lap top koci i sporo radi

lap top koci i sporo radi

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1761
  • Gde živiš: Niksic - Crna Gora

Napisano: 18 Jul 2014 0:20

pozdrav ..evo bratov lap top sporo radi ...i koci .. nema ni antivirusa ...pa rekoh da ga ocistimo pa da stavim neki.

Dopuna: 18 Jul 2014 0:22

vo Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by home (administrator) on HOME-PC on 18-07-2014 00:14:20
Running from C:\Users\home\Desktop
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
() C:\Program Files\Join Air\AssistantServices.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files\Join Air\UIExec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SonicMasterTray] => C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM\...\Run: [Wireless Console 3] => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [139088 2011-01-30] ()
HKU\.DEFAULT\...\MountPoints2: {990d46d7-8f24-11e1-82a3-806e6f6e6963} - F:\InstAll.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: G - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {310ce85e-4226-11e2-ae5a-5404a6713442} - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {fbfbec77-eaef-11e1-8471-74de2b5135b8} - G:\Autorun.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94D13B92F522CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8ba36ab8-0bca-4759-b3f1-2bb01e167c3b} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
BHO: Free Games -> {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} -> C:\Program Files\Free Games\ScriptHost.dll (BestOffers)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {2977d8cc-8902-4340-be88-2c676bf96b8d} -> C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default
FF NewTab: hxxp://www.searchshock.com/?cid=3975
FF DefaultSearchEngine: SearchShock
FF SearchEngineOrder.1: SearchShock
FF SelectedSearchEngine: SearchShock
FF Homepage: hxxp://www.searchshock.com/?cid=3975
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\searchplugins\SearchShock.xml
FF Extension: Free Games - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\freegames197@BestOffers [2014-07-16]
FF Extension: Speed Test - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\speedtest199@BestOffers [2014-07-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.rs/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-10-23] () [File not signed]
R2 TVECapSvc; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [364635 2008-10-23] () [File not signed]
R2 TVESched; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [172121 2008-10-23] () [File not signed]
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [253264 2011-01-30] ()

==================== Drivers (Whitelisted) ====================

R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [15488 2011-05-25] (ASUS)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2012-04-25] (Padus, Inc.) [File not signed]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\CyberLink\PlayMovie\000.fcl [61424 2008-05-16] (Cyberlink Corp.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [201168 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 00:14 - 2014-07-18 00:15 - 00010088 _____ () C:\Users\home\Desktop\FRST.txt
2014-07-18 00:12 - 2014-07-18 00:14 - 00000000 ____D () C:\FRST
2014-07-18 00:11 - 2014-07-18 00:12 - 01077248 _____ (Farbar) C:\Users\home\Desktop\FRST.exe
2014-07-17 19:41 - 2014-07-17 22:02 - 00000168 _____ () C:\Windows\setupact.log
2014-07-17 19:41 - 2014-07-17 19:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\home\AppData\Local\ilividmoviestoolbar20
2014-07-16 22:46 - 2014-07-16 22:46 - 01681408 _____ (Bandoo Media Inc) C:\Users\home\Downloads\iLividSetup-r1720-n-bc.exe
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\speedtest199
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Haali
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Free Games
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-16 22:39 - 2012-04-09 00:40 - 00079360 _____ () C:\Windows\system32\ff_vfw.dll
2014-07-16 22:38 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\freegames197
2014-07-16 22:38 - 2014-07-16 22:38 - 00000000 ____D () C:\Users\home\AppData\Roaming\UnknownFile
2014-07-16 22:37 - 2014-07-16 22:37 - 01357568 _____ (CodecPerformer) C:\Users\home\Downloads\CodecPerformerSetup.exe
2014-07-15 16:30 - 2014-07-15 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 16:23 - 2014-07-15 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\home\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-14 18:24 - 2014-07-14 18:24 - 00000000 ____D () C:\Windows\pss
2014-07-14 18:02 - 2014-07-14 18:02 - 00000071 _____ () C:\Users\home\Downloads\listen.pls
2014-07-14 16:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 02:01 - 2014-07-13 19:19 - 00000000 ____D () C:\Users\home\Desktop\Originals
2014-06-29 18:35 - 2014-06-29 18:35 - 00158208 _____ () C:\Users\home\Downloads\rezultati zavrsnog ispita FINANSIJSKO PRAVO_PG_2014 (1) (1).xls
2014-06-29 18:32 - 2014-06-29 18:32 - 00158208 _____ () C:\Users\home\Downloads\rezultati zavrsnog ispita FINANSIJSKO PRAVO_PG_2014 (1).xls

