Možda tražite i:
Provera racunara da li je zarazen
Provera racunara
Provera racunara
Provera racunara matoraca

MyCity » Ambulanta -> Arhiva Ambulante » Provera računara

Provera računara

Napisano na dan: 7.1.2016

Provera računara

Sledeća strana

Pagination

Odgovori

Srki94 Poslao: 07 Jan 2016 21:50 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12403	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ovo je ujakov računar. Imam pristup preko Team Viewera, pa se može desiti da ne mogu odmah odgovoriti ovde. Računar je bio u očajnom stanju. Nije bilo mesta uopšte na sistemskoj particiji, užas RAM usage itd. Očistio sam koliko sam mogao, zatim sam odradio AdwCleaner skeniranje i čišćenje a potom i MBAM proveru, koja je pronašla više od 1400 fajlova. Četiri fajla su okategorisana kao malware, ostalo je bilo PUP. Jedan od malware-a je imao Crypt u naslovu. Sve fajlove sam ubacio u karantin. Logovi obe aplikacije dostavljeni na kraju posta. Možete li da proverite da li je računar čist ? Hvala Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-01-2015 Ran by WinPC (administrator) on WINPC-PC (07-01-2016 21:37:34) Running from C:\Users\WinPC\Downloads Loaded Profiles: WinPC & UpdatusUser (Available Profiles: WinPC & UpdatusUser) Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2709602766-4069072662-2468216849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\MONSTE~1.SCR [401184 2014-03-05] (MacSourcery) HKU\S-1-5-21-2709602766-4069072662-2468216849-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 185.34.94.6 8.8.8.8 Tcpip\..\Interfaces\{8BDB1096-588E-47C7-A535-5F4185F37BC1}: [DhcpNameServer] 185.34.94.6 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2709602766-4069072662-2468216849-1000 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2709602766-4069072662-2468216849-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-07] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-07] (Google Inc.) FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [not found] FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\587fea1b-1c76-43c0-8b29-3c3da78e2485@2309207e-4ba6-42d8-b8a2-3b0a22e052b5.com [not found] FF Extension: HulaToo 1.0.1 - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\{c933aa85-a419-42da-9957-2f32a4c0601a}.xpi [2015-12-24] [not signed] Chrome: ======= CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/" CHR Profile: C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07] CHR Extension: (YouTube) - C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07] CHR Extension: (Google Search) - C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07] CHR Extension: (Google Docs Offline) - C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-07] CHR Extension: (Gmail) - C:\Users\WinPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1141888 2010-12-01] (NXP Semiconductors Germany GmbH) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation) S1 MpKsl17f9025a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsl17f9025a.sys [X] S1 MpKsl18f71757; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsl18f71757.sys [X] S1 MpKsl5c8bf4dd; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsl5c8bf4dd.sys [X] S1 MpKsl927ac991; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsl927ac991.sys [X] S1 MpKsl9cab9dad; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsl9cab9dad.sys [X] S1 MpKslbb500f52; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKslbb500f52.sys [X] S1 MpKslc525609e; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKslc525609e.sys [X] S1 MpKslcd53d0c1; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKslcd53d0c1.sys [X] S1 MpKsle75273f0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACD4F202-87EF-4344-A954-73CD609F9688}\MpKsle75273f0.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-07 21:37 - 2016-01-07 21:38 - 00010799 _____ C:\Users\WinPC\Downloads\FRST.txt 2016-01-07 21:37 - 2016-01-07 21:37 - 00000000 ____D C:\FRST 2016-01-07 21:36 - 2016-01-07 21:36 - 01721856 _____ (Farbar) C:\Users\WinPC\Downloads\FRST.exe 2016-01-07 21:27 - 2016-01-07 21:27 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-01-07 21:27 - 2016-01-07 21:27 - 00000917 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-01-07 20:25 - 2016-01-07 20:25 - 00000000 ____D C:\Windows\TempBAD13626-E3C9-4F34-CE1E-23AEDAD6C13E-Signatures 2016-01-07 19:52 - 2016-01-07 19:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-07 19:51 - 2016-01-07 19:51 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-07 19:51 - 2016-01-07 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-07 19:51 - 2016-01-07 19:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-01-07 19:51 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-07 19:51 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-07 19:51 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-07 19:50 - 2016-01-07 19:50 - 22908888 _____ (Malwarebytes ) C:\Users\WinPC\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-25 08:00 - 2015-12-25 08:15 - 00000000 ____D C:\AdwCleaner 2015-12-25 06:36 - 2015-12-25 06:36 - 00000000 ____D C:\Windows\system32\appmgmt 2015-12-25 06:16 - 2015-12-25 06:16 - 00007606 _____ C:\Users\WinPC\AppData\Local\Resmon.ResmonCfg 2015-12-25 06:11 - 2016-01-07 21:27 - 00000000 ____D C:\Users\WinPC\AppData\Roaming\TeamViewer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-07 21:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows 2016-01-07 21:29 - 2014-01-03 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-07 21:28 - 2014-01-03 16:41 - 00000000 ____D C:\Program Files\TeamViewer 2016-01-07 20:58 - 2014-01-03 16:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-07 20:58 - 2014-01-03 16:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-07 20:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-07 20:56 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-07 20:52 - 2014-10-31 11:24 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-01-07 20:51 - 2014-01-03 17:17 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-07 20:51 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-07 20:51 - 2009-07-14 05:33 - 00278200 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-07 20:47 - 2015-02-13 10:05 - 00000000 ____D C:\Program Files\cOPunke 2016-01-07 20:47 - 2015-02-13 10:05 - 00000000 ____D C:\Program Files\coopuunk 2016-01-07 20:47 - 2014-06-03 19:09 - 00000000 ____D C:\Program Files\MiniGet 2016-01-07 20:33 - 2014-01-03 16:51 - 00062376 _____ C:\Users\WinPC\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-07 20:33 - 2014-01-03 16:45 - 00002113 _____ C:\Windows\epplauncher.mif 2016-01-07 20:30 - 2014-01-03 16:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-01-07 20:30 - 2014-01-03 16:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-01-07 20:24 - 2014-01-03 16:39 - 00000000 ____D C:\Users\WinPC\AppData\Local\Google 2016-01-07 19:51 - 2014-01-03 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-07 19:50 - 2014-01-03 17:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-01-07 19:49 - 2015-01-09 09:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-01-07 19:46 - 2014-01-03 16:40 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-25 08:19 - 2014-01-03 18:53 - 00000000 ____D C:\Users\UpdatusUser 2015-12-25 08:16 - 2014-01-03 16:28 - 00000000 ____D C:\Users\WinPC 2015-12-25 08:16 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System 2015-12-25 07:48 - 2014-04-18 18:35 - 00000000 ____D C:\Users\WinPC\AppData\LocalLow\{82CFC398-7389-1BDA-7161-BC8BFCADE5BF} 2015-12-25 06:37 - 2014-01-03 16:39 - 00000000 ____D C:\Program Files\Google 2015-12-25 06:35 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew 2015-12-25 06:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-12-25 06:35 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-25 06:32 - 2015-02-13 10:05 - 00000000 ____D C:\ProgramData\8837492880182202090UL 2015-12-25 06:30 - 2014-04-18 18:33 - 00000000 ____D C:\Users\WinPC\AppData\LocalLow\{392415B0-17A0-CAED-0F40-78753AFB05DB} 2015-12-25 06:18 - 2014-01-03 16:51 - 00000000 ____D C:\Users\WinPC\AppData\Roaming\Skype 2015-12-25 06:15 - 2014-01-03 16:33 - 00006178 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-24 08:49 - 2009-07-14 03:04 - 00000585 _____ C:\Windows\win.ini 2015-12-09 04:39 - 2014-01-03 16:46 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-05-16 02:17 - 2015-09-15 03:54 - 0000079 _____ () C:\Program Files\prefs.js 2015-12-25 06:16 - 2015-12-25 06:16 - 0007606 _____ () C:\Users\WinPC\AppData\Local\Resmon.ResmonCfg 2014-04-24 19:01 - 2014-05-06 19:56 - 0000040 _____ () C:\ProgramData\spds90.txt Some files in TEMP: ==================== C:\Users\WinPC\AppData\Local\Temp\gsgs32.exe C:\Users\WinPC\AppData\Local\Temp\sqlite3.dll C:\Users\WinPC\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-27 06:16 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png Malwarebytes Log : https://www.mycity.rs/must-login.png AdwCleaner Logovi : https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 08 Jan 2016 15:41 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! FRST nije pokrenut sa Desktopa. Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [not found] FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\587fea1b-1c76-43c0-8b29-3c3da78e2485@2309207e-4ba6-42d8-b8a2-3b0a22e052b5.com [not found] FF Extension: HulaToo 1.0.1 - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\{c933aa85-a419-42da-9957-2f32a4c0601a}.xpi [2015-12-24] [not signed] CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/" Task: {E39A301A-AEA2-4216-8FB1-E10EC147D740} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {F5C331CD-FF66-4F0D-AFC8-9CA8B4EAEE75} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader FirewallRules: [{E835D373-47B2-402D-A83B-039125117801}] => (Allow) C:\Users\WinPC\Downloads\CodecPerformerSetup.exe FirewallRules: [{D432770E-EB8E-4E28-B14D-B6E618DB14F1}] => (Allow) C:\Users\WinPC\Downloads\CodecPerformerSetup.exe C:\Program Files\cOPunke C:\Program Files\coopuunk C:\Program Files\Common Files\System\SysMenu.dll C:\Users\WinPC\AppData\Roaming\SkypEmoticons C:\Program Files\YTDownloader C:\Program Files\prefs.js C:\Users\WinPC\Downloads\CodecPerformerSetup.exe EmptyTemp: U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

