Error greške

Error greške

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Pozdrav,
kompjuter mi već duže vreme izbacuje reklame,kao i razne ponude za instaliranje programa. Pošto i usporeno radi,sumnjam da sam pokupio neke viruse. Skenirao sam sistem sa Avirom koja ništa ne detektuje. Molio bih za pomoć.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by Korisnik (administrator) on WINCTRL-76M9MKU (11-09-2017 22:01:54)
Running from C:\Users\Korisnik\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\uTorrent.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\Korisnik\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\ByteFence\rsLggr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-29] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\...\Run: [uTorrent] => C:\Users\Korisnik\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\...\MountPoints2: {e4454438-a0ff-11e6-a6f5-74d4353a995d} - H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk [2017-01-31]
ShortcutTarget: MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2074145577-3370247828-3654133457-1000] => hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.102.231.242 91.102.231.241
Tcpip\Parameters: [NameServer] 82.163.143.136 82.163.142.138
Tcpip\..\Interfaces\{9920464A-E32F-43C5-80F0-12FC9890A6B5}: [NameServer] 82.163.143.136 82.163.142.138
Tcpip\..\Interfaces\{9920464A-E32F-43C5-80F0-12FC9890A6B5}: [DhcpNameServer] 91.102.231.242 91.102.231.241
ManualProxies: 0hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917

