|
|
|
Poslao: 25 Okt 2017 22:49
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.
VirusTotal: C:\ProgramData\efiLINQ\efiLINQ.exe
U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).
|
|
|
|
|
|
|
Poslao: 26 Okt 2017 08:47
|
offline
- Pridružio: 15 Feb 2006
- Poruke: 232
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Petar (26-10-2017 09:46:17) Run:1
Running from C:\Users\Petar\Desktop
Loaded Profiles: Petar (Available Profiles: Petar)
Boot Mode: Normal
==============================================
fixlist content:
*****************
VirusTotal: C:\ProgramData\efiLINQ\efiLINQ.exe
*****************
VirusTotal: C:\ProgramData\efiLINQ\efiLINQ.exe => https://www.virustotal.com/file/fe0ecd844393d78026.....508315156/
==== End of Fixlog 09:46:18 ====
|
|
|
|
|
|
|
Poslao: 26 Okt 2017 20:54
|
offline
- softwaremaniac
- AMF pripravnik
- Pridružio: 14 Jun 2016
- Poruke: 535
|
Pozdrav,
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\...\MountPoints2: {c6b0ac6c-4256-11e7-a0aa-507b9de8a88b} - "F:\timeUpdater.exe"
F:\timeUpdater.exe
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-10-26] () [File not signed]
C:\Windows\KMS-R@1n.exe
Task: {8956D2CF-6670-4051-A08F-ED4EF9039FDE} - System32\Tasks\KMSAuto => C:\WINDOWS\KMSAuto.exe [2015-04-18] (Ratiborus, MSFree Inc.)
Task: {A2841170-1557-4468-B6E2-D8B4AD2F2C87} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {EC966CAB-83C3-489B-B27F-749E642C5F8C} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2015-11-11] (Electronics For Imaging, Inc.) <==== ATTENTION
Task: {F6B765CD-D082-419A-AB24-9CA22B066A30} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
EmptyTemp:
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
|
|
|
Poslao: 27 Okt 2017 11:08
|
offline
- Pridružio: 15 Feb 2006
- Poruke: 232
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Petar (27-10-2017 12:01:23) Run:2
Running from C:\Users\Petar\Desktop
Loaded Profiles: Petar (Available Profiles: Petar)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\...\MountPoints2: {c6b0ac6c-4256-11e7-a0aa-507b9de8a88b} - "F:\timeUpdater.exe"
F:\timeUpdater.exe
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-10-26] () [File not signed]
C:\Windows\KMS-R@1n.exe
Task: {8956D2CF-6670-4051-A08F-ED4EF9039FDE} - System32\Tasks\KMSAuto => C:\WINDOWS\KMSAuto.exe [2015-04-18] (Ratiborus, MSFree Inc.)
Task: {A2841170-1557-4468-B6E2-D8B4AD2F2C87} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {EC966CAB-83C3-489B-B27F-749E642C5F8C} - System32\Tasks\LINQ_wxWidgets => C:\ProgramData\efiLINQ\efiLINQ.exe [2015-11-11] (Electronics For Imaging, Inc.) <==== ATTENTION
Task: {F6B765CD-D082-419A-AB24-9CA22B066A30} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
EmptyTemp:
*****************
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-3617313305-794614797-3256264849-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6b0ac6c-4256-11e7-a0aa-507b9de8a88b} => key removed successfully
HKLM\Software\Classes\CLSID\{c6b0ac6c-4256-11e7-a0aa-507b9de8a88b} => key not found.
"F:\timeUpdater.exe" => not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => key removed successfully
KMS-R@1n => Unable to stop service.
HKLM\System\CurrentControlSet\Services\KMS-R@1n => key removed successfully
KMS-R@1n => service removed successfully
C:\Windows\KMS-R@1n.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8956D2CF-6670-4051-A08F-ED4EF9039FDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8956D2CF-6670-4051-A08F-ED4EF9039FDE} => key removed successfully
C:\WINDOWS\System32\Tasks\KMSAuto => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAuto => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2841170-1557-4468-B6E2-D8B4AD2F2C87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2841170-1557-4468-B6E2-D8B4AD2F2C87} => key removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Office15ProPlus => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office15ProPlus => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC966CAB-83C3-489B-B27F-749E642C5F8C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC966CAB-83C3-489B-B27F-749E642C5F8C} => key removed successfully
C:\WINDOWS\System32\Tasks\LINQ_wxWidgets => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LINQ_wxWidgets => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6B765CD-D082-419A-AB24-9CA22B066A30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6B765CD-D082-419A-AB24-9CA22B066A30} => key removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8630140 B
Java, Flash, Steam htmlcache => 100278900 B
Windows/system/drivers => 201021012 B
Edge => 0 B
Chrome => 429594315 B
Firefox => 15202875 B
Opera => 12249913 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Petar => 5996863 B
RecycleBin => 0 B
EmptyTemp: => 744.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:03:03 ====
|
|
|
|
|
|
|
Poslao: 27 Okt 2017 22:50
|
offline
- softwaremaniac
- AMF pripravnik
- Pridružio: 14 Jun 2016
- Poruke: 535
|
Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish
Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.
• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.
Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.
Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.
• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.
Zatim:
Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Javi kakvo je stanje nakon ovoga.
|
|
|
|
|
|
|
|
|
|
|
Poslao: 29 Okt 2017 10:14
|
offline
- Pridružio: 15 Feb 2006
- Poruke: 232
|
Nije mnogo bolje ali je bolje. U svakom slučaju, hvala za sve ove intervencije koje ste mi napisali da odradim i bar po tom pitanju očistim računar.
Sad ću se posvetiti samom OS-u i aplikacijama, jer verujem da i tu ima što šta da se sredi.
Dakle, bolje je mada još uvek ne kao što je bilo.
|
|
|
|
|
|
|
|
Preuzmi "
Remove disinfection tools
