USB memorija

USB memorija

offline
  • Pridružio: 10 Feb 2015
  • Poruke: 6

Poštovani,

moj problem je u USB memoriji, koju kada ubacim kompjuter ne registruje.
Probala sam i na drugim kompjuterima, tamo nema nikakvog problem, očita USB memoriju.

Dostvaljam izveštaj.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by PC (administrator) on AGWSRV on 10-02-2015 11:19:37
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available profiles: PC)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\TcpID\TcpID.exe
(Technology Nexus AB) C:\Program Files\Personal\bin\Personal.exe
(Microsoft Corporation) D:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\sqlservr.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) D:\agw_data\MSRS10_50.AGW\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(AIMP DevTeam) C:\Program Files\AIMP3\AIMP3.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) D:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\fdhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Halcom d.d.) C:\Program Files\Halcom\Personal E-Bank\PersonalEBankMain.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
Failed to access process -> wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [TcpId] => C:\Program Files\TcpID\TcpID.exe [393728 2009-01-26] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-696977281-3367215060-537224892-1000\...\MountPoints2: {49d14168-ea82-11e1-b44e-8c89a558fc48} - F:\AutoRun.exe
HKU\S-1-5-21-696977281-3367215060-537224892-1000\...\MountPoints2: {a5399bba-6e1d-11e4-9b04-8c89a558fc48} - F:\startme.exe
HKU\S-1-5-21-696977281-3367215060-537224892-1000\...\MountPoints2: {da8e94c9-bd1b-11e2-b41c-8c89a558fc48} - G:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Personal.lnk
ShortcutTarget: Personal.lnk -> C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-696977281-3367215060-537224892-1000] => localhost:21320
HKU\S-1-5-21-696977281-3367215060-537224892-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-696977281-3367215060-537224892-1000\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-696977281-3367215060-537224892-1000 -> DefaultScope {A2D5C1C8-2622-41BC-8FAD-2886BC15C759} URL = search.yahoo.com/search?fr=chr-greentree_i.....453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-696977281-3367215060-537224892-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-696977281-3367215060-537224892-1000 -> {A2D5C1C8-2622-41BC-8FAD-2886BC15C759} URL = search.yahoo.com/search?fr=chr-greentree_i.....453&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{6115CA0B-D700-4079-91D7-CFE99E47B135}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine,S:
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: search.yahoo.com/search?fr=greentree_ff1&a.....453&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @se.nexus/Personal -> C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-696977281-3367215060-537224892-1000: @tools.google.com/Google Update;version=3 -> C:\Users\PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-696977281-3367215060-537224892-1000: @tools.google.com/Google Update;version=9 -> C:\Users\PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\user.js
FF Extension: SaverExtensoion - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com [2013-12-30]
FF Extension: BitSaver - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net [2013-12-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (video Download Professional) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkbpebmpocjmdpmnaijjeniajofohci [2014-10-17]
CHR Extension: (Prevoditelj za sve jezike) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (Google disk) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-14]
CHR Extension: (Google pretraživanje) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-14]
CHR Extension: (Skype Click to Call) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-14]
CHR Extension: ( Youtube Downloader) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggdfjkecnbpgdabpjaddhacaifackhp [2014-10-17]
CHR Extension: (Google Novčanik) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKU\S-1-5-21-696977281-3367215060-537224892-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PC\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 MSSQL$AGW; d:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
R3 MSSQLFDLauncher$AGW; d:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\fdlauncher.exe [28512 2010-04-03] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 ReportServer$AGW; d:\agw_data\MSRS10_50.AGW\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1177952 2011-04-24] (Microsoft Corporation)
S4 SQLAgent$AGW; d:\agw_data\MSSQL10_50.AGW\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation)
R3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [98816 2013-04-24] (Gemalto)
R3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 11:19 - 2015-02-10 11:21 - 00014725 _____ () C:\Users\PC\Desktop\FRST.txt
2015-02-10 11:18 - 2015-02-10 11:19 - 01124352 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe
2015-02-10 09:46 - 2015-02-10 10:09 - 00000400 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2015-02-10 09:46 - 2015-02-10 09:46 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Easeware
2015-01-23 13:02 - 2015-01-23 13:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 10:21 - 2015-01-20 10:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-01-20 10:15 - 2014-10-13 06:57 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-01-20 10:15 - 2014-10-13 06:57 - 00581192 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2015-01-20 09:54 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2015-01-20 09:54 - 2013-12-30 10:52 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2015-01-20 09:37 - 2015-01-20 09:37 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2015-01-14 07:13 - 2015-01-14 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 11:19 - 2014-08-08 07:58 - 00000000 ____D () C:\FRST
2015-02-10 11:10 - 2012-07-26 17:56 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2015-02-10 10:30 - 2012-07-26 17:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 10:26 - 2012-07-26 00:50 - 01823193 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 10:19 - 2012-07-26 18:08 - 00000000 ____D () C:\Users\PC\AppData\Roaming\AIMP3
2015-02-10 10:17 - 2009-07-14 05:34 - 00017520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 10:17 - 2009-07-14 05:34 - 00017520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 10:09 - 2014-04-11 05:56 - 00033488 _____ () C:\Windows\setupact.log
2015-02-10 10:09 - 2013-12-09 13:30 - 00000446 ____H () C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job
2015-02-10 10:09 - 2012-07-26 17:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 10:09 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 07:15 - 2012-07-30 15:51 - 00000000 ____D () C:\agw_sql
2015-02-09 13:51 - 2012-08-20 09:34 - 00000000 ____D () C:\Users\PC\AppData\Local\Deployment
2015-02-06 17:35 - 2012-08-03 06:13 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2015-02-06 07:06 - 2012-08-03 06:15 - 00000919 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-06 07:06 - 2012-08-03 06:15 - 00000000 ____D () C:\Program Files\uTorrent
2015-02-05 12:31 - 2010-11-20 22:01 - 00836666 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 17:48 - 2014-04-11 05:56 - 00037838 _____ () C:\Windows\PFRO.log
2015-01-23 13:06 - 2013-10-18 08:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 13:03 - 2014-08-12 10:45 - 00000000 ____D () C:\Program Files\Java
2015-01-23 13:00 - 2014-08-12 10:46 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-23 13:00 - 2014-08-12 10:46 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-23 13:00 - 2014-08-12 10:46 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-23 13:00 - 2014-08-12 10:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 06:55 - 2012-08-22 05:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 13:45 - 2013-04-16 09:34 - 00000000 ____D () C:\Users\PC\AppData\Local\Samsung
2015-01-20 13:45 - 2013-04-16 09:27 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-20 13:45 - 2013-04-16 08:31 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Samsung
2015-01-20 13:45 - 2012-07-30 16:29 - 00000000 ____D () C:\Program Files\Samsung
2015-01-20 13:45 - 2012-07-25 22:03 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 13:39 - 2013-04-16 09:31 - 00000000 ____D () C:\Program Files\MyFree Codec
2015-01-20 10:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 09:52 - 2013-04-16 09:26 - 00000000 ____D () C:\Users\PC\AppData\Local\Downloaded Installations
2015-01-20 07:01 - 2012-08-22 05:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-20 07:01 - 2012-07-26 17:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 14:13 - 2013-08-14 12:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 14:09 - 2012-08-03 06:23 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:15 - 2014-12-12 10:49 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-01-13 09:04 - 2014-08-04 08:14 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
2015-01-12 13:27 - 2014-12-22 07:54 - 00005224 _____ () C:\ProgramData\P1210OS.HTM