Internet Explorer:
==================
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D013117-A550D1D9DEB&form=CONMHP&conlogo=CT3334507
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2074145577-3370247828-3654133457-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-05] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\fit9m9mx.default-1485975691664 [2017-09-11]
FF Homepage: Mozilla\Firefox\Profiles\fit9m9mx.default-1485975691664 -> hxxps://www.google.rs/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2009-03-20] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\33805822.js [2017-03-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\33805822.cfg [2017-03-23] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig?hl=sr
CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (Google Docs) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-09]
CHR Extension: (Google Drive) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-09]
CHR Extension: (Lord of the Rings) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlpffkkkndaegmljeiheebaedgdiab [2016-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-08-15] (Avira Operations GmbH & Co. KG)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-02] (BlueStack Systems, Inc.)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
S3 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-12-27] ()
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8594800 2017-08-15] (Reimage®)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-08-22] ()
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-21] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
R3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-15] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194912 2017-08-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-15] (Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R2 DokanMb; C:\Windows\System32\DRIVERS\dokanMb.sys [65616 2015-07-28] (MegaBackup Corp)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-02] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-02] (Disc Soft Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 22:01 - 2017-09-11 22:02 - 000014440 _____ C:\Users\Korisnik\Desktop\FRST.txt
2017-09-11 22:01 - 2017-09-11 22:01 - 000000000 ____D C:\FRST
2017-09-11 22:00 - 2017-09-11 22:01 - 002397184 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe
2017-09-11 21:45 - 2017-09-11 21:46 - 000000000 ____D C:\rei
2017-09-11 21:45 - 2017-09-11 21:45 - 000004294 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-09-11 21:45 - 2017-09-11 21:45 - 000001939 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\Program Files\Reimage
2017-09-11 21:44 - 2017-09-11 21:46 - 000000150 _____ C:\Windows\Reimage.ini
2017-09-11 21:44 - 2017-09-11 21:44 - 000604928 _____ (Reimage) C:\Users\Korisnik\Downloads\ReimageRepair.exe
2017-09-11 21:29 - 2017-09-11 21:39 - 000000717 _____ C:\Users\Public\Desktop\Sonic and All Stars Racing Transformed.lnk
2017-09-11 21:29 - 2017-09-11 21:39 - 000000717 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic and All Stars Racing Transformed.lnk
2017-09-11 15:39 - 2017-09-11 19:55 - 531159603 _____ C:\Users\Korisnik\Downloads\CStrike-16-CLASSIC.exe.part
2017-09-11 00:39 - 2017-09-11 00:39 - 000001303 _____ C:\Users\Korisnik\Desktop\Play Counter Strike Source v34.lnk
2017-09-11 00:08 - 2017-09-11 00:17 - 053541942 _____ C:\Users\Korisnik\Downloads\CSS-v-34.exe
2017-09-10 23:11 - 2017-09-10 23:22 - 053542794 _____ C:\Users\Korisnik\Downloads\CS-GO.exe
2017-09-09 14:52 - 2017-09-09 14:52 - 000000355 _____ C:\Users\Korisnik\Desktop\Computer - Shortcut.lnk
2017-09-09 14:38 - 2017-09-09 14:38 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-09-09 14:36 - 2017-09-09 14:38 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-09 14:36 - 2017-09-09 14:36 - 001213834 _____ (GameFabrique ) C:\Users\Korisnik\Downloads\teenage_mutant_ninja_turtles_2_battle_nexus [1].exe
2017-09-09 14:36 - 2017-09-09 14:36 - 000004124 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504960610
2017-09-09 14:36 - 2017-09-09 14:36 - 000001307 _____ C:\Users\Korisnik\Desktop\Opera Browser.lnk
2017-09-09 14:36 - 2017-09-09 14:36 - 000001307 _____ C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-09-09 14:36 - 2017-09-09 14:36 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Opera Software
2017-09-09 14:36 - 2017-09-09 14:36 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Opera Software
2017-09-09 14:36 - 2017-09-09 14:36 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-08 13:45 - 2017-09-08 13:45 - 000003052 _____ C:\Windows\System32\Tasks\{6C5E85E6-EE0B-441C-9528-949212B72373}
2017-09-08 13:38 - 2017-09-09 14:20 - 000002085 _____ C:\debugInstaller.txt
2017-09-05 13:30 - 2017-09-05 13:30 - 000000000 ____D C:\Users\Korisnik\AppData\Local\AMD
2017-09-04 18:30 - 2017-09-04 18:30 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 ____D C:\Program Files (x86)\AMD
2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-04 18:29 - 2017-06-15 21:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2017-09-04 18:29 - 2017-06-15 21:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-09-04 18:29 - 2017-06-15 21:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-09-04 18:29 - 2017-06-15 21:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-09-04 18:26 - 2017-09-04 18:30 - 000000000 ____D C:\Program Files\AMD
2017-09-04 18:25 - 2017-09-04 18:27 - 000000000 ____D C:\AMD
2017-09-04 18:25 - 2017-09-04 18:25 - 051962216 _____ (AMD Inc.) C:\Users\Korisnik\Downloads\radeon-crimson-relive-17.8.2-minimalsetup-170824_web.exe
2017-09-04 18:22 - 2017-09-04 18:22 - 000000000 ____D C:\Users\Korisnik\Documents\FIFA 17 Demo
2017-09-04 15:29 - 2017-09-04 15:29 - 000000785 _____ C:\Users\Public\Desktop\FIFA 17 DEMO.lnk
2017-09-04 15:29 - 2017-09-04 15:29 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-09-04 15:29 - 2017-09-04 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17 DEMO
2017-09-02 14:59 - 2017-09-02 15:00 - 000000000 ____D C:\Users\Korisnik\Documents\FIFA 15
2017-09-02 14:59 - 2017-09-02 14:59 - 000000000 ____D C:\Users\Korisnik\Documents\FIFA 16 Demo
2017-09-02 14:58 - 2017-09-02 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16 Demo
