SIREFEF - računar se restartuje za minut

3

SIREFEF - računar se restartuje za minut

offline
  • kubeti  Male
  • Novi MyCity građanin
  • Pridružio: 15 Avg 2012
  • Poruke: 16

Napisano: 15 Avg 2012 17:49

Farbar Service Scanner Version: 06-08-2012
Ran by Sale (administrator) on 15-08-2012 at 17:47:42
Running from "C:\Users\Sale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Dopuna: 15 Avg 2012 17:52

Vidim da kad sam malopre skenirao Action Center i Windows Update pise da ne radi... možda sam brzo skenirao, pre nego što se potpuno digao Windows. Evo minut kasnije.

Farbar Service Scanner Version: 06-08-2012
Ran by Sale (administrator) on 15-08-2012 at 17:51:28
Running from "C:\Users\Sale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Dopuna: 15 Avg 2012 17:59

Molim te pogledaj još jednom, možda moram samo za defender da pokrenem. Ponovo sam skenirao minut posle.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Aha, nisam video tvoju drugu poruku:

Preuzmi ovaj file i pokreni ga dvoklikom kao i prosli sto si. Restartuj racunar.
https://www.mycity.rs/must-login.png

Arrow Postavi mi svez FSS.txt log ( sacekaj da se windows ucita Razz )

offline
  • kubeti  Male
  • Novi MyCity građanin
  • Pridružio: 15 Avg 2012
  • Poruke: 16

Napisano: 15 Avg 2012 18:02

Defender mi je iključen verovatno jer imam MSE. Kad hocu da ga pokrenem kaže:
Ako koristite neki drugi program za otkrivanje štetnog ili neželjenog softvera, proverite status tog programa pomoću centra aktivnosti.
Ako želite da koristite ovaj program, možete ga uključiti. Kliknite ovde da biste ga uključili.

Ne znam da li je isključen zbog MSE ili Malwarebytes Anti-Malware.

Dopuna: 15 Avg 2012 18:08

Farbar Service Scanner Version: 06-08-2012
Ran by Sale (administrator) on 15-08-2012 at 18:08:09
Running from "C:\Users\Sale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Dopuna: 15 Avg 2012 18:10

Kada kliknem da uključim defender piše:
Nije moguće pokrenuti uslugu zato što je onemogućena ili zato što nema omogućenih uređaja koji su povezani sa njom. (Kod greške: 0x80070422)

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Hajde probaj rucno da ga ukljucis.

Start > Run ( ili mozes koristiti polje za pretragu ) upisi:

services.msc

Enter

Ne diraj ostale servise!
- Pronadji Windows Defender
- Desni klik, izaberi Properties
- Pod sturtup type: izaberi Automatic
- Apply pa Ok

Slika:

offline
  • kubeti  Male
  • Novi MyCity građanin
  • Pridružio: 15 Avg 2012
  • Poruke: 16

Probao sam i neće. Stavio sam automatik i nije htelo, pa sam restartovao kompjuter i otišao da vidim kad ono piše manual. Pod description piše: <Failed to Read Description. Error Code: 1168 > .

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Hm...u redu, hajde da probamo ovako:

Arrow Napravi novu system restore tacku. Napravi vise tacaka za svaki slucaj.


- Start u polje za pretragu ukucaj/kopiraj create a restore point i pritisni Enter
- Klik na Create
- Upisi neki naziv i klikni na Create
- Na prozor koji ti izbaci klik na Close

// kreiraj vise tacaka.


Arrow Preuzmi ova dva fajla na Desktop. Pokreni ih jedan po jedan kao i prosle sto si. Klik na Yes/Ok. Restartuj racuanar.
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png


Arrow Ponovo pokreni FSS i postavi mi svez FSS.txt log

offline
  • kubeti  Male
  • Novi MyCity građanin
  • Pridružio: 15 Avg 2012
  • Poruke: 16

Ne mogu prvi reg fajl da pokrenem. Error accessing the registry.
Da li da nastavim sa drugim?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

kubeti ::Ne mogu prvi reg fajl da pokrenem. Error accessing the registry.
Da li da nastavim sa drugim?


Gledaj, proverih, vrlo je moguce da je MSE iskljucio WinDef. Ja po logovima samo mogu da vidim da je iskljucen. Ne da li je to iskljucio ZeroAccess rootkit ili MSE Smile

-------------------------------


Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Potrebno je deinstalirati AVZ Antiviral Toolkit.
Pokreni AVZ (dvoklikom na ikonicu);

U meniju izaberi File>Standard Scripts;

U prozoru koji se otvori štikliraj opciju 6 i klikni na Execute Selected Scripts;

Klikni Yes;

Po završetku postupka dobićeš obaveštenje: Script Executed;

Izađi iz programa i obriši folder gde je program raspakovan.



***********************


Arrow Reci mi kako ti se racunar sad ponasa?

offline
  • kubeti  Male
  • Novi MyCity građanin
  • Pridružio: 15 Avg 2012
  • Poruke: 16

Odlično se ponaša. Hvala ti na pomoći.
Hteo bih da te pitam da li je dovoljno što imam MSE i Malwarebytes Anti-Malware i da li bi mogao da mi preporučiš neki program za skeniranje USB-a da slučajna tako ne pokupim nešto?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

kubeti ::Odlično se ponaša. Hvala ti na pomoći.
Nema na cemu. Wink

Ostaje ti da odradis jos ovo:
Ponovo pokreni OTL i klikni na CleanUp! dugme


Citat:Hteo bih da te pitam da li je dovoljno što imam MSE i Malwarebytes Anti-Malware...
Antivirus + antimalware...sasvim dovoljna kombinacija. Wink
Za vise informacija mozes se obratiti u ovom forumu:
http://www.mycity.rs/Zastita

Citat: i da li bi mogao da mi preporučiš neki program za skeniranje USB-a da slučajna tako ne pokupim nešto?

Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka.
Više o njemu ovde.
Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html


To je to Ziveli

Ko je trenutno na forumu
 

Ukupno su 746 korisnika na forumu :: 31 registrovanih, 8 sakrivenih i 707 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., bbogdan, bigfoot, cavatina, FileFinder, Fog of War, Joja, kairos, kunktator, mercedesamg, Mercury, mnn2, nenad81, pein, procesor, proka89, raptorsi, royst33, S2M, slonic_tonic, styg, Tas011, theNedjeljko, Vatrogasaccc, vlad the impaler, vranjanac29, vsn111, Zandar, zdrebac, Zoca, |_MeD_|