Provera starog Laptopa

Provera starog Laptopa

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Lapto je od mog prijatelja,dosta spor i mnoogo mi je zamorno
problem je crni ekran nevide se ikone ima samo kursor.
Kombinacijom tastera ctrl sift esc pojavljuje se task manager gde upisujem explorer.
Tad se pojavljuju ikone i radi .
Ne mogu pokrenuti task manager,regeditor...nikako ne uspevam
Proverite log.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-03-2020
Ran by Admin (administrator) on ADMIN-PC (Dell Inc. MP061) (31-03-2020 18:15:10)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate (X86) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Admin\AppData\Local\lsass.exe
() [File not signed] C:\Users\Admin\AppData\Local\services.exe
() [File not signed] C:\Users\Admin\AppData\Local\winlogon.exe
(Creative Labs) [File not signed] C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Windows\System32\stacsv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [112319 2010-10-26] () [File not signed]
HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe"
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Admin\AppData\Local\smss.exe [112319 2010-10-26] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\MountPoints2: {090c7be5-c896-11de-8bf8-806e6f6e6963} - hbcd\wintools\autorun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2010-10-26] () [File not signed]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-06-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {128F6E48-E8D8-4BA1-94CF-E55C9B971B96} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3681745E-BA87-4537-9C3E-858E822E59D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {71984B72-DE7A-4D01-90ED-A878685D2CCE} - System32\Tasks\At1 => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com [112319 2010-10-26] () [File not signed] <==== ATTENTION
Task: {999DE504-E5E8-49EA-8ECC-20965CD23684} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-03-09] (Google Inc -> Google Inc.)
Task: {BE212CB1-9234-4D4F-897F-44382F2E008C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-03-09] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\At1.job => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: HTML script in Hosts detected. See Hosts section of Addition.txt <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 178.79.42.53 178.79.20.3
Tcpip\..\Interfaces\{19E583A0-ABFF-463D-AB28-7F70158A60A9}: [DhcpNameServer] 192.168.100.252 192.168.1.1
Tcpip\..\Interfaces\{6C6B0A41-8F4B-4C24-B219-E977D1836414}: [DhcpNameServer] 178.79.42.53 178.79.20.3

