MyCity » Ambulanta -> Arhiva Ambulante » Sporo radi, muči se!

Sporo radi, muči se!

Napisano na dan: 11.1.2014
2

Sporo radi, muči se!
Pagination Prethodna strana

Idi na vrh

Poslao: 13 Jan 2014 00:12
Idi na vrh
offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 13 Jan 2014 0:04

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2014 01
Ran by DJ Sone at 2014-01-12 23:52:23 Run:1
Running from C:\Users\DJ Sone\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40F3819319EBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar
CHR Extension: (WebSite Recommendation) - C:\Users\DJ Sone\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\2.4_0 [2013-12-27]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
C:\Users\DJ Sone\AppData\Local\Temp\228425-662917-ashampoo-burning-studio-10.exe
C:\Users\DJ Sone\AppData\Local\Temp\AskSLib.dll
C:\Users\DJ Sone\AppData\Local\Temp\avgnt.exe
C:\Users\DJ Sone\AppData\Local\Temp\catchme.dll
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\DJ Sone\AppData\Local\Temp\instloffer.exe
C:\Users\DJ Sone\AppData\Local\Temp\nse55DE.tmp.exe
C:\Users\DJ Sone\AppData\Local\Temp\OCL56E4.tmp.dll
C:\Users\DJ Sone\AppData\Local\Temp\OCLA9A.tmp.dll
C:\Users\DJ Sone\AppData\Local\Temp\OCLDE2D.tmp.dll
C:\Users\DJ Sone\AppData\Local\Temp\OCLF101.tmp.dll
C:\Users\DJ Sone\AppData\Local\Temp\OCLFC66.tmp.dll
C:\Users\DJ Sone\AppData\Local\Temp\safeguard.exe
AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13
cmd: ipconfig /flushdns
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
C:\Program Files\AskPartnerNetwork\Toolbar => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj => Moved successfully.
APNMCP => Service deleted successfully.
C:\Users\DJ Sone\AppData\Local\Temp\228425-662917-ashampoo-burning-studio-10.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\catchme.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer-2.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\instloffer.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\nse55DE.tmp.exe => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\OCL56E4.tmp.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\OCLA9A.tmp.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\OCLDE2D.tmp.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\OCLF101.tmp.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\OCLFC66.tmp.dll => Moved successfully.
C:\Users\DJ Sone\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\ProgramData\TEMP => ":B3D74A13" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====
[Link mogu videti samo ulogovani korisnici]

Dopuna: 13 Jan 2014 0:12

A video sam da se nalazilo u System 32 neki Robot.exe.. Šta je to?
Virus, Trojanac, jel' bilo velikih problema?



Poslao: 13 Jan 2014 00:13
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ima li poboljsanja?



Poslao: 13 Jan 2014 00:54
Idi na vrh
offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Ima kako nema. Smile Sad sve radi bez problema. Na Google Chrome sam zaboravio bio načisto ali nisam ga brisao imao sam svašta nešto sačuvano na njemu, neke stranice. Video sam u ovim logovima da se javljao Google Chrome nešto, sve kad smo završili probao sam. Radi sve super! Smile
Hvala ti puno, vidim da si imao mnogo posla.

Poslao: 13 Jan 2014 14:08
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Taj robot je verovatno neka vrsta adware-a...

Imamo jos jednu rutinsku proveru pa smo gotovi.



Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.

Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

Poslao: 15 Jan 2014 09:24
Idi na vrh
offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 15 Jan 2014 9:19

Odrađeno! Slučajno sam se vratio na temu, mislio sam da je sve završeno. Smile
Log:


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-15 08:59:04
-----------------------------
08:59:04.959 OS Version: Windows 6.1.7600
08:59:04.959 Number of processors: 1 586 0x6B02
08:59:04.961 ComputerName: DJSONE-PC UserName: DJ Sone
08:59:06.043 Initialize success
09:04:20.857 AVAST engine defs: 14011401
09:04:30.911 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
09:04:30.914 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
09:04:30.917 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
09:04:30.920 Disk 1 Vendor: ST380815 3.AA Size: 76319MB BusType: 3
09:04:31.017 Disk 0 MBR read successfully
09:04:31.020 Disk 0 MBR scan
09:04:31.057 Disk 0 Windows 7 default MBR code
09:04:31.065 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:04:31.080 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39900 MB offset 206848
09:04:31.092 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 436938 MB offset 81922048
09:04:31.101 Disk 0 scanning sectors +976771072
09:04:31.167 Disk 0 scanning C:\Windows\system32\drivers
09:04:39.757 Service scanning
09:05:04.255 Modules scanning
09:05:08.575 Disk 0 trace - called modules:
09:05:08.589 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll storport.sys nvstor.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys watchdog.sys
09:05:08.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c5f758]
09:05:08.603 3 CLASSPNP.SYS[88f9059e] -> nt!IofCallDriver -> [0x84ca6f08]
09:05:08.609 5 ACPI.sys[833b43b2] -> nt!IofCallDriver -> \Device\0000005f[0x855ac6e8]
09:05:09.268 AVAST engine scan C:\Windows
09:05:11.383 AVAST engine scan C:\Windows\system32
09:09:19.828 AVAST engine scan C:\Windows\system32\drivers
09:09:35.360 AVAST engine scan C:\Users\DJ Sone
09:13:07.323 AVAST engine scan C:\ProgramData
09:13:35.123 Scan finished successfully
09:16:05.110 Disk 0 MBR has been saved successfully to "C:\Users\DJ Sone\Desktop\MBR.dat"
09:16:05.119 The log file has been saved successfully to "C:\Users\DJ Sone\Desktop\aswMBR.txt"

