Kompjuter počeo da radi sporije

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav, ovih nekoliko dana skidao sam razne igrice i programe i deinstalirao sam njih nekoliko, pa je sigurno ostao neki trag od njih pa zbog toga kompjuter radi sporije... Sporije otvara programe i pomalo secka... Testirao sam sa AVG 2015 i nije našao ništa... Evo rezultata od FRSTA:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Home (administrator) on HOME-PC on 22-02-2015 18:24:38
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,D:\kl\MPK\Mpk.exe
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\...\Run: [uTorrent] => C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-23] (BitTorrent Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3145937626-3286986765-835811450-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=102876&gct=hp
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^RS&apn_uid=1B78AD87-720B-4A9D-A687-F8192FDDB4FD&apn_sauid=D9149102-8DC5-4310-B110-B657ED2986E0
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^RS&apn_uid=1B78AD87-720B-4A9D-A687-F8192FDDB4FD&apn_sauid=D9149102-8DC5-4310-B110-B657ED2986E0
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tn32x1h6.default-1414483103292
FF NewTab: www.google.rs
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tn32x1h6.default-1414483103292\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml

Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2014-10-14] (EasyAntiCheat Ltd)
S2 MainLSyncHost; d:\kl\mpk\lsynchost.exe [1695032 2014-10-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:24 - 2015-02-22 18:27 - 00011635 _____ () C:\Users\Home\Desktop\FRST.txt
2015-02-22 18:24 - 2015-02-22 18:24 - 00000000 ____D () C:\FRST
2015-02-22 18:11 - 2015-02-22 18:11 - 02087424 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2015-02-22 18:05 - 2015-02-22 18:05 - 00000000 ____D () C:\AdwCleaner
2015-02-22 14:40 - 2012-10-04 19:22 - 31600640 _____ (2K Sports) C:\Users\Home\Desktop\nba2k13.exe
2015-02-22 14:06 - 2015-02-22 14:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\2K Sports
2015-02-22 11:16 - 2015-02-22 17:49 - 00000112 _____ () C:\Windows\setupact.log
2015-02-22 11:16 - 2015-02-22 11:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 14:42 - 2015-02-22 17:59 - 00018690 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 11:01 - 2015-02-21 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plug In Digital
2015-02-17 10:38 - 2015-02-17 10:39 - 00000000 ____D () C:\Windows\W7SBC
2015-02-17 10:38 - 2010-11-21 04:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer_edit_w7sbc.exe
2015-02-17 10:38 - 2010-11-21 04:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer_backup_w7sbc.exe
2015-02-17 10:38 - 2010-11-21 04:24 - 02389504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-02-12 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-12 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-12 12:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-12 12:16 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-12 12:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-12 12:16 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-12 12:15 - 2015-02-12 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2013
2015-02-11 19:32 - 2015-02-13 20:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SpinTires
2015-02-11 19:32 - 2015-02-11 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires_[Hotfix]
2015-02-08 16:19 - 2015-02-08 16:19 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 16:19 - 2015-02-08 16:19 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-08 16:19 - 2015-02-08 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 19:17 - 2015-01-28 19:17 - 00000000 ____D () C:\Users\Home\Documents\Electronic Arts
2015-01-28 19:15 - 2015-01-28 19:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-01-26 15:32 - 2014-06-10 12:27 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2015-01-26 14:42 - 2015-01-26 14:42 - 00003046 _____ () C:\Windows\System32\Tasks\{643107B7-2D61-4DA6-AF9C-ED141AC63337}
2015-01-25 14:19 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2015-01-25 14:19 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\Home\Documents\EA Games
2015-01-23 17:44 - 2015-01-23 17:44 - 00000829 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-23 17:43 - 2015-01-23 17:43 - 00000000 ____D () C:\ProgramData\APN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:25 - 2013-09-30 08:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 18:21 - 2014-10-09 08:52 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2015-02-22 18:08 - 2014-06-10 19:15 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2015-02-22 18:06 - 2013-06-29 12:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 18:00 - 2013-04-02 18:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Winamp
2015-02-22 17:59 - 2013-04-02 16:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-22 17:52 - 2013-07-30 18:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Disk Cleaner
2015-02-22 17:51 - 2014-12-28 17:02 - 00000000 __SHD () C:\ProgramData\MPK
2015-02-22 17:49 - 2013-09-30 08:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 17:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 14:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-22 13:52 - 2013-07-11 12:18 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
2015-02-22 13:41 - 2014-10-09 08:52 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-3145937626-3286986765-835811450-1000.job
2015-02-21 20:25 - 2013-12-16 15:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft
2015-02-17 15:44 - 2014-03-27 20:00 - 00000000 ____D () C:\Users\Home\Desktop\Skice
2015-02-12 12:17 - 2014-11-29 22:39 - 00000000 ____D () C:\Users\Home\Documents\My Games
2015-02-08 16:19 - 2014-09-25 07:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 12:52 - 2013-07-14 12:46 - 00003072 ____H () C:\Users\Home\Desktop\photothumb.db
2015-02-05 11:06 - 2013-06-29 12:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 11:06 - 2013-04-01 16:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:06 - 2013-04-01 16:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 10:20 - 2013-09-30 08:25 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:20 - 2013-09-30 08:25 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-28 19:06 - 2013-05-30 14:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-27 15:56 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 15:56 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 14:01 - 2013-06-22 14:30 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 20:10 - 2014-03-17 19:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Unity
2015-01-23 17:50 - 2013-12-20 16:13 - 00000000 ___RD () C:\Users\Home\Desktop\Ikonice

