MyCity » Ambulanta -> Arhiva Ambulante » Virus mi je napao kompjuter

Virus mi je napao kompjuter

Napisano na dan: 23.8.2017
1

Virus mi je napao kompjuter
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Avg 2017 14:46
Idi na vrh
offline
  • Pridružio: 11 Okt 2014
  • Poruke: 362

Danas sam skinuo neki torrent i sa njim mi se instaliralo 5 programa koje sam deinstalirao. Kada uđem na browser ne mogu ništa da pretražim. Obrisao sam i torrent. Skenirao sam pc sa eset nod 32 antivirusom i on je od 60 riješio 30 threats (prijetnji). Može pomoć.
Skenirao sam sa FRST64:
[Link mogu videti samo ulogovani korisnici]
Pogledajte video da vidite o čemu se radi:
[Link mogu videti samo ulogovani korisnici]
Može pomoć?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Amar (administrator) on AMAR-PC (23-08-2017 15:28:25)
Running from C:\Users\Amar\Desktop
Loaded Profiles: Amar & UpdatusUser (Available Profiles: Amar & UpdatusUser & amar-PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Amar\AppData\Roaming\uosto512l0q\uccd0xg5xmw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Vicky's Cool Softwares) C:\Program Files (x86)\ShutDown After\SA.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-05-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [SysMon] => C:\Program Files\Common Files\YQMIYM\ir1q0JMxui.exe [183808 2017-08-08] ()
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [1fvf33dwljx] => C:\Users\Amar\AppData\Roaming\uosto512l0q\uccd0xg5xmw.exe [8192 2017-08-23] ()
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [J3XNGS2DTJZGWC7] => C:\Program Files\3M5RLCBQEU\3M5RLCBQE.exe [1040384 2017-08-23] (JIXYM6)
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: {e6dc0f70-42b6-11e7-8c59-005056c00008} - F:\Startme.exe
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShutDown After.lnk [2017-08-08]
ShortcutTarget: ShutDown After.lnk -> C:\Program Files (x86)\ShutDown After\SA.exe (Vicky's Cool Softwares)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3894383191-3516363779-2002392177-1001] => [Link mogu videti samo ulogovani korisnici]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{115EF0E8-F4C7-45ED-93B3-5CF4FB330A84}: [DhcpNameServer] 192.168.1.1
ManualProxies: [Link mogu videti samo ulogovani korisnici]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3894383191-3516363779-2002392177-1003\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-3894383191-3516363779-2002392177-1003\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> DefaultScope {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1003 -> DefaultScope {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1003 -> {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\Amar\AppData\Local\htyh\application\HTDataView64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-06] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\Amar\AppData\Local\htyh\application\HTDataView.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