==================== Files in the root of some directories =======

2014-08-14 11:50 - 2014-08-14 12:57 - 6010880 _____ () C:\Program Files\GUTE650.tmp
2014-03-14 12:31 - 2014-03-14 12:34 - 0004608 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-30 07:31 - 2013-08-30 07:31 - 0004096 ____H () C:\Users\PC\AppData\Local\keyfile3.drm
2014-08-08 09:22 - 2014-08-08 09:57 - 0007596 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2014-12-22 07:54 - 2012-08-31 08:49 - 0024772 _____ () C:\ProgramData\P1210DEF.css
2014-12-22 07:54 - 2015-01-12 13:27 - 0005224 _____ () C:\ProgramData\P1210OS.HTM
2014-12-22 07:54 - 2012-08-31 08:49 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF

Files to move or delete:
====================
C:\Users\PC\pkcs11wrapper_32.dll


Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\burnsetup.exe
C:\Users\PC\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\PC\AppData\Local\Temp\eisetup.exe
C:\Users\PC\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\PC\AppData\Local\Temp\pixsetup.exe
C:\Users\PC\AppData\Local\Temp\ppadsetup.exe
C:\Users\PC\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\PC\AppData\Local\Temp\SHSetup.exe
C:\Users\PC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-10-15 06:02] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2015-02-03 13:39

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,



Ovo verovatno nece resiti tvoj problem, jer problem koji si ti postavila nije vezan za infekcije. No, analizom tvojih logova naisao sam na par nepravilnosti. Ovo je Ambulanta i moramo pokusati da ih ispravimo i ozdravimo imunitet tvog sistema kada si vec ovde. Pa da pocnemo ...