==================== Files in the root of some directories =======

2014-11-22 21:03 - 2014-11-22 21:03 - 0018363 _____ () C:\Users\Home\AppData\Roaming\UserTile.png
2014-08-26 18:05 - 2014-08-26 18:05 - 0004608 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-30 18:32 - 2013-07-30 18:32 - 0000017 _____ () C:\Users\Home\AppData\Local\resmon.resmoncfg
2014-08-17 15:35 - 2014-08-17 15:35 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-08-17 15:35 - 2014-12-18 17:52 - 0000425 _____ () C:\Users\Home\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2015-02-17 10:38] - [2010-11-21 04:24] - 2389504 ____A (Microsoft Corporation) 257A5F4029EEA31AE58F5A4E92ED076D

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 17:49

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: Marko Ivanović 2
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 22 Feb 2015 18:49

Pozdrav,

Da li si ti instalirao keyloger? Da li si svestan njegovog prisustva?




Preuzmi Emphyrio-ov E-Peek alat i sačuvaj instalaciju na Desktop.


Dvoklikom pokreni setupE-Peek.exe i instaliraj aplikaciju. Tok same instalacije je jednostavan.
- ukoliko je to potrebno, privremeno deaktiviraj zaštitni softver, u većini slučajeva preko desnog klika na ikonu programa u system tray.
- u prozoru koji se otvori klik Next, u sledećem izabrati "I accept the terms ..." a potom na Install. Aplikacija (E-Peek_verzija.exe) se pokreće ...
Napomena: Na Desktop će se pojaviti E Dev folder gde ces videti samu aplikaciju "E-Peek_verzija.exe" i "UninstallE-Peek.exe".

U aplikaciji, u donjem levom uglu klik na dugme [ Scan! ]
- alat započinje analizu sistema.

Kada se analiza sistema završi, otvoriće se notepad sa izveštajem. Potrebno je sadržaj izveštaja iskopirati u temu.Napomena: Kopija izvestaja (E-Peek.txt) ce biti sacuvana u instalacionom folderu:
64bit. Windows: C:\ Program Files (x86)\E Dev\E-Peek\Logs | 32bit. Windows: C:\ Program Files\E Dev\E-Peek\Logs




Dopuna: 22 Feb 2015 18:54



.





Ponovo pokreni FRST/FRST64:

upiši explorer.exe u polje Search: i klikni na dugme Search File ;
alat će skenirati tvoj računar i formirati izveštaj (Search.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj Search.txt izveštaja u poruku;

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skenira već 1h i ništa, šta da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obustavi skeniranje (ako alat odbija prekid, restartuj racunar). Ja ne mogu nastaviti dalje dok mi ne odgovoris na pitanje. Da li znas da imas keyloger na racunaru, da li si ga ti instalirao?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da, ja sam ga instalirao i mnogo sam pogrešio izgleda Sad sam pokrenuo FRST i čekam

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi mi debug log E Peek alata, da vidim sta i gde je zapelo ...

Pristupi ~Program Files \E Dev\E-Peek\Logs i okaci uz poruku dbLog.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 22 Feb 2015 20:09

Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Home at 2015-02-22 20:07:19
Running from C:\Users\Home\Desktop
Boot Mode: Normal

================== Search Files: "explorer.exe" =============

C:\Windows\explorer.exe
[2015-02-17 10:38][2010-11-21 04:24] 2389504 ____A (Microsoft Corporation) 257A5F4029EEA31AE58F5A4E92ED076D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-11-21 04:24][2010-11-21 04:24] 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-11-21 04:24][2010-11-21 04:24] 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 [File is signed]

C:\Windows\SysWOW64\explorer.exe
[2010-11-21 04:24][2010-11-21 04:24] 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 [File is signed]

C:\Windows\erdnt\cache86\explorer.exe
[2014-02-08 19:16][2010-11-21 04:24] 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 [File is signed]

====== End Of Search ======

Dopuna: 22 Feb 2015 20:11



Dopuna: 22 Feb 2015 20:12

ned 22 feb 2015 20:10 : Scan started
ned 22 feb 2015 20:10 : Header OK
ned 22 feb 2015 20:10 : Find History OK
ned 22 feb 2015 20:10 : Running Processes OK
ned 22 feb 2015 20:10 : IE Pages OK
ned 22 feb 2015 20:10 : Auto load OK

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E Peek je zaustavljen usled neispravnosti .Net alata ... nema veze. Osim aktivnog keylogera kojeg si svestan, ja drugog malware-a ne vidim.




Sledeci script ce ispraviti neke stvari ...






1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CloseProcesses:
HKU\S-1-5-21-3145937626-3286986765-835811450-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=102876&gct=hp
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^RS&apn_uid=1B78AD87-720B-4A9D-A687-F8192FDDB4FD&apn_sauid=D9149102-8DC5-4310-B110-B657ED2986E0
SearchScopes: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^RS&apn_uid=1B78AD87-720B-4A9D-A687-F8192FDDB4FD&apn_sauid=D9149102-8DC5-4310-B110-B657ED2986E0
Toolbar: HKU\S-1-5-21-3145937626-3286986765-835811450-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

CreateRestorePoint:

Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe C:\Windows\explorer.exe

Hosts:
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
C:\Windows\system32\roboot64.exe

EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Piše mi "no fixlist.txt" found

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

magna86 ::
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt

Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.