FireFox:
========
FF DefaultProfile: iv62gla3.default
FF ProfilePath: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\iv62gla3.default [2017-08-23]
FF NewTab: Mozilla\Firefox\Profiles\iv62gla3.default -> C:\\ProgramData\\Plusdaxs\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\iv62gla3.default -> C:\\ProgramData\\Plusdaxs\\ff.HP
FF Extension: (Auto Shutdown NG) - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\iv62gla3.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-12-31] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2017-08-23]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Amar\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\15306584.js [2017-01-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\15306584.cfg [2017-01-27] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> [Link mogu videti samo ulogovani korisnici]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> [Link mogu videti samo ulogovani korisnici]{searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-06]
CHR Extension: (Google Docs) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (Adguard AdBlocker) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-07-17]
CHR Extension: (YouTube) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (GreenAssistant) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bncccjepkagemgfhbeknoggaadchfcfb [2017-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Google Sheets) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bncccjepkagemgfhbeknoggaadchfcfb] - <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - [Link mogu videti samo ulogovani korisnici]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppCheckVersion; C:\Windows\SysWow64\AppCheckVersion.dll [478504 2017-08-23] ()
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-06-13] (ESET)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S4 LenovoPcManagerService; "C:\Program Files (x86)\Lenovo\PCManager\LenovoPcManagerService.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77224 2017-05-04] (ESET)
R3 netfitsprocadapter; C:\Windows\System32\DRIVERS\netfitsproc.sys [30480 2016-11-05] (Netfits)
R2 UefGdstor; C:\Windows\system32\drivers\UefGdster.sys [198688 2015-09-29] () <==== ATTENTION
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 15:17 - 2017-08-23 15:17 - 000014121 _____ C:\Users\Amar\Desktop\Chrome.lnk
2017-08-23 15:07 - 2017-08-23 15:07 - 000000000 ____D C:\ProgramData\Origin
2017-08-23 13:10 - 2017-08-23 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-08-23 13:10 - 2017-08-23 13:10 - 000000000 ____D C:\ProgramData\ESET
2017-08-23 13:10 - 2017-08-23 13:10 - 000000000 ____D C:\Program Files\ESET
2017-08-23 13:07 - 2017-08-23 13:08 - 000001795 _____ C:\Users\Amar\Downloads\444d17d5-8b49-4277-bfa7-ac48246d7856
2017-08-23 12:55 - 2017-08-23 12:55 - 000003584 _____ C:\Windows\System32\Tasks\{B85E00EF-B2F3-4F2E-825E-B31377DBC8F3}
2017-08-23 12:53 - 2017-08-23 15:29 - 000018935 _____ C:\Users\Amar\Desktop\FRST.txt
2017-08-23 12:48 - 2017-08-23 12:48 - 000000000 ____D C:\Program Files\SEQ2XQTCLD
2017-08-23 12:41 - 2017-08-23 12:41 - 000000000 ____D C:\Users\Amar\AppData\Roaming\chroma
2017-08-23 12:41 - 2017-08-23 12:41 - 000000000 ____D C:\Users\Amar\AppData\Local\Chromium
2017-08-23 12:40 - 2017-08-23 12:49 - 000003002 _____ C:\Windows\System32\Tasks\RunAtStartup
2017-08-23 12:39 - 2017-08-23 13:19 - 000000000 ____D C:\Program Files (x86)\WindowsTM
2017-08-23 12:39 - 2017-08-23 12:39 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-08-23 12:38 - 2017-08-23 12:58 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2017-08-23 12:38 - 2017-08-23 12:46 - 000000000 ____D C:\ProgramData\Windows
2017-08-23 12:38 - 2017-08-23 12:38 - 000014906 _____ C:\Windows\System32\Tasks\{4EEDD51C-C0B6-4481-8D64-C590156D203B}
2017-08-23 12:38 - 2017-08-23 12:38 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-23 12:37 - 2017-08-23 13:15 - 000000000 ____D C:\ProgramData\Logic Cramble