2017-09-02 14:44 - 2017-09-02 14:44 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-09-02 14:17 - 2017-09-02 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2017-09-02 14:06 - 2017-09-02 14:44 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-09-02 14:03 - 2017-09-06 16:57 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Origin
2017-09-02 14:01 - 2017-09-02 14:01 - 000000997 _____ C:\Users\Public\Desktop\Origin.lnk
2017-09-02 14:01 - 2017-09-02 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-09-02 14:01 - 2017-09-02 14:01 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 14:00 - 2017-09-06 11:25 - 000000000 ____D C:\ProgramData\Origin
2017-09-02 14:00 - 2017-09-02 14:00 - 000000000 ____D C:\Users\Korisnik\.QtWebEngineProcess
2017-09-02 14:00 - 2017-09-02 14:00 - 000000000 ____D C:\Users\Korisnik\.Origin
2017-09-02 13:59 - 2017-09-02 14:06 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Origin
2017-09-02 13:57 - 2017-09-02 13:57 - 062393584 _____ (Electronic Arts) C:\Users\Korisnik\Downloads\OriginThinSetup.exe
2017-08-27 15:07 - 2017-09-07 11:28 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-08-27 15:05 - 2017-08-27 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-08-27 15:03 - 2017-08-27 15:03 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-08-24 17:23 - 2017-08-29 22:08 - 000000000 ____D C:\ProgramData\{57ae43aa-012c-1}
2017-08-24 17:23 - 2017-08-29 18:38 - 000000000 ____D C:\ProgramData\{009933a6-212c-0}
2017-08-18 14:10 - 2017-08-18 14:15 - 053571983 _____ C:\Users\Korisnik\Downloads\PES2017.exe
2017-08-17 14:48 - 2017-08-17 14:48 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-08-17 14:45 - 2017-09-11 18:48 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-08-17 14:45 - 2017-08-24 17:24 - 000000000 ____D C:\ProgramData\d0a88196-40e1-1
2017-08-17 14:45 - 2017-08-24 17:24 - 000000000 ____D C:\ProgramData\d0a88196-21a7-0
2017-08-17 14:45 - 2017-08-17 18:18 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-08-17 14:45 - 2017-08-17 14:45 - 000003574 _____ C:\Windows\System32\Tasks\FastDataX Task
2017-08-17 14:45 - 2017-08-17 14:45 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-08-17 14:45 - 2017-08-17 14:45 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microleaves
2017-08-17 14:45 - 2017-08-17 14:45 - 000000000 ____D C:\Users\Korisnik\AppData\Local\AdvinstAnalytics
2017-08-17 14:45 - 2017-08-17 14:45 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-08-17 13:51 - 2016-10-28 15:42 - 000000000 ____D C:\Users\Korisnik\Downloads\Data
2017-08-17 13:51 - 2016-10-28 15:30 - 000000000 ____D C:\Users\Korisnik\Downloads\download
2017-08-17 13:51 - 2016-10-28 14:28 - 000025600 _____ C:\Users\Korisnik\Downloads\steam_api.dll
2017-08-17 13:51 - 2016-10-28 14:26 - 000000090 _____ C:\Users\Korisnik\Downloads\NST.ini
2017-08-17 13:51 - 2016-10-20 16:11 - 000005632 _____ C:\Users\Korisnik\Downloads\steamclient.dll
2017-08-17 13:51 - 2016-10-20 09:40 - 001004464 _____ (Konami Digital Entertainment Co., Ltd.) C:\Users\Korisnik\Downloads\Settings.exe
2017-08-17 13:51 - 2016-10-20 09:40 - 000896432 _____ C:\Users\Korisnik\Downloads\Settings_b.dll
2017-08-17 13:51 - 2016-10-20 09:40 - 000654416 _____ C:\Users\Korisnik\Downloads\sdkencryptedappticket.dll
2017-08-17 13:51 - 2016-10-20 09:40 - 000013744 _____ C:\Users\Korisnik\Downloads\vaname.exe
2017-08-17 12:28 - 2017-08-17 12:46 - 215804735 _____ C:\Users\Korisnik\Downloads\PES-2017_patch.exe
2017-08-17 09:18 - 2017-08-17 09:23 - 053571769 _____ C:\Users\Korisnik\Downloads\PES2017(3).exe
2017-08-17 00:48 - 2017-08-17 00:52 - 053571769 _____ C:\Users\Korisnik\Downloads\PES2017(2).exe
2017-08-17 00:42 - 2017-09-10 23:44 - 000000822 _____ C:\Users\Korisnik\Desktop\visit nosteam.ro.lnk
2017-08-16 23:41 - 2017-08-16 23:41 - 000003240 _____ C:\Windows\System32\Tasks\{D4D3EF4D-7CBB-4F82-B140-5C7D8A9FCB42}
2017-08-16 23:25 - 2017-08-16 23:25 - 000270503 _____ C:\Users\Korisnik\Downloads\PES2017(1).exe
2017-08-15 08:28 - 2017-09-11 11:25 - 000000000 ____D C:\Users\Korisnik\AppData\LocalLow\uTorrent
2017-08-13 11:29 - 2017-08-13 11:33 - 054783526 _____ C:\Users\Korisnik\Downloads\Sniper_GW2.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 22:00 - 2016-10-09 16:10 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\uTorrent
2017-09-11 21:25 - 2009-07-14 06:45 - 000023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-11 21:25 - 2009-07-14 06:45 - 000023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 12:17 - 2017-05-13 13:51 - 000000000 ____D C:\Program Files\ByteFence
2017-09-11 11:24 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 19:35 - 2017-08-07 13:26 - 000000000 ____D C:\Users\Korisnik\Desktop\GAMES
2017-09-09 19:34 - 2017-08-05 15:14 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-09 14:48 - 2016-10-05 12:36 - 000000000 ____D C:\Users\Korisnik\AppData\Local\VirtualStore
2017-09-08 13:53 - 2016-12-26 12:16 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Ubisoft Game Launcher
2017-09-05 17:33 - 2016-10-05 14:24 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-05 17:33 - 2016-10-05 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-05 00:43 - 2016-10-07 18:28 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-02 14:58 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-02 14:00 - 2016-10-05 12:35 - 000000000 ____D C:\Users\Korisnik
2017-08-29 22:56 - 2016-10-05 14:26 - 000194912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-08-29 22:56 - 2016-10-05 14:26 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-08-28 23:23 - 2017-02-01 20:58 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 00:42 - 2016-10-05 14:14 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Skype
2017-08-27 14:42 - 2016-10-09 15:56 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-08-27 14:28 - 2017-02-01 21:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 14:28 - 2016-10-05 14:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-18 11:52 - 2017-01-27 14:16 - 000000000 ____D C:\Games
2017-08-17 11:35 - 2016-11-18 19:26 - 000000000 ____D C:\Users\Korisnik\AppData\LocalLow\Mozilla
2017-08-16 07:39 - 2009-07-14 07:08 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-13 21:16 - 2016-10-27 20:37 - 000000000 ____D C:\Users\Korisnik\AppData\Local\SKIDROW