Dopuna: 15 Jan 2014 9:24

Imam pitanja.
Ja imam Aviru instaliranu a koliko vidim sad je i Avas instaliran, tako da imam 2 kompajlera.
Aviru da izbrišem?
Pored "aswMBR.txt" sačuvanog fajla na desktopu, postoji i "MBR.dat" takođe na desktopu, (što se vidi i na kraju iskopiranog log-a), treba li i taj fajl da prikačim ili ne?

Poslao: 15 Jan 2014 09:57
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ne bi nikako trebao da imas vise od jednog antivirusa. Razlozi su ogromni, moze doci do velikog smanjenja performansi, jer se dva programa takmice za "prevlast", zatim moze doci do pogresnih detekcija ukoliko jedan od njih detektuje neku komponentu onog drugog kao sumnjivu i najgore od svega moze doci do pada sistema, ako dodje do konflikta, jer odredjene komponente antivirusa rade na najnizem delu sistema, takozvani kernel.


Mozes obrisati svaki alat i njegov izvestaj koji smo ovde koristili, jer smo zavrsili, racunar je cist. Sada cemo obrisati koriscene alate.


Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: [Link mogu videti samo ulogovani korisnici]

Više o MCShield-u možeš saznati u ovim temama:
v1: [Link mogu videti samo ulogovani korisnici]
v2: [Link mogu videti samo ulogovani korisnici]



Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: [Link mogu videti samo ulogovani korisnici]



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: [Link mogu videti samo ulogovani korisnici]



TwinHeadedEagle (AMF Tim)

Poslao: 15 Jan 2014 15:29
Idi na vrh
offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Ok, obrisao sam Aviru a instalirao Avast (nije bio instaliran, mislio sam da kroz pokretanje programa "aswMBR" je ostao instaliran ali nije), to me je moram da priznam zbunilo. Smile)))
DelFix() je uspešno odradio svoje, pobrisao je sve repove za sobom, odlična stvar moram priznati. Smile
Aliiii, Hvala za "MCShield v2"!!! Ovako nešto mi je trebalo!!! Smile Odlično!! Komp se najbrže zarazi preko Flasha tu ne pomaže ni jedan Anti-virus koliko puta mi se to desilo, iskustvo čini svoje. Smile)) Zbog toga je potreban ovaj alat, HVALA JOŠ JEDNOM!!!!! SVAKA ČAST!!!!!!! Takođe i za testiranje pretraživača, probao sam, Java i Adobe Flash player morali da idu na "FIX".
Hvala care!!! Pusti me bar da častim piće! Wink Smile Ziveli

Poslao: 15 Jan 2014 15:36
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Da si u Beogradu, moglo bi Ziveli

Pozdrav

MyCity » Ambulanta -> Arhiva Ambulante » Sporo radi, muči se!

Ko je trenutno na forumu
 

Ukupno su 725 korisnika na forumu :: 67 registrovanih, 10 sakrivenih i 648 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 015, ArmFPGA, Asteker, Belac91, blankspace, Bojan198527, Bosnjo, Colt D, dd201176, debeli, Dogma21, DS01, dushan, Ercomero, goxin, ilija.24, Imperator_Aleksandr_lll, IQ116, ivanR164, jalos, Kamov, kinderpingvin, Lester Freamon, Lj_ubo, ljuba.b, ljubo70, lord sir giga, ludiagresivan, Macalone, Marko Marković, mercedesamg, mikrimaus, milikonst, milos.cbr, milutin134, mitja2512, monomah, nebkv, Nepopravljivi, neutrino, nikolapetkovic, nobutado, novator, Orc, Pilence, PlayerOne, proljece, S-G, saki80, sap, Semberija, Shadow soldier, ShtagodShtagod, Sirius, svnedelja, synergia, tmanda323, umpah-pah, vazduh, Velibor Radoja, VJ, voja64, vrgudinac, Weah88, x011, yrraf, Zorge