2017-08-23 12:37 - 2017-08-23 13:14 - 000000000 ____D C:\ProgramData\PrefsSecure
2017-08-23 12:37 - 2017-08-23 12:38 - 000000000 ____D C:\ProgramData\Plusdaxs
2017-08-23 12:37 - 2017-08-23 12:37 - 007324160 _____ C:\Users\Amar\AppData\Local\agent.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 001899372 _____ C:\Users\Amar\AppData\Local\Yeardax.tst
2017-08-23 12:37 - 2017-08-23 12:37 - 000126464 _____ C:\Users\Amar\AppData\Local\noah.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000070800 _____ C:\Users\Amar\AppData\Local\Config.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 000018432 _____ C:\Users\Amar\AppData\Local\Main.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000005568 _____ C:\Users\Amar\AppData\Local\md.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 000000000 ____D C:\ProgramData\5e7a20ae-6343-0
2017-08-23 12:37 - 2017-08-23 12:37 - 000000000 ____D C:\ProgramData\5e7a20ae-0e35-1
2017-08-23 12:36 - 2017-08-23 14:22 - 000000000 ____D C:\Program Files (x86)\YeaDesktop
2017-08-23 12:36 - 2017-08-23 13:00 - 001847296 _____ C:\Users\Amar\AppData\Local\po.db
2017-08-23 12:36 - 2017-08-23 12:37 - 000019008 _____ C:\Users\Amar\AppData\Local\InstallationConfiguration.xml
2017-08-23 12:36 - 2017-08-23 12:36 - 000140800 _____ C:\Users\Amar\AppData\Local\installer.dat
2017-08-23 12:35 - 2017-08-23 12:38 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-08-23 12:35 - 2017-08-23 12:35 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-08-23 12:35 - 2017-08-23 12:35 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Microleaves
2017-08-23 12:35 - 2017-08-23 12:35 - 000000000 ____D C:\Users\Amar\AppData\Local\AdvinstAnalytics
2017-08-23 12:35 - 2017-08-23 12:35 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-08-23 12:29 - 2017-08-23 12:29 - 000079821 _____ C:\Users\Amar\Desktop\test.pdf
2017-08-14 14:15 - 2017-08-14 14:16 - 008185288 _____ (Malwarebytes) C:\Users\Amar\Downloads\AdwCleaner.exe
2017-08-14 14:14 - 2017-08-23 15:28 - 000000000 ____D C:\FRST
2017-08-14 14:14 - 2017-08-23 07:32 - 002395648 _____ (Farbar) C:\Users\Amar\Desktop\FRST64.exe
2017-08-14 14:12 - 2017-08-14 14:12 - 001766912 _____ (Farbar) C:\Users\Amar\Downloads\FRST_19-04-17.exe
2017-08-14 14:04 - 2017-08-14 14:06 - 014435104 _____ (IObit) C:\Users\Amar\Downloads\iobituninstaller.exe
2017-08-14 13:45 - 2017-08-14 13:54 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-08 12:42 - 2017-08-08 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShutDown After
2017-08-08 12:42 - 2017-08-08 12:42 - 000000000 ____D C:\Program Files (x86)\ShutDown After
2017-08-08 12:42 - 2004-04-12 17:26 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2017-08-08 12:42 - 2004-04-12 17:26 - 000118064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msadodc.ocx
2017-08-08 12:42 - 2004-04-12 17:26 - 000073728 _____ C:\Windows\sadata.v
2017-08-08 12:40 - 2017-08-23 15:10 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Event Monitor
2017-08-08 12:39 - 2017-08-23 15:10 - 000000000 ____D C:\Program Files (x86)\pccleanplus
2017-08-08 12:39 - 2017-08-23 12:39 - 000478504 _____ C:\Windows\SysWOW64\AppCheckVersion.dll
2017-08-08 12:39 - 2017-08-23 12:39 - 000000000 ____D C:\Users\Amar\AppData\Roaming\uosto512l0q
2017-08-08 12:39 - 2017-08-23 12:39 - 000000000 ____D C:\Program Files\3M5RLCBQEU
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Roaming\baidu
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Roaming\360se6
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Local\UCBrowser
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Local\Tencent
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Local\360chrome
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Users\Amar\AppData\Local\2345explorer
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\ProgramData\Cache