==================== One Month Modified Files and Folders =======

2014-07-18 00:15 - 2014-07-18 00:14 - 00010088 _____ () C:\Users\home\Desktop\FRST.txt
2014-07-18 00:14 - 2014-07-18 00:12 - 00000000 ____D () C:\FRST
2014-07-18 00:12 - 2014-07-18 00:11 - 01077248 _____ (Farbar) C:\Users\home\Desktop\FRST.exe
2014-07-18 00:03 - 2009-07-14 06:34 - 00009776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 00:03 - 2009-07-14 06:34 - 00009776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 23:57 - 2013-08-25 10:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 23:57 - 2012-04-28 18:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 23:55 - 2012-04-25 16:44 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 22:03 - 2013-08-25 10:39 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 22:03 - 2012-04-25 21:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-07-17 22:03 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 22:02 - 2014-07-17 19:41 - 00000168 _____ () C:\Windows\setupact.log
2014-07-17 19:41 - 2014-07-17 19:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\home\AppData\Local\ilividmoviestoolbar20
2014-07-16 22:46 - 2014-07-16 22:46 - 01681408 _____ (Bandoo Media Inc) C:\Users\home\Downloads\iLividSetup-r1720-n-bc.exe
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\speedtest199
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Haali
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Free Games
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\ffdshow
2014-07-16 22:39 - 2014-07-16 22:38 - 00000000 ____D () C:\Users\home\AppData\Local\freegames197
2014-07-16 22:38 - 2014-07-16 22:38 - 00000000 ____D () C:\Users\home\AppData\Roaming\UnknownFile
2014-07-16 22:37 - 2014-07-16 22:37 - 01357568 _____ (CodecPerformer) C:\Users\home\Downloads\CodecPerformerSetup.exe
2014-07-16 09:47 - 2009-07-14 06:53 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 16:53 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\addins
2014-07-15 16:30 - 2014-07-15 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 16:24 - 2014-07-15 16:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\home\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 16:19 - 2012-04-25 21:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-14 18:24 - 2014-07-14 18:24 - 00000000 ____D () C:\Windows\pss
2014-07-14 18:02 - 2014-07-14 18:02 - 00000071 _____ () C:\Users\home\Downloads\listen.pls
2014-07-14 17:43 - 2012-04-25 17:00 - 00000000 ___HD () C:\ASUS.DAT
2014-07-14 16:59 - 2012-04-25 17:32 - 00000000 ____D () C:\Users\home\AppData\Roaming\Winamp
2014-07-13 19:19 - 2014-07-03 02:01 - 00000000 ____D () C:\Users\home\Desktop\Originals
2014-07-13 19:19 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\home\Desktop\New folder (2)
2014-07-09 18:00 - 2012-04-28 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 18:00 - 2012-04-28 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 19:36 - 2014-06-12 23:09 - 00000000 ____D () C:\output
2014-07-03 02:05 - 2014-06-12 22:55 - 00122880 ____H () C:\Users\home\Desktop\photothumb.db
2014-06-29 18:35 - 2014-06-29 18:35 - 00158208 _____ () C:\Users\home\Downloads\rezultati zavrsnog ispita FINANSIJSKO PRAVO_PG_2014 (1) (1).xls
2014-06-29 18:32 - 2014-06-29 18:32 - 00158208 _____ () C:\Users\home\Downloads\rezultati zavrsnog ispita FINANSIJSKO PRAVO_PG_2014 (1).xls

Some content of TEMP:
====================
C:\Users\home\AppData\Local\Temp\CloudBackup5690.exe
C:\Users\home\AppData\Local\Temp\ffdshow.exe
C:\Users\home\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\home\AppData\Local\Temp\searchalgo.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-06 14:38

==================== End Of Log ============================

Dopuna: 18 Jul 2014 0:22

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Idi u Control Panel - Program and Features i deinstaliraj sledeće:
Movies Toolbar for Chrome
Movies Toolbar for Internet Explorer
Free Games
Speed Test App
Haali Media Splitter





