Provera kompjutera, deinstaliranje programa...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 01 Jun 2014 14:25

Поздрав, прво бих да се извиним TwinHeadedEagle-u јер сам у прошлој теми у Амбуланти почео да радим нешто са њим, али пошто нисам могао да користим копјутер прошлих месец дана, нисам му могао одговорити Ево да почнем, мислим да је компјутер мало успорио, спорије се пали, програми се отварају брзо (то је ок), али мислим да ми мало кочи, и да има неке проблеме. Користим AVG 2014 он каже да нема никакве вирусе компјутер, мислим да је то почело од пре 1 и по месец. Ево ако је потребно брзина интернета: Ping: 55 ms, Download speed: 3,77 Mbps, Upload speed: 0,81Mbps. Evo to su izveštaji:

https://www.mycity.rs/must-login.png



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by Home (administrator) on HOME-PC on 01-06-2014 14:21:16
Running from C:\Users\Home\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71DEA046E22BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default
FF Homepage: www.google.rs
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-01-04]
FF Extension: New Tab Homepage - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-02-27]
FF Extension: Greasemonkey - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-14]

Chrome:
=======
CHR HomePage: https://www.google.rs/
CHR Extension: (Google новчаник) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 14:20 - 2014-06-01 14:21 - 00024232 _____ () C:\Users\Home\Desktop\Addition.txt
2014-06-01 14:19 - 2014-06-01 14:21 - 00010153 _____ () C:\Users\Home\Desktop\FRST.txt
2014-06-01 14:19 - 2014-06-01 14:21 - 00000000 ____D () C:\FRST
2014-06-01 14:15 - 2014-06-01 14:17 - 02067456 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2014-06-01 14:00 - 2014-06-01 14:00 - 00000056 _____ () C:\Windows\setupact.log
2014-06-01 14:00 - 2014-06-01 14:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 10:17 - 2014-06-01 10:17 - 00000000 ____D () C:\Users\Home\AppData\Local\LogMeIn
2014-06-01 10:17 - 2014-06-01 10:17 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-05-29 17:04 - 2014-06-01 10:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-05-25 21:04 - 2014-05-25 21:10 - 00000000 ____D () C:\OutputFolder
2014-05-25 19:43 - 2014-05-25 21:14 - 00000000 ____D () C:\Program Files (x86)\Ultra Video Splitter
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter
2014-05-25 19:43 - 2007-04-12 14:19 - 00129024 _____ () C:\Windows\SysWOW64\AVERM.dll
2014-05-25 19:43 - 2006-09-26 13:57 - 00028672 _____ () C:\Windows\SysWOW64\AVEQT.dll
2014-05-21 15:27 - 2014-05-21 15:27 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-21 15:27 - 2014-05-21 15:27 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-21 15:27 - 2014-05-21 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-17 21:14 - 2014-05-17 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\TuneUp Software
2014-05-14 10:33 - 2014-05-14 10:34 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-14 10:31 - 2014-05-14 10:32 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nero
2014-05-14 10:31 - 2014-05-14 10:31 - 00000000 ____D () C:\Users\Home\AppData\Roaming\OpenCandy
2014-05-14 10:30 - 2014-05-14 10:42 - 00000000 ____D () C:\ProgramData\Nero
2014-05-09 12:30 - 2014-05-09 12:30 - 00000000 ____D () C:\Users\Home\Documents\My Cheat Tables