2017-08-08 12:39 - 2017-08-08 12:39 - 000000000 ____D C:\Program Files\Common Files\YQMIYM
2017-07-26 16:32 - 2017-07-26 16:32 - 007288281 _____ C:\Users\Amar\Downloads\Free Youtube & Avatar Rebrand Template.zip
2017-07-26 16:19 - 2017-07-26 16:20 - 031056281 _____ C:\Users\Amar\Downloads\Banner_template.psd
2017-07-26 15:05 - 2017-08-23 12:32 - 000000000 ____D C:\Users\Amar\AppData\LocalLow\uTorrent
2017-07-26 13:52 - 2017-07-26 13:52 - 002805701 _____ C:\Users\Amar\Downloads\Android Studio for beginners.pdf
2017-07-26 13:37 - 2017-07-26 13:38 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Notepad++
2017-07-26 12:49 - 2017-07-26 12:49 - 000587434 _____ C:\Users\Amar\Downloads\Uvod u JavaScript.pdf
2017-07-26 12:48 - 2017-07-26 12:48 - 004440720 _____ C:\Users\Amar\Downloads\Uvod u (X)HTML, HTML i CSS.pdf
2017-07-26 12:31 - 2017-07-26 12:31 - 000000000 ____D C:\Users\Amar\AppData\Local\Android
2017-07-26 11:42 - 2017-07-26 13:11 - 2020009280 _____ (Google Inc.) C:\Users\Amar\Downloads\android-studio-bundle-162.4069837-windows.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 15:27 - 2015-04-27 11:35 - 000000000 ____D C:\Users\Amar\Documents\Camtasia Studio
2017-08-23 15:18 - 2015-04-27 12:11 - 000005120 _____ C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-23 13:59 - 2016-11-05 11:13 - 000000000 ____D C:\Users\Amar\AppData\Roaming\MinesweeperApp
2017-08-23 13:56 - 2015-04-20 14:30 - 000000000 ____D C:\Users\Amar\AppData\Local\ESET
2017-08-23 13:55 - 2016-12-31 02:31 - 000000000 ____D C:\Users\Amar\AppData\LocalLow\Mozilla
2017-08-23 13:47 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-23 13:47 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-23 13:42 - 2017-06-06 19:36 - 000000000 ____D C:\Users\Amar\AppData\Local\LogMeIn Hamachi
2017-08-23 13:42 - 2015-06-27 18:42 - 000000000 ____D C:\Users\Amar\AppData\Local\CrashDumps
2017-08-23 13:19 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 13:18 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\MegaDialer
2017-08-23 13:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-23 12:53 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-23 12:39 - 2017-07-20 17:58 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-23 12:39 - 2017-03-06 09:00 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 12:38 - 2015-08-31 20:04 - 000001405 _____ C:\Users\amar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-23 12:38 - 2015-06-17 16:28 - 000001132 _____ C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-23 12:19 - 2015-04-26 11:27 - 000000000 ____D C:\Users\Amar\AppData\Local\Adobe
2017-08-23 07:58 - 2015-04-20 14:12 - 000000000 ____D C:\Users\Amar\AppData\LocalLow\Temp
2017-08-23 07:13 - 2009-07-14 07:08 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-15 13:06 - 2015-06-14 22:11 - 000000000 ____D C:\Users\Amar\Documents\SonyVegasPro13
2017-08-14 14:01 - 2017-05-05 14:59 - 000000000 ____D C:\Users\Amar\Desktop\icons 2
2017-08-14 13:57 - 2017-06-30 22:45 - 000000000 ____D C:\Users\Amar\AppData\Roaming\Visual Studio Setup
2017-08-14 13:57 - 2016-12-17 13:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-08-14 13:57 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-14 13:56 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-12 10:04 - 2015-10-23 20:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-12 10:03 - 2015-10-23 20:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-08 12:10 - 2015-04-26 11:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 12:10 - 2015-04-26 11:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 12:10 - 2015-04-26 11:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 12:10 - 2015-04-26 11:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 12:10 - 2015-04-26 11:28 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-08 12:04 - 2017-05-19 14:41 - 000000000 ____D C:\ProgramData\YTD Video Downloader
2017-07-26 12:42 - 2017-04-20 11:10 - 000000000 ____D C:\Users\Amar\.android

