Usporen rad na Win Server 2008

Usporen rad na Win Server 2008

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

У кабинету за информатику имам следећи систем: један рачунар (за наставнике) са Win Server 2008 и два рачунара са укупно 15 радних места за ученике, на којима је Win MultiPoint Server 2011. Проблем је у томе што је рачунар за наставнике (Win Server 2008) почео да ради ужасно споро, поготово кад га укључим. Тада првих пола сата не могу ништа да радим, јер се на сваку моју акцију подуже чека. Црвена ЛЕ диода нон-стоп сија и то уједначено, без треперења, што значи да се по хард диску стално нешто уписује...
Природно, закључио сам да сам покупио неку инфекцију, па сам проблем покушао да решим помоћу ADWCLEANER-a и MBAR-a, али безуспешно. Они су нашли нешто и очистили, али проблем се и даље јавља.

Ево шта је нашао FRST.EXE:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by administrator (administrator) on DC on 09-02-2015 09:28:58
Running from C:\Users\Administrator\Desktop\ALATI
Loaded Profiles: administrator (Available profiles: profesor & administrator)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-17] (Nullsoft, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2221020120-3260191828-4012333837-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2221020120-3260191828-4012333837-500\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2221020120-3260191828-4012333837-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2221020120-3260191828-4012333837-500 -> DefaultScope {AEB46FAA-4689-49EA-BFC0-F2533A912542} URL = http://search.yahoo.com/search?fr=chr-greentree_ie.....549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2221020120-3260191828-4012333837-500 -> {5A45730B-8AE9-470F-9BF2-320F027CE828} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2221020120-3260191828-4012333837-500 -> {AEB46FAA-4689-49EA-BFC0-F2533A912542} URL = http://search.yahoo.com/search?fr=chr-greentree_ie.....549&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Tcpip\..\Interfaces\{21EFC357-869D-436F-BC71-95FE2C135A21}: [NameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-13]
CHR Extension: (Google претрага) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-13]
CHR Extension: (Google новчаник) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-13]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://start.qone8.com/?type=sc&ts=1400837371&.....HWV3LNHWVX

