|
|
|
Poslao: 20 Dec 2017 21:11
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Deinstaliraj Avira Connect.
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
GroupPolicy: Restriction - Chrome <==== ATTENTION
Task: {301DABBC-B52E-45B6-B62D-9C14E4EBA48C} - System32\Tasks\13691-56969-24172 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\13691.56969.24172\13691.56969.24172.dll",QueryActiveSession
Task: {AD5A418C-C266-4F1D-ACD8-E76F78F3A37C} - System32\Tasks\96940-69632-63383 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\96940.69632.63383\96940.69632.63383.dll",QueryActiveSession
Task: {FC377081-50D6-4DB4-A107-C6F22AABD88E} - System32\Tasks\98542-11526-41621 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\98542.11526.41621\98542.11526.41621.dll",QueryActiveSession
VirusTotal: C:\WINDOWS\SysWOW64\chtbrkg.dll;C:\WINDOWS\system32\chtbrkg.dll
C:\ProgramData\13691.56969.24172
C:\ProgramData\96940.69632.63383
C:\ProgramData\98542.11526.41621
U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
Poslao: 21 Dec 2017 05:57
|
offline
- Pridružio: 25 Maj 2005
- Poruke: 175
|
Napisano: 20 Dec 2017 22:02
Uradio sam i izbacila se poruka no fixlist.txt found.
Dopuna: 20 Dec 2017 23:04
mycity.rs/must-login.png
Dopuna: 21 Dec 2017 5:57
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Tamara (20-12-2017 22:59:01) Run:1
Running from C:\Users\Tamara\Desktop
Loaded Profiles: Tamara (Available Profiles: Tamara)
Boot Mode: Normal
==============================================
fixlist content:
*****************
GroupPolicy: Restriction - Chrome <==== ATTENTION
Task: {301DABBC-B52E-45B6-B62D-9C14E4EBA48C} - System32\Tasks\13691-56969-24172 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\13691.56969.24172\13691.56969.24172.dll",QueryActiveSession
Task: {AD5A418C-C266-4F1D-ACD8-E76F78F3A37C} - System32\Tasks\96940-69632-63383 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\96940.69632.63383\96940.69632.63383.dll",QueryActiveSession
Task: {FC377081-50D6-4DB4-A107-C6F22AABD88E} - System32\Tasks\98542-11526-41621 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\98542.11526.41621\98542.11526.41621.dll",QueryActiveSession
VirusTotal: C:\WINDOWS\SysWOW64\chtbrkg.dll;C:\WINDOWS\system32\chtbrkg.dll
C:\ProgramData\13691.56969.24172
C:\ProgramData\96940.69632.63383
C:\ProgramData\98542.11526.41621
*****************
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{301DABBC-B52E-45B6-B62D-9C14E4EBA48C} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301DABBC-B52E-45B6-B62D-9C14E4EBA48C}" => removed successfully
C:\WINDOWS\System32\Tasks\13691-56969-24172 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\13691-56969-24172" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AD5A418C-C266-4F1D-ACD8-E76F78F3A37C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5A418C-C266-4F1D-ACD8-E76F78F3A37C}" => removed successfully
C:\WINDOWS\System32\Tasks\96940-69632-63383 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\96940-69632-63383" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FC377081-50D6-4DB4-A107-C6F22AABD88E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC377081-50D6-4DB4-A107-C6F22AABD88E}" => removed successfully
C:\WINDOWS\System32\Tasks\98542-11526-41621 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98542-11526-41621" => removed successfully
VirusTotal: C:\WINDOWS\SysWOW64\chtbrkg.dll => virustotal.com/file/1fef2a07fa6a02beaf.....508320755/
VirusTotal: C:\WINDOWS\system32\chtbrkg.dll => virustotal.com/file/3878219f3e369daf59.....508184709/
C:\ProgramData\13691.56969.24172 => moved successfully
C:\ProgramData\96940.69632.63383 => moved successfully
C:\ProgramData\98542.11526.41621 => moved successfully
The system needed a reboot.
==== End of Fixlog 22:59:03 ====
|
|
|
|
Poslao: 21 Dec 2017 10:21
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
ProxyEnable: [S-1-5-21-58988072-87738606-1469498150-1000] => Proxy is enabled.
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 25 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 06 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 07 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 08 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 09 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 10 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 11 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 12 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 25 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
C:\WINDOWS\system32\chtbrkg.dll
C:\WINDOWS\SysWOW64\chtbrkg.dll
U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
Poslao: 21 Dec 2017 15:44
|
offline
- Pridružio: 25 Maj 2005
- Poruke: 175
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Tamara (21-12-2017 14:47:37) Run:2
Running from C:\Users\Tamara\Desktop
Loaded Profiles: Tamara (Available Profiles: Tamara)
Boot Mode: Normal
==============================================
fixlist content:
*****************
ProxyEnable: [S-1-5-21-58988072-87738606-1469498150-1000] => Proxy is enabled.
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9 25 C:\WINDOWS\SysWOW64\chtbrkg.dll [590848 2016-11-09] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 06 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 07 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 08 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 09 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 10 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 11 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 12 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
Winsock: Catalog9-x64 25 C:\WINDOWS\system32\chtbrkg.dll [778752 2016-11-09] ()
C:\WINDOWS\system32\chtbrkg.dll
C:\WINDOWS\SysWOW64\chtbrkg.dll
*****************
HKU\S-1-5-21-58988072-87738606-1469498150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000025" => removed successfully
C:\WINDOWS\system32\chtbrkg.dll => moved successfully
C:\WINDOWS\SysWOW64\chtbrkg.dll => moved successfully
==== End of Fixlog 14:47:37 ====
|
|
|
|
Poslao: 21 Dec 2017 18:27
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish
Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.
• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.
Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.
Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.
• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.
|
|
|
|
Poslao: 21 Dec 2017 19:47
|
offline
- Pridružio: 25 Maj 2005
- Poruke: 175
|
Ranije sam skenirao Malwarebytes Anti-Malwarom i zato si sada nije nasao nista.Sada mi rasi firefox.Hvala na strpljivosti i pomoćo.Pozdrav
|
|
|
|
|