==================== Files in the root of some directories =======

2016-11-13 08:28 - 2016-11-13 09:53 - 007065600 _____ () C:\Program Files (x86)\GUTE244.tmp
2015-09-29 15:45 - 2015-09-29 15:46 - 225111747 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-09-29 15:45 - 2015-09-29 15:46 - 000002615 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2017-08-23 12:37 - 2017-08-23 12:37 - 007324160 _____ () C:\Users\Amar\AppData\Local\agent.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000070800 _____ () C:\Users\Amar\AppData\Local\Config.xml
2015-04-27 12:11 - 2017-08-23 15:18 - 000005120 _____ () C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-23 12:36 - 2017-08-23 12:37 - 000019008 _____ () C:\Users\Amar\AppData\Local\InstallationConfiguration.xml
2017-08-23 12:36 - 2017-08-23 12:36 - 000140800 _____ () C:\Users\Amar\AppData\Local\installer.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000018432 _____ () C:\Users\Amar\AppData\Local\Main.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000005568 _____ () C:\Users\Amar\AppData\Local\md.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 000126464 _____ () C:\Users\Amar\AppData\Local\noah.dat
2017-08-23 12:36 - 2017-08-23 13:00 - 001847296 _____ () C:\Users\Amar\AppData\Local\po.db
2016-09-30 15:43 - 2016-09-30 15:43 - 000000017 _____ () C:\Users\Amar\AppData\Local\resmon.resmoncfg
2015-05-24 17:54 - 2015-05-24 17:54 - 000000000 _____ () C:\Users\Amar\AppData\Local\Temp.dat
2017-08-23 12:39 - 2017-08-23 12:39 - 000001150 _____ () C:\Users\Amar\AppData\Local\uninstall_temp.ico
2015-06-08 23:30 - 2015-06-08 23:30 - 000000424 _____ () C:\Users\Amar\AppData\Local\UserProducts.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 001899372 _____ () C:\Users\Amar\AppData\Local\Yeardax.tst
2015-09-16 22:24 - 2015-09-16 22:25 - 000000000 _____ () C:\Users\Amar\AppData\Local\{504D41A7-5467-424F-BF52-2A2F4EB85207}
2016-11-11 14:26 - 2016-11-11 14:26 - 000000000 _____ () C:\Users\Amar\AppData\Local\{79C96F4C-FD07-4039-8A40-42F8A3753A40}

Some files in TEMP:
====================
2017-08-23 12:58 - 2017-08-23 12:58 - 000005095 _____ () C:\Users\Amar\AppData\Local\Temp\C4XG9259B958.exe
2017-08-22 09:09 - 2017-08-22 09:09 - 001984204 _____ () C:\Users\Amar\AppData\Local\Temp\setup.dll
2017-08-23 12:38 - 2017-08-23 12:38 - 000374181 _____ (WeMonetize ) C:\Users\Amar\AppData\Local\Temp\UGJB2NB.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-24 14:12

==================== End of FRST.txt ============================



Poslao: 23 Avg 2017 14:50
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nisi postavio Addition.txt izvještaj.



Poslao: 23 Avg 2017 14:53
Idi na vrh
offline
  • Pridružio: 11 Okt 2014
  • Poruke: 362

Addition:
[Link mogu videti samo ulogovani korisnici]