==================== One Month Modified Files and Folders =======

2014-06-01 14:21 - 2014-06-01 14:20 - 00024232 _____ () C:\Users\Home\Desktop\Addition.txt
2014-06-01 14:21 - 2014-06-01 14:19 - 00010153 _____ () C:\Users\Home\Desktop\FRST.txt
2014-06-01 14:21 - 2014-06-01 14:19 - 00000000 ____D () C:\FRST
2014-06-01 14:21 - 2014-02-08 18:34 - 00000000 ____D () C:\Users\Home\AppData\Local\Temp
2014-06-01 14:17 - 2014-06-01 14:15 - 02067456 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2014-06-01 14:06 - 2013-06-29 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 14:04 - 2014-04-18 09:09 - 00647084 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 14:03 - 2013-07-14 13:46 - 00003072 ____H () C:\Users\Home\Desktop\photothumb.db
2014-06-01 14:02 - 2014-03-27 21:00 - 00000000 ____D () C:\Users\Home\Desktop\Skice
2014-06-01 14:02 - 2013-12-20 17:13 - 00000000 ____D () C:\Users\Home\Desktop\Ikone
2014-06-01 14:01 - 2013-09-30 09:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 14:01 - 2013-09-30 09:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 14:00 - 2014-06-01 14:00 - 00000056 _____ () C:\Windows\setupact.log
2014-06-01 14:00 - 2014-06-01 14:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 14:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 13:19 - 2013-07-30 19:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Disk Cleaner
2014-06-01 13:09 - 2013-12-16 16:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft
2014-06-01 10:22 - 2013-04-02 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-01 10:20 - 2014-05-29 17:04 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-01 10:17 - 2014-06-01 10:17 - 00000000 ____D () C:\Users\Home\AppData\Local\LogMeIn
2014-06-01 10:17 - 2014-06-01 10:17 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-05-31 21:03 - 2009-07-14 07:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-05-26 09:02 - 2013-04-02 19:09 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
2014-05-25 21:27 - 2013-04-01 15:11 - 00000000 ___RD () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 21:14 - 2014-05-25 19:43 - 00000000 ____D () C:\Program Files (x86)\Ultra Video Splitter
2014-05-25 21:10 - 2014-05-25 21:04 - 00000000 ____D () C:\OutputFolder
2014-05-25 19:43 - 2014-05-25 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter
2014-05-23 20:13 - 2014-02-14 11:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-23 20:13 - 2013-04-02 19:09 - 00000000 ____D () C:\ProgramData\Skype
2014-05-22 20:00 - 2009-07-14 07:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-21 19:04 - 2013-04-02 19:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Winamp
2014-05-21 15:27 - 2014-05-21 15:27 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-21 15:27 - 2014-05-21 15:27 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-21 15:27 - 2014-05-21 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 15:27 - 2014-02-15 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 21:14 - 2014-05-17 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-17 21:14 - 2013-06-26 16:03 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
2014-05-17 21:13 - 2013-07-01 21:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-14 19:08 - 2013-06-29 13:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:08 - 2013-04-01 17:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:08 - 2013-04-01 17:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 10:42 - 2014-05-14 10:30 - 00000000 ____D () C:\ProgramData\Nero
2014-05-14 10:39 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\TuneUp Software
2014-05-14 10:34 - 2014-05-14 10:33 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-14 10:34 - 2013-04-02 18:26 - 00000000 ____D () C:\Users\Home\AppData\Roaming\TuneUp Software
2014-05-14 10:32 - 2014-05-14 10:31 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nero
2014-05-14 10:32 - 2013-09-25 10:09 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-14 10:31 - 2014-05-14 10:31 - 00000000 ____D () C:\Users\Home\AppData\Roaming\OpenCandy
2014-05-09 12:30 - 2014-05-09 12:30 - 00000000 ____D () C:\Users\Home\Documents\My Cheat Tables
2014-05-08 19:56 - 2013-09-30 09:25 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 19:56 - 2013-09-30 09:25 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 18:40 - 2009-07-14 06:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 18:40 - 2009-07-14 06:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 18:39 - 2014-02-22 12:35 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-06 18:25 - 2014-02-14 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-05-06 18:13 - 2014-03-17 20:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Unity
2014-05-06 18:06 - 2014-02-17 15:27 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-15 16:58

==================== End Of Log ============================

Dopuna: 01 Jun 2014 14:28

И још нешто, могу ли да обришем ово, не могу баш да се сетим како су доспели довде и одакле ми:


Dopuna: 01 Jun 2014 14:39

И ако је потребно да сликам све програме које имам и да деинсталирам неки који је штетан или тако нешто, ево слика за сваки случај:

• 1Ovo se svidja korisniku: Marko Ivanović 2
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav,



Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Gmer1:
https://www.mycity.rs/must-login.png
Gmer2:
https://www.mycity.rs/must-login.png
Gmer3:
https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: bobo 75
  
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i kopiraj sljedeći tekst:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Home\AppData\Roaming\OpenCandy"
"C:\Users\Home\AppData\Local\TuneUp Software"
"C:\Users\Home\AppData\Roaming\TuneUp Software"
"C:\ProgramData\TuneUp Software"
"C:\FRST"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Skripta izvrsena!

pause
del %0

Snimi ga na Desktop (iz notepad-a klik na File > Save As) pod imenom fix.bat
Obrati pažnju na ekstenziju .bat i to da pod "Save as Type:" prebacis na AllFiles


Pokreni fix.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u.
Ako se u Notepad-u ne pojavi nikakav tekst, reci mi koja ti se poruka prikazala u crnom prozoru.








Potom rucno obrisi koriscene alate (FRST.exe i GMER.exe).


To bi tada bilo to, ovde aktivnog malware nema. Isto tako nema nista za deinstalaciju (da ima ja bih to video iz set logova).
Fajlovi su cini mi se dosli iz neku tvoju igricu (GTA SA?), no ja ne vidim nikakvu malicioznu vezu sa njima tako da ako ti na oko smetaju, mozes ih sakriti (postaviti kao hidden).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

C:\ProgramData\TuneUp Software
То ми је писало.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, samo proveri da li je taj folder i dalje tu, ako jeste obrisi ga. Predji na uklanjanje alata...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Обрисао сам га, и алате такође сам обрисао мислим.