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-20] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-20] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-20] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-20] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-20] (Microsoft Corporation)
S3 hcdriver; C:\Windows\System32\DRIVERS\hcdriver.sys [73128 2013-10-11] (Intel Corporation)
S2 io.sys; C:\Windows\SysWOW64\drivers\io.sys [5152 2014-11-17] () [File not signed]
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-23] ()
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [39936 2013-10-22] (Generic)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 09:28 - 2015-02-09 09:29 - 00000000 ____D () C:\FRST
2015-02-09 09:25 - 2015-02-09 09:26 - 02132992 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-02-09 09:03 - 2015-02-09 09:03 - 00000344 _____ () C:\Windows\PFRO.log
2015-02-06 12:20 - 2015-02-06 12:20 - 00000000 ____D () C:\Users\Administrator\Documents\BlueVoda
2015-02-06 12:19 - 2015-02-06 12:19 - 00002067 _____ () C:\Users\Public\Desktop\BlueVoda Website Builder.lnk
2015-02-06 12:19 - 2015-02-06 12:19 - 00002058 _____ () C:\Users\Public\Desktop\Hosting.lnk
2015-02-06 12:19 - 2015-02-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueVoda Website Builder
2015-02-06 12:18 - 2015-02-06 12:20 - 00000000 ____D () C:\Program Files (x86)\BlueVoda Website Builder
2015-02-06 12:16 - 2015-02-06 12:17 - 08450226 _____ () C:\Users\Administrator\Downloads\setup.exe
2015-02-06 12:09 - 2015-02-06 12:10 - 02463780 _____ (HTMLKit.com ) C:\Users\Administrator\Downloads\HKSetup.exe
2015-02-06 10:41 - 2015-02-06 10:41 - 00000043 _____ () C:\Users\Administrator\Desktop\AIR Serbia link.txt
2015-02-06 07:44 - 2015-02-06 07:44 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-06 07:44 - 2015-02-06 07:44 - 00000997 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-29 09:00 - 2015-01-29 09:04 - 19193552 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\fet-5.26.0.exe
2015-01-28 17:48 - 2015-02-06 07:51 - 00003822 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421663874
2015-01-22 08:22 - 2015-01-22 08:22 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
2015-01-19 11:46 - 2015-01-19 11:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-19 11:45 - 2015-01-19 11:45 - 01183904 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\wdexpress_full.exe
2015-01-19 11:38 - 2015-01-19 11:38 - 00001167 _____ () C:\Users\Public\Desktop\Opera 27.lnk
2015-01-19 11:38 - 2015-01-19 11:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2015-01-19 11:37 - 2015-01-19 11:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2015-01-19 11:27 - 2015-01-19 11:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SmallBasic
2015-01-19 11:26 - 2015-01-23 08:55 - 00000000 ____D () C:\Users\Administrator\Desktop\PROGRAMIRANJE
2015-01-19 11:25 - 2015-01-19 11:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic
2015-01-16 11:28 - 2015-01-16 11:28 - 00012520 _____ () C:\Users\Administrator\Downloads\testPrimerOpstinsko2014.zip
2015-01-16 11:28 - 2015-01-16 11:28 - 00010700 _____ () C:\Users\Administrator\Downloads\resenjaOpstinsko2014.zip
2015-01-16 11:26 - 2015-01-16 11:26 - 00020328 _____ () C:\Users\Administrator\Downloads\zadaciOpstinsko2014.zip
2015-01-15 07:58 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 07:58 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 07:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 07:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 07:57 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 07:57 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 07:57 - 2014-12-06 05:17 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2015-01-15 07:57 - 2014-12-06 04:50 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2015-01-15 07:57 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 07:57 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 07:41 - 2015-01-15 07:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 09:30 - 2014-04-04 06:18 - 01108040 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 09:28 - 2014-09-18 07:09 - 00000000 ____D () C:\Users\Administrator\Desktop\ALATI
2015-02-09 09:17 - 2009-07-14 05:49 - 00015536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 09:17 - 2009-07-14 05:49 - 00015536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 09:14 - 2014-11-28 11:47 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-09 09:07 - 2014-11-13 07:32 - 00111064 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 09:07 - 2012-09-13 06:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 09:05 - 2010-12-11 03:04 - 00005968 _____ () C:\Windows\system32\config\netlogon.dnb
2015-02-09 09:05 - 2010-12-11 03:04 - 00001881 _____ () C:\Windows\system32\config\netlogon.dns
2015-02-09 09:05 - 2010-12-11 02:58 - 00000000 ____D () C:\Windows\system32\dns
2015-02-09 09:04 - 2014-12-22 09:03 - 00001064 _____ () C:\Windows\setupact.log
2015-02-09 09:04 - 2012-04-30 07:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 09:04 - 2010-12-11 03:00 - 00000000 ____D () C:\Windows\NTDS
2015-02-09 09:04 - 2009-07-14 06:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 09:04 - 2009-07-14 05:49 - 00412432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 12:25 - 2012-04-30 07:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 12:25 - 2012-04-30 07:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 12:25 - 2011-09-14 10:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 12:24 - 2014-09-11 07:31 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-02-06 11:51 - 2012-09-13 06:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 08:37 - 2014-08-18 08:36 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-06 07:51 - 2011-09-07 11:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-06 07:46 - 2014-12-08 09:54 - 00003765 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-02-06 07:46 - 2011-11-11 11:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-02 12:06 - 2011-06-15 09:09 - 00002330 ____H () C:\Users\Administrator\Documents\Default.rdp
2015-01-29 08:43 - 2014-03-27 08:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-29 08:36 - 2014-09-29 09:56 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-29 08:35 - 2014-09-29 09:56 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-29 08:35 - 2014-09-29 09:56 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-29 08:35 - 2014-09-29 09:56 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-29 08:35 - 2012-12-07 08:18 - 00000000 ____D () C:\Program Files\Java
2015-01-28 17:30 - 2009-07-14 06:06 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-23 09:39 - 2011-06-15 08:29 - 00000000 ____D () C:\deljeni
2015-01-19 11:24 - 2011-09-07 11:06 - 00000000 ____D () C:\MRM
2015-01-19 11:04 - 2009-07-14 06:10 - 00821590 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 10:18 - 2010-12-11 01:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-02-28 12:25 - 2014-02-28 12:25 - 0000055 _____ () C:\Users\Administrator\AppData\Roaming\GifMakerlicense.lic
2013-11-21 07:17 - 2013-11-21 07:18 - 0398412 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI18C2.txt
2013-10-25 11:28 - 2013-10-25 11:28 - 0362846 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI1B74.txt
2014-03-27 08:13 - 2014-03-27 08:14 - 0557982 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI3881.txt
2013-11-21 07:17 - 2013-11-21 07:18 - 0011394 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI18C2.txt
2013-10-25 11:28 - 2013-10-25 11:28 - 0011610 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI1B74.txt
2014-03-27 08:13 - 2014-03-27 08:14 - 0016798 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI3881.txt
2014-04-04 08:25 - 2014-04-04 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2276.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\SmallBasicLibrary.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 08:04