Da li mozda znas da ti je na racunaru namesten Proxy Server?








#Korak 1
--- --- --- ---


Arrow
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
File: C:\Program Files\TcpID\TcpID.exe
File: C:\Users\PC\pkcs11wrapper_32.dll
Folder: c:\programdata\quickset
Folder: C:\Program Files\TcpID

CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {931E0D0A-2393-43CB-8E49-5C063390B365} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
FF Extension: SaverExtensoion - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com [2013-12-30]
FF Extension: BitSaver - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net [2013-12-30]
AlternateDataStreams: C:\Windows:nlsPreferences

Hosts:
C:\Program Files\GUTE650.tmp
c:\programdata\quickset\sk-enhancer
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net

EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






#Korak 2
--- --- --- ---




Arrow Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)





#Korak 3
--- --- --- ---




Arrow Preuzmi Farbar Service Scaner na Desktop

http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Dvoklikom pokreni FSS.exe, stikliraj sve opcije i klikni na Scan

Nedugo zatim, otvorice se log programa u Notepad-u, koji ce biti sacuvan na radnoj povrsini kao FSS.txt

Prikaci njegov sadrzaj u temu na forumu koristeci Prikači fajl opciju.

offline
  • Pridružio: 10 Feb 2015
  • Poruke: 6

Izvolite....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by PC at 2015-02-11 07:10:13 Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available profiles: PC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
File: C:\Program Files\TcpID\TcpID.exe
File: C:\Users\PC\pkcs11wrapper_32.dll
Folder: c:\programdata\quickset
Folder: C:\Program Files\TcpID

CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {931E0D0A-2393-43CB-8E49-5C063390B365} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
FF Extension: SaverExtensoion - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com [2013-12-30]
FF Extension: BitSaver - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net [2013-12-30]
AlternateDataStreams: C:\Windows:nlsPreferences

Hosts:
C:\Program Files\GUTE650.tmp
c:\programdata\quickset\sk-enhancer
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net

EmptyTemp:
End
*****************


========================= File: C:\Program Files\TcpID\TcpID.exe ========================

MD5: 1BF8B56C7FF3C9D10572F7558816F172
Creation and modification date: 2013-09-04 10:22 - 2009-01-26 22:58
Size: 0393728
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======


========================= File: C:\Users\PC\pkcs11wrapper_32.dll ========================

MD5: 2EF29F200E04A7A2BC04D4E8E9228CB1
Creation and modification date: 2014-04-04 09:15 - 2014-04-04 09:15
Size: 0087552
Attributes: ----A
Company Name: IAIK
Internal Name: PKCS#11 Wrapper for Java
Original Name: pkcs11wrapper.dll
Product Name: PKCS#11 Wrapper for Java
Description: PKCS#11 Wrapper for Java
File Version: 1.2.17
Product Version: 1.2.17
Copyright: © Copyright IAIK 2001 - 2007; under Apache-style license

====== End Of File: ======


========================= Folder: c:\programdata\quickset ========================

Directory Not Found

========================= Folder: C:\Program Files\TcpID ========================

2013-09-04 10:22 - 2009-01-26 21:09 - 0040960 _____ () C:\Program Files\TcpID\KillProc.exe
2013-09-04 10:22 - 2009-01-26 22:58 - 0393728 _____ () C:\Program Files\TcpID\TcpID.exe
2013-09-04 10:22 - 2013-09-04 10:22 - 0002069 _____ () C:\Program Files\TcpID\unins000.dat
2013-09-04 10:22 - 2013-09-04 10:22 - 0695642 _____ () C:\Program Files\TcpID\unins000.exe

====== End of Folder: ======

Restore point was successfully created.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

The operation completed successfully.