Arrow
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
c:\program files\movies toolbar
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94D13B92F522CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8ba36ab8-0bca-4759-b3f1-2bb01e167c3b} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
BHO: Free Games -> {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} -> C:\Program Files\Free Games\ScriptHost.dll (BestOffers)
C:\Program Files\Free Games
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {2977d8cc-8902-4340-be88-2c676bf96b8d} -> C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
FF NewTab: hxxp://www.searchshock.com/?cid=3975
FF DefaultSearchEngine: SearchShock
FF SearchEngineOrder.1: SearchShock
FF SelectedSearchEngine: SearchShock
FF Homepage: hxxp://www.searchshock.com/?cid=3975
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\searchplugins\SearchShock.xml
FF Extension: Free Games - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\freegames197@BestOffers [2014-07-16]
FF Extension: Speed Test - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\speedtest199@BestOffers [2014-07-16]
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\home\AppData\Local\ilividmoviestoolbar20
2014-07-16 22:46 - 2014-07-16 22:46 - 01681408 _____ (Bandoo Media Inc) C:\Users\home\Downloads\iLividSetup-r1720-n-bc.exe
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\speedtest199
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Haali
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Free Games
2014-07-16 22:38 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\freegames197
2014-07-16 22:38 - 2014-07-16 22:38 - 00000000 ____D () C:\Users\home\AppData\Roaming\UnknownFile
2014-07-16 22:37 - 2014-07-16 22:37 - 01357568 _____ (CodecPerformer) C:\Users\home\Downloads\CodecPerformerSetup.exe
C:\Users\home\AppData\Local\Temp\*.exe
HKU\.DEFAULT\...\MountPoints2: {990d46d7-8f24-11e1-82a3-806e6f6e6963} - F:\InstAll.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: G - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {310ce85e-4226-11e2-ae5a-5404a6713442} - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {fbfbec77-eaef-11e1-8471-74de2b5135b8} - G:\Autorun.exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Arrow Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt



Ivance95 (AMF Tim)

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1761
  • Gde živiš: Niksic - Crna Gora

Napisano: 18 Jul 2014 16:21

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by home at 2014-07-18 16:17:56 Run:1
Running from C:\Users\home\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
c:\program files\movies toolbar
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94D13B92F522CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8ba36ab8-0bca-4759-b3f1-2bb01e167c3b} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975
BHO: Free Games -> {0D5F364D-D6A9-43C1-BF0C-99B378972C5B} -> C:\Program Files\Free Games\ScriptHost.dll (BestOffers)
C:\Program Files\Free Games
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {2977d8cc-8902-4340-be88-2c676bf96b8d} -> C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {2977d8cc-8902-4340-be88-2c676bf96b8d} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
FF NewTab: hxxp://www.searchshock.com/?cid=3975
FF DefaultSearchEngine: SearchShock
FF SearchEngineOrder.1: SearchShock
FF SelectedSearchEngine: SearchShock
FF Homepage: hxxp://www.searchshock.com/?cid=3975
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\searchplugins\SearchShock.xml
FF Extension: Free Games - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\freegames197@BestOffers [2014-07-16]
FF Extension: Speed Test - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\speedtest199@BestOffers [2014-07-16]
2014-07-16 23:06 - 2014-07-16 23:06 - 00000000 ____D () C:\Users\home\AppData\Local\ilividmoviestoolbar20
2014-07-16 22:46 - 2014-07-16 22:46 - 01681408 _____ (Bandoo Media Inc) C:\Users\home\Downloads\iLividSetup-r1720-n-bc.exe
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\speedtest199
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Haali
2014-07-16 22:39 - 2014-07-16 22:39 - 00000000 ____D () C:\Program Files\Free Games
2014-07-16 22:38 - 2014-07-16 22:39 - 00000000 ____D () C:\Users\home\AppData\Local\freegames197
2014-07-16 22:38 - 2014-07-16 22:38 - 00000000 ____D () C:\Users\home\AppData\Roaming\UnknownFile
2014-07-16 22:37 - 2014-07-16 22:37 - 01357568 _____ (CodecPerformer) C:\Users\home\Downloads\CodecPerformerSetup.exe
C:\Users\home\AppData\Local\Temp\*.exe
HKU\.DEFAULT\...\MountPoints2: {990d46d7-8f24-11e1-82a3-806e6f6e6963} - F:\InstAll.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: G - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {310ce85e-4226-11e2-ae5a-5404a6713442} - G:\Windows\Install.exe
HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\...\MountPoints2: {fbfbec77-eaef-11e1-8471-74de2b5135b8} - G:\Autorun.exe
*****************