==================== End Of Log ============================

А ево и Addition.TXT:
https://www.mycity.rs/must-login.png

П.С.
Данас радим у овој школи, а у уторак и среду сам у другој школи, у другом месту. У четвртак и петак сам опет овде.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pozdrav miroslav.maričić,

Prvo i osnovno, Adware Cleaner je alat koji nikada nije i nikada nece biti optimizovan za rad na Serverima. Naravno, alat moze biti pokrenut ali njegove metode pretrage ne racunaju na uloge i generalno rad servera.
Savet: Otvori C:\AdwCleaner folder i vrati ceo backup nazad.

MBAR je mocan AntiRootKit scanner i sa njim treba biti paznjiv kada radis na Serverima.

Sto se tice naseg dijagnostickog alata, ista prica. Alat nije optimizovan na rad sa serverima. Ono sto ti ja mogu reci jeste da taj server ne treba gasiti i ukloniti sve te gluposti poput winamp i slicnih gluposti.
CCleaner na servery? On ja najverovatnije i uzrok problema. Taj alat nikada nije optimizovan da radi na serverima i vrlo verovatno da je neki laik pomocu njega ostetio server. Ako imas njegov originalni backup, vrati ga. TeamViewer ti je visak softver na njemu. I tak' ...



I zadnje, najbitnije da procitas pravilnik koji si nekako propustio da procitas Exclamation
http://www.mycity.rs/Ambulanta/Pravila-ovog-dela-foruma.html

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

У реду. Што се тиче овога: "I zadnje, najbitnije da procitas pravilnik koji si nekako propustio da procitas", мислио сам да се правило бр. 9. не односи на школе, пошто школа није никаква фирма, не зарађује на рачунарима, већ они служе искључиво за учење деце (а ионако смо, од свих државних установа, највише запостављени), па сам стога мислио да то не важи за нас.
Хвала на саветима, позз.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Razumem te ali moras razumeti i ti nas. Wink

Ako ti nesto znaci, izvestaji mi govore da je potrebno obnoviti WMI (izguglaj repair wmi ili rebuild wmi), pregledaj Task Scheduler (pristupas iz Admin Tools).

Sami izvestaji ne pokazuju tragove aktivne infekcije. To ne znaci da server nije inficiran, vec najverovatnije da nije inficiran. Problemi su napravljeni od strane nekompatibilnih 'tune' softvera a i server 2008 je pre poznat po fantasticnim mogucnostima, ne po brzini.

Uostalom, sama hardware konfiguracija (CPU+RAM) nije bas zadovoljavajuca za fin rad na serveru.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Добро, кад дођем опет у ту школу у четвртак, одрадићу "repair wmi". И да, хардвер је прилично скроман, а на оним рачунарима које користе деца, још је слабији... Но, то смо добили од министарства, а поклоњеном коњу се не гледа у зубе, зар не? Wink
Још једном, хвала на саветима, позз Ziveli

Ko je trenutno na forumu
 

Ukupno su 560 korisnika na forumu :: 7 registrovanih, 1 sakriven i 552 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojank, BSD, darios, djordje92sm, kybonacci, sekretar, vasa.93