthenoly Core
ShellExecuteHooks: No Name - {50F91B90-DE41-11E6-950F-64006A5CFC23} - C:\Users\korisnik\AppData\Roaming\Chsetazle\Masersegisuward.dll -> No File
C:\Users\korisnik\AppData\Roaming\Chsetazle
R2 Pettckirertain; C:\Program Files\Cluvigegowory\pdyCnt.dll [149504 2017-01-28] () [File not signed]
C:\Program Files\Cluvigegowory
2017-01-28 16:23 - 2017-01-28 16:23 - 00000000 ____D C:\Users\korisnik\AppData\Local\NetworkTiles
2017-01-28 16:11 - 2017-01-28 16:51 - 00000000 ____D C:\Users\korisnik\AppData\Roaming\Chsetazle
2017-01-28 16:11 - 2017-01-28 16:11 - 00000000 ____D C:\Users\korisnik\AppData\Local\Vhachthilige
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
C:\Users\korisnik\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-01-28 16:11 - 2017-01-28 16:11 - 00149504 _____ () c:\program files\cluvigegowory\pdycnt.dll
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "CT7PyAZXY-.exe"
HKU\S-1-5-21-3813550502-1410529358-1024537911-1002\...\StartupApproved\Run: => "nS+q-7t-Lx.exe"
File: C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
Hosts:
EmptyTemp:
*****************
Restore point was successfully created.
ZNAČI ISTA STVAR, slijedio sam upute i ovo mi je izbacilo
Logovi koji se nalaze u ovoj temi namenjeni su iskljucivo za racunar korisnika koji je temu kreirao. U skladu sa tim, clanovi AMF tima za svakog korisnika prave poseban "fix", i koriscenje jednog fix-a na drugom racunaru nije preporucljivo i moze izazvati stetu!
Preporucujem ti da ispratis uputstvo o tome kako kreirati temu u Ambulanti, u kojoj cemo nastaviti diskusiju o problemu koji imas: https://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
|
|
|
|