Internet Explorer:
==================
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-11] (Oracle America, Inc. -> Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pmlunteb.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pmlunteb.default [2020-03-31]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-11] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2020-03-31]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.srbijadanas.com
CHR Extension: (Презентације) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-09]
CHR Extension: (Документи) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-09]
CHR Extension: (Google диск) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-09]
CHR Extension: (Табеле) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-09]
CHR Extension: (Google документи офлајн) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-03-18]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-23]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-31]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [720896 2008-12-01] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2018-06-30] (Creative Labs) [File not signed]
R2 STacSV; C:\Windows\system32\STacSV.exe [102400 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4179968 2008-12-01] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [16384 2013-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [87552 2013-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
R2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [48128 2009-09-07] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [44544 2009-09-15] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdptsk.sys [46592 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2006-11-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [330240 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-31 18:15 - 2020-03-31 18:17 - 000013426 _____ C:\Users\Admin\Desktop\FRST.txt
2020-03-31 18:15 - 2020-03-31 18:15 - 000003189 _____ C:\Users\Admin\AppData\Local\Update.12.Bron.Tok.bin
2020-03-31 18:14 - 2020-03-31 18:16 - 000000000 ____D C:\FRST
2020-03-31 18:03 - 2020-03-31 18:03 - 002008064 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2020-03-31 17:53 - 2020-03-31 18:09 - 000000000 ____D C:\Users\Admin\AppData\Local\Loc.Mail.Bron.Tok
2020-03-31 17:53 - 2020-03-31 17:53 - 000000051 _____ C:\Users\Admin\AppData\Local\Kosong.Bron.Tok.txt
2020-03-31 17:48 - 2020-03-31 17:50 - 003137664 _____ (ESET) C:\Users\Admin\Downloads\eset_smart_security_live_installer.exe
2020-03-31 17:44 - 2020-03-31 17:44 - 000003189 _____ C:\Users\Admin\AppData\Local\Bron.tok.A12.em.bin
2020-03-31 17:22 - 2020-03-31 17:22 - 000001882 _____ C:\Windows\system32\Tasks\At1
2020-03-31 17:22 - 2020-03-31 17:22 - 000000434 _____ C:\Windows\Tasks\At1.job
2020-03-31 17:22 - 2020-03-31 17:22 - 000000000 ____D C:\Users\Admin\AppData\Local\Bron.tok-12-31
2020-03-31 15:45 - 2020-03-31 15:45 - 000000000 ____D C:\Users\Admin\AppData\Local\mbamtray
2020-03-31 15:45 - 2020-03-31 15:45 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2020-03-31 15:45 - 2020-03-31 15:45 - 000000000 ____D C:\Users\Admin\AppData\Local\cache
2020-03-31 15:42 - 2020-03-31 15:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-31 15:41 - 2020-03-31 15:41 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-31 15:40 - 2020-03-31 15:40 - 001928352 _____ (Malwarebytes) C:\Users\Admin\Downloads\MBSetup-0009996.0009996-consumer.exe
2020-03-31 15:16 - 2020-03-31 15:16 - 000000000 __RSH C:\MSDOS.SYS
2020-03-31 15:16 - 2020-03-31 15:16 - 000000000 __RSH C:\IO.SYS
2020-03-31 14:49 - 2020-03-31 16:40 - 000002810 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-03-31 14:49 - 2020-03-31 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-03-31 14:49 - 2020-03-31 14:49 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-03-31 14:49 - 2020-03-31 14:49 - 000000976 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-03-31 14:49 - 2020-03-31 14:49 - 000000976 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-03-31 14:49 - 2020-03-31 14:49 - 000000000 ____D C:\Program Files\CCleaner
2020-03-31 14:47 - 2020-03-31 14:47 - 022267336 _____ (Piriform Software Ltd) C:\Users\Admin\Downloads\ccsetup565.exe
2020-03-29 19:46 - 2020-03-29 19:46 - 000003189 _____ C:\Users\Admin\AppData\Local\ListHost12.txt
2020-03-29 19:27 - 2020-03-29 19:27 - 000000000 ____D C:\Users\Admin\AppData\Local\Ok-SendMail-Bron-tok
2020-03-20 20:51 - 2020-03-18 17:01 - 000000059 ____N C:\Users\Admin\AppData\Local\NetMailTmp.bin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-01 00:23 - 2018-06-01 21:35 - 000000000 ____D C:\Users\Admin\Documents\OneNote Notebooks
2020-04-01 00:23 - 2018-03-11 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-01 00:23 - 2018-03-11 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2020-04-01 00:23 - 2018-03-11 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2020-04-01 00:23 - 2018-03-10 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-04-01 00:23 - 2009-07-14 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-04-01 00:22 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2020-03-31 18:14 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2020-03-31 18:09 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-31 18:09 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-31 17:44 - 2009-07-14 09:48 - 000000000 ___RD C:\Users\Public\Recorded TV
2020-03-31 17:44 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries
2020-03-31 17:42 - 2018-03-11 11:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BSplayer Pro
2020-03-31 17:42 - 2018-03-11 11:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BSplayer
2020-03-31 17:39 - 2018-03-11 12:11 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2020-03-31 17:28 - 2009-11-03 18:39 - 000717892 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-31 17:27 - 2009-11-03 18:34 - 000000000 ____D C:\Users\Admin
2020-03-31 17:22 - 2009-07-14 09:49 - 000000000 ____D C:\Windows\ShellNew
2020-03-31 17:22 - 2009-07-14 04:04 - 000000007 ___SH C:\autoexec.bat
2020-03-31 17:20 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-31 16:40 - 2019-02-19 07:00 - 000000000 ____D C:\Temp
2020-03-31 16:11 - 2018-03-18 12:44 - 000000000 ____D C:\Users\Admin\AppData\Roaming\MPC-HC
2020-03-31 16:10 - 2018-03-10 13:46 - 000000000 ____D C:\Users\Admin\AppData\Roaming\DRPSu
2020-03-31 14:52 - 2009-11-04 09:28 - 000000000 ____D C:\Windows\Panther
2020-03-31 13:19 - 2009-07-14 06:53 - 000032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-03-31 12:16 - 2009-11-03 18:48 - 000004294 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{3C8D1FDD-F22B-4A16-AA83-26BAD0D59523}
2020-03-25 20:47 - 2018-03-13 21:17 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2020-03-25 20:47 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2020-03-23 20:56 - 2018-03-09 21:52 - 000003410 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-23 20:56 - 2018-03-09 21:52 - 000003282 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-18 19:50 - 2018-03-09 22:00 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\Admin.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default User\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Public\Public.exe
2020-03-31 17:44 - 2020-03-31 17:44 - 000003189 _____ () C:\Users\Admin\AppData\Local\Bron.tok.A12.em.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\csrss.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\inetinfo.exe
2020-03-31 17:53 - 2020-03-31 17:53 - 000000051 _____ () C:\Users\Admin\AppData\Local\Kosong.Bron.Tok.txt
2020-03-29 19:46 - 2020-03-29 19:46 - 000003189 _____ () C:\Users\Admin\AppData\Local\ListHost12.txt
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\Local.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\lsass.exe
2020-03-06 00:27 - 2019-08-20 13:40 - 000024623 ____N () C:\Users\Admin\AppData\Local\NetMailTmp.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\services.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\smss.exe
2020-03-31 18:15 - 2020-03-31 18:15 - 000003189 _____ () C:\Users\Admin\AppData\Local\Update.12.Bron.Tok.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 ____N () C:\Users\Admin\AppData\Local\winlogon.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-03-29 16:59
==================== End of FRST.txt ========================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10517
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