Poslao: 23 Avg 2017 15:25
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [SysMon] => C:\Program Files\Common Files\YQMIYM\ir1q0JMxui.exe [183808 2017-08-08] ()
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [1fvf33dwljx] => C:\Users\Amar\AppData\Roaming\uosto512l0q\uccd0xg5xmw.exe [8192 2017-08-23] ()
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\Run: [J3XNGS2DTJZGWC7] => C:\Program Files\3M5RLCBQEU\3M5RLCBQE.exe [1040384 2017-08-23] (JIXYM6)
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\...\MountPoints2: {e6dc0f70-42b6-11e7-8c59-005056c00008} - F:\Startme.exe
AutoConfigURL: [S-1-5-21-3894383191-3516363779-2002392177-1001] => hxxp://no-blocked.org/wpad.dat?44fc2c240c7d7e5cd59604da907a890024506622
ManualProxies: 0hxxp://no-blocked.org/wpad.dat?44fc2c240c7d7e5cd59604da907a890024506622
RemoveProxy:
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
HKU\S-1-5-21-3894383191-3516363779-2002392177-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X9L-FG7456sMIYiXYggE0omJlxMrYt8aYO6hmXy0cWooRCSuZkUicv3BEC6_OAtWzBOLS0jj-enSeUnYAhfNDIgs0sM1
HKU\S-1-5-21-3894383191-3516363779-2002392177-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X9L-FG7456sMIYiXYggE0omJlxMrYt8aYO6hmXy0cWooRCSuZkUicv3BEC6_OAtWzBOLS0jj-enSeUnYAhfNDIgs0sM1
HKU\S-1-5-21-3894383191-3516363779-2002392177-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1003 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894383191-3516363779-2002392177-1003 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X97vaqXgpstxaF97vn7s-kwE0xVZxdnfDRVs8CWILsLkP-Mw6V5FD6Gm1GjRjbAVPE4Ecg7p0dQ_viJlSg54LSwaKLPJ&q={searchTerms}
BHO: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\Amar\AppData\Local\htyh\application\HTDataView64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO-x32: º£ÌÔÄ£¿éÖúÊÖ -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> C:\Users\Amar\AppData\Local\htyh\application\HTDataView.dll => No File
FF NewTab: Mozilla\Firefox\Profiles\iv62gla3.default -> C:\\ProgramData\\Plusdaxs\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\iv62gla3.default -> C:\\ProgramData\\Plusdaxs\\ff.HP
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2017-08-23]
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Amar\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\15306584.js [2017-01-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\15306584.cfg [2017-01-27] <==== ATTENTION
CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X970ACcx9QsB4fE76WctQNCmjbpVi1QOiGbshfqYp-4XPvNSusnk3VR7js9gvfKhv4enW_B16ldKgfcA8D4vmKyKLCnL
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqePRm9wWNFlj_CnPl7-cmWIOf5UeAN6Sp9TrPb7J51FejWE9Ffk8h1_AKwlBmHiGHQQiTEPFrHC1X974if4r9ohTUpP7Kg7zcfQOPQSoFqiz7hZj1gglWM_0kEfRy39-U946_kxEzDZYdJkISG8OdsKPkFogb8vip9tH8Ey-&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (GreenAssistant) - C:\Users\Amar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bncccjepkagemgfhbeknoggaadchfcfb [2017-08-08]
R2 AppCheckVersion; C:\Windows\SysWow64\AppCheckVersion.dll [478504 2017-08-23] ()
R2 UefGdstor; C:\Windows\system32\drivers\UefGdster.sys [198688 2015-09-29] () <==== ATTENTION
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll -> No File
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {3D5CDA69-D0EA-42A4-949A-8D5B803FC62D} - System32\Tasks\{E6F26AAD-9F61-4583-803B-70B8D8EB34FC} => C:\Windows\system32\pcalua.exe -a C:\Users\Amar\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=obw
Task: {4274391B-FB4E-4C71-B915-8957DD0414E0} - System32\Tasks\{B85E00EF-B2F3-4F2E-825E-B31377DBC8F3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\CofHottough\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\CofHottough\uninstall.dat" -a uninstallme BCBC9992-3B7A-49EA-BAAD-B869438544E6 DeviceId=d9737a24-aabe-f142-7c29-4ff1ace5f483 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9F4D26A4-4136-4C85-B9EF-ACF4F4FC22F9} - System32\Tasks\{8D3A1597-5F0F-4657-AA3B-09569A148C72} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\CinemaP-1.9cV09.07\Uninstall.exe" -c /fcp=1
Task: {A32931DC-6063-423A-B1A2-F30ED02C1A96} - System32\Tasks\RunAtStartup => C:\Users\Amar\AppData\Roaming\Event Monitor\em.exe <==== ATTENTION