========= End of Reg: =========

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{931E0D0A-2393-43CB-8E49-5C063390B365}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{931E0D0A-2393-43CB-8E49-5C063390B365}" => Key deleted successfully.
C:\Windows\System32\Tasks\Sk-Enhancer-S-5902107913 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sk-Enhancer-S-5902107913" => Key deleted successfully.
C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => Moved successfully.
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com => Moved successfully.
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Program Files\GUTE650.tmp => Moved successfully.
"c:\programdata\quickset\sk-enhancer" => File/Directory not found.
"C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\jfhc0_vtt@oioctq-uiue.com" => File/Directory not found.
"C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\bd1qopfy.default-1386757882744\Extensions\rzmbpqbbrwx@ydglc.net" => File/Directory not found.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 07:13:06 ====


mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Jedan jako bitan servis je ostecen, nije aktivan. To moramo popraviti. Da probamo prvo na laksi nacin ...




--- --- --- ---




Preuzmi ESET services repair tool i sacuvaj alat na Desktop.

Pokreni ServicesRepair.exe

Klikni Yes kada se pojavi prozor

Kada alat zavrsi, zatrazice ti da restartujes racunar. Klikni na Yes

Nakon restarta, na Desktop-u ce se nalaziti CC Support folder, a u okviru njega folder Logs

Unutar foldera Logs se nalazi SvcRepair.txt fajl ciji sadrzaj treba da kopiras u temu.







--- --- --- ---




Arrow Ponovo pokreni Farbar Service Scaner, obelezi sve dostupne opcije i generisi svez FSS.txt izvestaj da vidim kakvo ce biti stanje posle ovih popravki.





--- --- --- ---





Exclamation I ono sto bih ti morao napomenuti jeste da je HardDisk na kom je instaliran sistem i gde se smestaju sistemski podatci trajno ostecen sudeci po EventViewer logovima.

Savet jeste da kada zavrsimo sa sistemskim popravkama, da otvoris novu temu u Windows forumu gde ces navesti da su te momci iz Ambulante poslali da proveris HardDisk na postojanje losih (bad) sektora. Tamo ce ti biti prosledjeno uputstvo kako to da proveris. Ako ja budem video temu, napisacu ti ja kako da testiras HardDisk.

Za sada, imaj na umu da bitne licne stvari (slike, muziku) odlozis na neku externu memoriju (USB flash, externi HDD i sl.) za svaki slucaj ...

offline
  • Pridružio: 10 Feb 2015
  • Poruke: 6

Izvolite...


Log Opened: 2015-02-11 @ 17:18:11
17:18:11 - -----------------
17:18:11 - | Begin Logging |
17:18:11 - -----------------
17:18:11 - Fix started on a WIN_7 X86 computer
17:18:11 - Prep in progress. Please Wait.
17:18:14 - Prep complete
17:18:14 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
17:18:16 - Services Repair Complete.
17:18:20 - Reboot Initiated



mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

1. Preuzmi CryptSvc.reg i sacuvaj file na Desktop.
https://www.mycity.rs/must-login.png

2. Dvoklikom pokreni file, na upite koje dobijes odgovori potvrdno (Yes/Ok/Merge). Kada to zavrsis, restartuj kompjuter.

3. Mozes da obrises koriscene alate u ovoj temi i sve njihove izvestaje.
Obrisi FRST.exe i njegov radni folder u C:\FRST, obrisi TDSSKiller i sve njegove izvestaje smestene na C:\, ESET Services Repair i Farbar Services Scanner alate.

To bi bilo to. Otvori novu temu u Windows forumu i prenesi da bi trebala da uradis testiranje HDD-a.
http://www.mycity.rs/Windows/

Na zalost, verujem da ti nista od ovoga nece resiti tvoj primarni problem sa USB-om. Ali kako taj problem nije maliciozne prirode (u Ambulanti radimo samo na infekcijama) i to je problem za Windows forum. Wink

Pozdrav,

offline
  • Pridružio: 10 Feb 2015
  • Poruke: 6

Hvala lepo.

Ko je trenutno na forumu
 

Ukupno su 707 korisnika na forumu :: 36 registrovanih, 5 sakrivenih i 666 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., amonsrb, bata melenčan, bojank, chica, dexter300, djboj, Djokislav, Drug pukovnik, FOX, Georgius, GveX, ikan, kripo, kulus, lekso, MB120mm, Milan A. Nikolic, Mlav, Mugy, NoOneEver Dreams, perica5, Pohovani_00, riva, ruseskij, SlaKoj, Snorks, Steeeefan, suton, Tas011, Toper, Van, Vlada1389, yufighter