() [File not signed] C:\Users\Admin\AppData\Local\lsass.exe
() [File not signed] C:\Users\Admin\AppData\Local\services.exe
() [File not signed] C:\Users\Admin\AppData\Local\winlogon.exe
HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [112319 2010-10-26] () [File not signed]
HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe"
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Admin\AppData\Local\smss.exe [112319 2010-10-26] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\Explorer: [NoFolderOptions] 1
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2010-10-26] () [File not signed]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]
Task: {71984B72-DE7A-4D01-90ED-A878685D2CCE} - System32\Tasks\At1 => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com [112319 2010-10-26] () [File not signed] <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\Admin.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default User\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Public\Public.exe
2020-03-31 17:44 - 2020-03-31 17:44 - 000003189 _____ () C:\Users\Admin\AppData\Local\Bron.tok.A12.em.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\csrss.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\inetinfo.exe
2020-03-31 17:53 - 2020-03-31 17:53 - 000000051 _____ () C:\Users\Admin\AppData\Local\Kosong.Bron.Tok.txt
2020-03-29 19:46 - 2020-03-29 19:46 - 000003189 _____ () C:\Users\Admin\AppData\Local\ListHost12.txt
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\Local.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\lsass.exe
2020-03-06 00:27 - 2019-08-20 13:40 - 000024623 ____N () C:\Users\Admin\AppData\Local\NetMailTmp.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\services.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\smss.exe
2020-03-31 18:15 - 2020-03-31 18:15 - 000003189 _____ () C:\Users\Admin\AppData\Local\Update.12.Bron.Tok.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 ____N () C:\Users\Admin\AppData\Local\winlogon.exe
C:\Windows\eksplorasi.exe
C:\Users\Admin\AppData\Local\winlogon.exe
C:\Users\Admin\AppData\Local\services.exe
C:\Users\Admin\AppData\Local\lsass.exe
C:\Windows\ShellNew\sempalong.exe
C:\Users\Admin\AppData\Local\smss.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com
Hosts:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-03-2020
Ran by Admin (01-04-2020 15:00:55) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
() [File not signed] C:\Users\Admin\AppData\Local\lsass.exe
() [File not signed] C:\Users\Admin\AppData\Local\services.exe
() [File not signed] C:\Users\Admin\AppData\Local\winlogon.exe
HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [112319 2010-10-26] () [File not signed]
HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe"
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Admin\AppData\Local\smss.exe [112319 2010-10-26] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\...\Policies\Explorer: [NoFolderOptions] 1
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2010-10-26] () [File not signed]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe [2010-10-26] () [File not signed]
Task: {71984B72-DE7A-4D01-90ED-A878685D2CCE} - System32\Tasks\At1 => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com [112319 2010-10-26] () [File not signed] <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\Admin.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Default User\Default.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Public\Public.exe
2020-03-31 17:44 - 2020-03-31 17:44 - 000003189 _____ () C:\Users\Admin\AppData\Local\Bron.tok.A12.em.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\csrss.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\inetinfo.exe
2020-03-31 17:53 - 2020-03-31 17:53 - 000000051 _____ () C:\Users\Admin\AppData\Local\Kosong.Bron.Tok.txt
2020-03-29 19:46 - 2020-03-29 19:46 - 000003189 _____ () C:\Users\Admin\AppData\Local\ListHost12.txt
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\Local.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\lsass.exe
2020-03-06 00:27 - 2019-08-20 13:40 - 000024623 ____N () C:\Users\Admin\AppData\Local\NetMailTmp.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\services.exe
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 _____ () C:\Users\Admin\AppData\Local\smss.exe
2020-03-31 18:15 - 2020-03-31 18:15 - 000003189 _____ () C:\Users\Admin\AppData\Local\Update.12.Bron.Tok.bin
2011-02-23 09:29 - 2010-10-26 18:30 - 000112319 ____N () C:\Users\Admin\AppData\Local\winlogon.exe
C:\Windows\eksplorasi.exe
C:\Users\Admin\AppData\Local\winlogon.exe
C:\Users\Admin\AppData\Local\services.exe
C:\Users\Admin\AppData\Local\lsass.exe
C:\Windows\ShellNew\sempalong.exe
C:\Users\Admin\AppData\Local\smss.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com
Hosts:
*****************