Srki94 Poslao: 08 Jan 2016 18:28 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12403	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moja greška za pokretanje van Desktopa. Fix result of Farbar Recovery Scan Tool (x86) Version:07-01-2015 Ran by WinPC (2016-01-08 18:22:07) Run:1 Running from C:\Users\WinPC\Desktop Loaded Profiles: WinPC & UpdatusUser (Available Profiles: WinPC & UpdatusUser) Boot Mode: Normal ============================================== fixlist content: *************** CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [not found] FF Extension: No Name - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\587fea1b-1c76-43c0-8b29-3c3da78e2485@2309207e-4ba6-42d8-b8a2-3b0a22e052b5.com [not found] FF Extension: HulaToo 1.0.1 - C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\{c933aa85-a419-42da-9957-2f32a4c0601a}.xpi [2015-12-24] [not signed] CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/" Task: {E39A301A-AEA2-4216-8FB1-E10EC147D740} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {F5C331CD-FF66-4F0D-AFC8-9CA8B4EAEE75} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader FirewallRules: [{E835D373-47B2-402D-A83B-039125117801}] => (Allow) C:\Users\WinPC\Downloads\CodecPerformerSetup.exe FirewallRules: [{D432770E-EB8E-4E28-B14D-B6E618DB14F1}] => (Allow) C:\Users\WinPC\Downloads\CodecPerformerSetup.exe C:\Program Files\cOPunke C:\Program Files\coopuunk C:\Program Files\Common Files\System\SysMenu.dll C:\Users\WinPC\AppData\Roaming\SkypEmoticons C:\Program Files\YTDownloader C:\Program Files\prefs.js C:\Users\WinPC\Downloads\CodecPerformerSetup.exe EmptyTemp: *************** "HKLM\SOFTWARE\Policies\Google" => key removed successfully. C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com => path removed successfully. C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\587fea1b-1c76-43c0-8b29-3c3da78e2485@2309207e-4ba6-42d8-b8a2-3b0a22e052b5.com => path removed successfully. C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\{c933aa85-a419-42da-9957-2f32a4c0601a}.xpi => moved successfully C:\Users\WinPC\AppData\Roaming\Mozilla\Firefox\Profiles\tjeephz4.default\extensions\{c933aa85-a419-42da-9957-2f32a4c0601a}.xpi => path removed successfully. Chrome StartupUrls => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E39A301A-AEA2-4216-8FB1-E10EC147D740}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E39A301A-AEA2-4216-8FB1-E10EC147D740}" => key removed successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5C331CD-FF66-4F0D-AFC8-9CA8B4EAEE75}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5C331CD-FF66-4F0D-AFC8-9CA8B4EAEE75}" => key removed successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se => key removed successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader => key removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E835D373-47B2-402D-A83B-039125117801} => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D432770E-EB8E-4E28-B14D-B6E618DB14F1} => value removed successfully. C:\Program Files\cOPunke => moved successfully C:\Program Files\coopuunk => moved successfully "C:\Program Files\Common Files\System\SysMenu.dll" => not found. "C:\Users\WinPC\AppData\Roaming\SkypEmoticons" => not found. "C:\Program Files\YTDownloader" => not found. C:\Program Files\prefs.js => moved successfully "C:\Users\WinPC\Downloads\CodecPerformerSetup.exe" => not found. EmptyTemp: => 6.4 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 18:23:30 ====

Profil

Sass Drake Poslao: 08 Jan 2016 18:32 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

Srki94 Poslao: 08 Jan 2016 19:48 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12403	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.01.08.04 rootkit: v2016.01.05.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 WinPC :: WINPC-PC [administrator] 1/8/2016 18:39:20 mbar-log-2016-01-08 (18-39-20).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 355393 Time elapsed: 44 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 09 Jan 2016 00:37 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nepoželjne apliakcije smo uklonili. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja. Taj računar ima samo 1GiB RAM-a pa bi trebalo razmotriti ubacvanje još RAM-a. Preporučujem ti da instaliraš Service Pack 1 za tvoj Windows 7 operativni sistem. Možeš ga preuzeti sa ovog linka: Windows 7 SP1 x86

Profil

Srki94 Poslao: 10 Jan 2016 19:22 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12403	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! # DelFix v1.011 - Logfile created 10/01/2016 at 19:17:16 # Updated 18/08/2015 by Xplode # Username : WinPC - WINPC-PC # Operating System : Windows 7 Ultimate (32 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\WinPC\Desktop\mbar Deleted : C:\Users\WinPC\Desktop\Fixlog.txt Deleted : C:\Users\WinPC\Desktop\FRST.exe Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #231 [Windows Update \| 01/10/2016 17:31:02] New restore point created ! ########## - EOF - ########## Instaliraću im SP1 a nadogradnja RAM-a zavisi od njih. Već sam predložio to kao rešenje "tromog rada". Hvala Sass,

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera računara

Ko je trenutno na forumu

Ukupno su 1205 korisnika na forumu :: 17 registrovanih, 3 sakrivenih i 1185 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Arsenije, BraneS, brundo65, dragoljub11987, Istman, kinez88, Kriglord, kybonacci, Lazarus, m0nstrum_, mercedesamg, milos.cbr, Milos1389, Panter, Regrut Boskica, zastavnik

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by