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
"c:\program files\movies toolbar" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8ba36ab8-0bca-4759-b3f1-2bb01e167c3b}' => Key deleted successfully.
'HKCR\CLSID\{8ba36ab8-0bca-4759-b3f1-2bb01e167c3b}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D5F364D-D6A9-43C1-BF0C-99B378972C5B}'=> Key not found.
'HKCR\CLSID\{0D5F364D-D6A9-43C1-BF0C-99B378972C5B}'=> Key not found.
C:\Program Files\Free Games => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2977d8cc-8902-4340-be88-2c676bf96b8d}' => Key deleted successfully.
'HKCR\CLSID\{2977d8cc-8902-4340-be88-2c676bf96b8d}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2977d8cc-8902-4340-be88-2c676bf96b8d} => value deleted successfully.
'HKCR\CLSID\{2977d8cc-8902-4340-be88-2c676bf96b8d}'=> Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\searchplugins\SearchShock.xml => Moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\freegames197@BestOffers => Moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\wesba2db.default\Extensions\speedtest199@BestOffers => Moved successfully.
C:\Users\home\AppData\Local\ilividmoviestoolbar20 => Moved successfully.
C:\Users\home\Downloads\iLividSetup-r1720-n-bc.exe => Moved successfully.
"C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter" => File/Directory not found.
C:\Users\home\AppData\Local\speedtest199 => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter => Moved successfully.
"C:\Program Files\Haali" => File/Directory not found.
"C:\Program Files\Free Games" => File/Directory not found.
"C:\Users\home\AppData\Local\freegames197" => File/Directory not found.
C:\Users\home\AppData\Roaming\UnknownFile => Moved successfully.
C:\Users\home\Downloads\CodecPerformerSetup.exe => Moved successfully.
"C:\Users\home\AppData\Local\Temp\*.exe" => File/Directory not found.
'HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{990d46d7-8f24-11e1-82a3-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{990d46d7-8f24-11e1-82a3-806e6f6e6963}'=> Key not found.
'HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1539049073-3300657364-1958875055-1000'=> Key not found.
'HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310ce85e-4226-11e2-ae5a-5404a6713442}' => Key deleted successfully.
'HKCR\CLSID\{310ce85e-4226-11e2-ae5a-5404a6713442}'=> Key not found.
'HKU\S-1-5-21-1539049073-3300657364-1958875055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbfbec77-eaef-11e1-8471-74de2b5135b8}' => Key deleted successfully.
'HKCR\CLSID\{fbfbec77-eaef-11e1-8471-74de2b5135b8}'=> Key not found.

==== End of Fixlog ====

Dopuna: 18 Jul 2014 16:28

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Kakvo je sada stanje, da li se malo popravilo?

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1761
  • Gde živiš: Niksic - Crna Gora

Napisano: 18 Jul 2014 16:32

Bolje otvara stranicee. i cini mi se brzim.

Dopuna: 18 Jul 2014 16:41

Mnogo vise brzim nego prije.

Dopuna: 18 Jul 2014 16:59

Ja znam da imate svi vasih obaveza .. ali samo ako mogu da pitam ako ivance nije tu moze li neko drugi da ga zamjeni? jer ja sam kod brata do sjutra ujutro ... pa mi je malo frka sa vremenom a on nista ne zna oko ovoga.

Dopuna: 18 Jul 2014 17:02

O5 kazem ja znam da imate svi svojih obaveza tako da se nadam da mi necete zamjeriti sto vas pozurujem oko pomoci. Jer ja sam dosao kod vas za pomoc i treba da budem strpljiv ..i bio bih da mi nije frka sa vremenom.

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Imao sam nekih privatnih obaveza, ali smo mi završili sa čišćenjem, kompjuter je sada čist što se malware-a tiče. Ako imaš bilo kakvih problema obrati se u Windows potforum.


Arrow Obavezno instaliraj neki AV.


Arrow Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Ivance95 (AMF Tim)

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1761
  • Gde živiš: Niksic - Crna Gora

Hvala brate Smile

Ko je trenutno na forumu
 

Ukupno su 909 korisnika na forumu :: 16 registrovanih, 2 sakrivenih i 891 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bigfoot, Djokislav, DPera, draganl, goxin, Hans Gajger, ILGromovnik, ivan979, krkalon, nemkea71, NoOneEver Dreams, nuke92, pein, tubular, VJ, Žrnov