[2988] C:\Users\Admin\AppData\Local\lsass.exe => process closed successfully.
[2892] C:\Users\Admin\AppData\Local\services.exe => process closed successfully.
[2556] C:\Users\Admin\AppData\Local\winlogon.exe => process closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"="Explorer.exe" => value restored successfully
"HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus" => removed successfully.
"HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => removed successfully.
"HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD" => removed successfully.
"HKU\S-1-5-21-1723439397-1885709839-3481863300-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions" => removed successfully.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif => moved successfully
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71984B72-DE7A-4D01-90ED-A878685D2CCE} => not found
"C:\Windows\System32\Tasks\At1" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => not found
"C:\Windows\Tasks\At1.job" => not found
C:\Users\Admin\Admin.exe => moved successfully
C:\Users\Default\Default.exe => moved successfully
"C:\Users\Default User\Default.exe" => not found
C:\Users\Public\Public.exe => moved successfully
"C:\Users\Admin\AppData\Local\Bron.tok.A12.em.bin" => not found
C:\Users\Admin\AppData\Local\csrss.exe => moved successfully
C:\Users\Admin\AppData\Local\inetinfo.exe => moved successfully
C:\Users\Admin\AppData\Local\Kosong.Bron.Tok.txt => moved successfully
C:\Users\Admin\AppData\Local\ListHost12.txt => moved successfully
C:\Users\Admin\AppData\Local\Local.exe => moved successfully
C:\Users\Admin\AppData\Local\lsass.exe => moved successfully
C:\Users\Admin\AppData\Local\NetMailTmp.bin => moved successfully
C:\Users\Admin\AppData\Local\services.exe => moved successfully
C:\Users\Admin\AppData\Local\smss.exe => moved successfully
"C:\Users\Admin\AppData\Local\Update.12.Bron.Tok.bin" => not found
C:\Users\Admin\AppData\Local\winlogon.exe => moved successfully
"C:\Windows\eksplorasi.exe" => not found
"C:\Users\Admin\AppData\Local\winlogon.exe" => not found
"C:\Users\Admin\AppData\Local\services.exe" => not found
"C:\Users\Admin\AppData\Local\lsass.exe" => not found
"C:\Windows\ShellNew\sempalong.exe" => not found
"C:\Users\Admin\AppData\Local\smss.exe" => not found
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.


The system needed a reboot.

==== End of Fixlog 15:00:58 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10517
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Stanje odlično

Ko je trenutno na forumu
 

Ukupno su 627 korisnika na forumu :: 36 registrovanih, 7 sakrivenih i 584 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, A.R.Chafee.Jr., acatomic2, Apok, arsa, babaroga, Boris902, Botovac, darkangel2, draganca, dragisa dragisa, Drug pukovnik, GreenMan, HDMI, LUDI, Majstorr, MB120mm, Misha V, mladen.zovko, Oluj2.1, plavii, Raptor1, repac2, robertino2, rodoljub2, rovac, sergio88nis, Skijavoneska, sombrero, Srna, suton, Toni, vasa.93, voja64, yamato, zlaya011