Task: {AFC2A1F5-821D-4A3C-BA6B-AAAA4E4A5F24} - System32\Tasks\{BC7C1AEC-7D00-4550-B188-5E7B185D1804} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\TymraSaq\Uninstaller.exe -c /ga=1503 /ai=120 /bi=0
Task: {D7C21268-35EB-4456-B679-717146FFFC05} - System32\Tasks\{4EEDD51C-C0B6-4481-8D64-C590156D203B} => rundll32.exe "C:\Users\Amar\AppData\Local\Microsoft\TaskPlay\caches.dat",StaticCache
VirusTotal: C:\Users\Amar\AppData\Local\Microsoft\TaskPlay\caches.dat
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Amar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
C:\Program Files\Common Files\YQMIYM
C:\Users\Amar\AppData\Roaming\uosto512l0q
C:\Program Files\3M5RLCBQEU
C:\Users\Amar\AppData\Local\htyh
C:\Windows\SysWow64\AppCheckVersion.dll
C:\Windows\system32\drivers\UefGdster.sys
C:\Users\Public\Documents\XMUpdate
C:\ProgramData\Microleaves
C:\ProgramData\Logic Cramble
C:\ProgramData\PrefsSecure
C:\ProgramData\Plusdaxs
C:\Users\Amar\AppData\Local\agent.dat
C:\Users\Amar\AppData\Local\Yeardax.tst
C:\Users\Amar\AppData\Local\noah.dat
C:\Users\Amar\AppData\Local\Config.xml
C:\Users\Amar\AppData\Local\Main.dat
C:\Users\Amar\AppData\Local\md.xml
C:\ProgramData\5e7a20ae-6343-0
C:\ProgramData\5e7a20ae-0e35-1
C:\Program Files (x86)\YeaDesktop
C:\Users\Amar\AppData\Roaming\Microleaves
C:\Users\Amar\AppData\Local\AdvinstAnalytics
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\pccleanplus
C:\Users\Amar\AppData\Roaming\baidu
C:\Users\Amar\AppData\Roaming\360se6
C:\Users\Amar\AppData\Local\UCBrowser
C:\Users\Amar\AppData\Local\Tencent
C:\Users\Amar\AppData\Local\360chrome
C:\Users\Amar\AppData\Local\2345explorer
2016-11-13 08:28 - 2016-11-13 09:53 - 007065600 _____ () C:\Program Files (x86)\GUTE244.tmp
2015-09-29 15:45 - 2015-09-29 15:46 - 225111747 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-09-29 15:45 - 2015-09-29 15:46 - 000002615 _____ () C:\Users\Amar\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2017-08-23 12:37 - 2017-08-23 12:37 - 007324160 _____ () C:\Users\Amar\AppData\Local\agent.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000070800 _____ () C:\Users\Amar\AppData\Local\Config.xml
2015-04-27 12:11 - 2017-08-23 15:18 - 000005120 _____ () C:\Users\Amar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-23 12:36 - 2017-08-23 12:37 - 000019008 _____ () C:\Users\Amar\AppData\Local\InstallationConfiguration.xml
2017-08-23 12:36 - 2017-08-23 12:36 - 000140800 _____ () C:\Users\Amar\AppData\Local\installer.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000018432 _____ () C:\Users\Amar\AppData\Local\Main.dat
2017-08-23 12:37 - 2017-08-23 12:37 - 000005568 _____ () C:\Users\Amar\AppData\Local\md.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 000126464 _____ () C:\Users\Amar\AppData\Local\noah.dat
2017-08-23 12:36 - 2017-08-23 13:00 - 001847296 _____ () C:\Users\Amar\AppData\Local\po.db
2016-09-30 15:43 - 2016-09-30 15:43 - 000000017 _____ () C:\Users\Amar\AppData\Local\resmon.resmoncfg
2015-05-24 17:54 - 2015-05-24 17:54 - 000000000 _____ () C:\Users\Amar\AppData\Local\Temp.dat
2017-08-23 12:39 - 2017-08-23 12:39 - 000001150 _____ () C:\Users\Amar\AppData\Local\uninstall_temp.ico
2015-06-08 23:30 - 2015-06-08 23:30 - 000000424 _____ () C:\Users\Amar\AppData\Local\UserProducts.xml
2017-08-23 12:37 - 2017-08-23 12:37 - 001899372 _____ () C:\Users\Amar\AppData\Local\Yeardax.tst
2015-09-16 22:24 - 2015-09-16 22:25 - 000000000 _____ () C:\Users\Amar\AppData\Local\{504D41A7-5467-424F-BF52-2A2F4EB85207}
2016-11-11 14:26 - 2016-11-11 14:26 - 000000000 _____ () C:\Users\Amar\AppData\Local\{79C96F4C-FD07-4039-8A40-42F8A3753A40}
2017-08-23 12:58 - 2017-08-23 12:58 - 000005095 _____ () C:\Users\Amar\AppData\Local\Temp\C4XG9259B958.exe
2017-08-22 09:09 - 2017-08-22 09:09 - 001984204 _____ () C:\Users\Amar\AppData\Local\Temp\setup.dll
2017-08-23 12:38 - 2017-08-23 12:38 - 000374181 _____ (WeMonetize ) C:\Users\Amar\AppData\Local\Temp\UGJB2NB.exe
C:\Program Files (x86)\Common Files\CofHottough
C:\Program Files (x86)\CinemaP-1.9cV09.07
C:\Users\Amar\AppData\Roaming\Event Monitor
C:\ProgramData\TymraSaq


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Poslao: 23 Avg 2017 18:16
Idi na vrh
offline
  • Pridružio: 11 Okt 2014
  • Poruke: 362

Napisano: 23 Avg 2017 17:54

[Link mogu videti samo ulogovani korisnici]

Dopuna: 23 Avg 2017 17:57

I dalje ne mogu da pretražujem u browseru

Dopuna: 23 Avg 2017 19:16

Fixlog:

[Link mogu videti samo ulogovani korisnici]

Poslao: 23 Avg 2017 18:59
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Postavi mi nove FRST.txt i Addition.txt izvještaje (označi opciju Addition.txt kad opet pokreneš FRST).

Poslao: 24 Avg 2017 03:42
Idi na vrh
offline
  • Pridružio: 11 Okt 2014
  • Poruke: 362

FRST:
[Link mogu videti samo ulogovani korisnici]

Addition:
[Link mogu videti samo ulogovani korisnici]

Poslao: 24 Avg 2017 07:13
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateSystemRestore:
R2 UefGdstor; C:\Windows\system32\drivers\UefGdster.sys [198688 2015-09-29] () <==== ATTENTION
R2 AppCheckVersion; C:\Windows\SysWow64\AppCheckVersion.dll [478504 2017-08-23] ()
C:\Windows\system32\drivers\UefGdster.sys
C:\Windows\SysWow64\AppCheckVersion.dll
Task: {63D8D917-C7D6-472B-8443-67737B54A78C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
C:\Program Files (x86)\Microleaves


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).






Arrow Otvori CHrome i obriši ekstenziju Green Assistant.

Poslao: 24 Avg 2017 09:17
Idi na vrh
offline
  • Pridružio: 11 Okt 2014
  • Poruke: 362

Fixlog:

[Link mogu videti samo ulogovani korisnici]

Poslao: 24 Avg 2017 10:10
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Kakvo je sad stanje?



Arrow

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi 7z
Za Compression level odaberi Ultra (napomena: ako dobiješ grešku da nema dovoljno memorije, stavi na Maximum ili Normal)
Za Compression method stavi LZMA2 ili LZMA
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Compress Shared Files (pogledaj sliku dole)



Klikni na OK
Kada 7-Zip završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
[Link mogu videti samo ulogovani korisnici]

MyCity » Ambulanta -> Arhiva Ambulante » Virus mi je napao kompjuter

Ko je trenutno na forumu
 

Ukupno su 1153 korisnika na forumu :: 75 registrovanih, 7 sakrivenih i 1071 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 10x10.9, 357magnum, aleksmajstor, AMCXXL, Apok, Bane san, bankulen, bb929, bbogdan, bobomicek, Bosnjo, Bubimir, cakija, cojapop, Daba75, dendrit86, Djota1, DJUNTA, DonRumataEstorski, Draganeli, Džekson, eagle.rs, feanor, Feller, FOX, Gaga_89, Hans Gajger, hyla, ivanhoe31, Jakonjveliki, jon istvan, Kamov, kihot, KizJ, Knovakov, kunktator, Leonov, Levi, liki83, Ljusa, MarijaC84, mile.ilic75, miodrag, mir, Mitch22, mjovan, mkukoleca, mnn2, moldway, monomah, nikolapetkovic, ozzy, Paklenica, Parker, proka89, Radio operater, royst33, ruma, shaja1, Sharpshooter, Singidunumac, stegonosa, Stoilkovic, tmanda323, tritonus, vathra, vidra1, Vlada76, Vladimir O., Vojkan Petrovic, VX1, x78186, zixo, zokilivac, zrno