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 12:22

==================== End of FRST.txt ============================
mycity.rs/must-login.png

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 515

Pozdrav,
molim te da ukloniš sledeće programe preko Control Panela.

ByteFence
Reimage Repair
MegaBackup


Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CreateRestorePoint:
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files\Reimage
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
() C:\Program Files\ByteFence\rsLggr.exe
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\...\MountPoints2: {e4454438-a0ff-11e6-a6f5-74d4353a995d} - H:\setup.exe
H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk [2017-01-31]
ShortcutTarget: MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2074145577-3370247828-3654133457-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\33805822.js [2017-03-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\33805822.cfg [2017-03-23] <==== ATTENTION
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-08-22] ()
C:\Program Files\ByteFence
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8594800 2017-08-15] (Reimage®)
C:\Program Files\MegaBackup Corp
R2 DokanMb; C:\Windows\System32\DRIVERS\dokanMb.sys [65616 2015-07-28] (MegaBackup Corp)
C:\Windows\System32\DRIVERS\dokanMb.sys
2017-09-11 21:45 - 2017-09-11 21:45 - 000004294 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-09-11 21:45 - 2017-09-11 21:45 - 000001939 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-09-11 21:44 - 2017-09-11 21:46 - 000000150 _____ C:\Windows\Reimage.ini
2017-09-11 21:44 - 2017-09-11 21:44 - 000604928 _____ (Reimage) C:\Users\Korisnik\Downloads\ReimageRepair.exe
2017-08-17 14:48 - 2017-08-17 14:48 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-08-17 14:45 - 2017-09-11 18:48 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-08-17 14:45 - 2017-08-17 14:45 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-08-17 14:45 - 2017-08-17 14:45 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microleaves
2017-08-17 14:45 - 2017-08-17 18:18 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-08-17 14:45 - 2017-08-17 14:45 - 000003574 _____ C:\Windows\System32\Tasks\FastDataX Task Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0.IconShell32] -> {94763686-13FB-47B5-A193-A9CD37391BAC} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\OverlayIconShell64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers1: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers5: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers6: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {02E18AD9-5AE7-4F8A-A5F9-4A239497584B} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {15A3A790-D1AC-466F-8DD6-B843AAF3910D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2501767F-3E8D-4F11-97CA-2145535FF192} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {4937EE16-B6EC-475A-8464-B09B01B1C816} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {846E9C2F-2AE4-448C-9EC3-6E1F4F500728} - System32\Tasks\MegaBackupSystemIsIdleChecker => C:\Windows\System32\rundll32.exe "C:\Program Files\MegaBackup Corp\MegaBackup\Current\InstallUtil.dll" ComputerIsIdle
Task: {D2633AFD-935D-444F-A7F0-774B7506388C} - System32\Tasks\MegaBackupUpdater => C:\Program Files\MegaBackup Corp\MegaBackup\Current\Installer.exe [2015-10-09] (MegaBackup Corp)
Task: {8AF48E46-43A6-4836-849D-E27453A8008E} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {AE5ADE85-9053-4068-B430-698F2D74E11B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-08-15] (Reimage®) <==== ATTENTION
Task: {B7617A5A-1EEE-4C64-8AE4-C24C9582A21A} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {BFB804B3-67B6-4CF4-9E6D-DDA5E828FE0D} - System32\Tasks\TweakBit\FixMyPC\Time for deal => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe <==== ATTENTION
Task: {E2423210-17BC-44AB-8C9D-22F2B658DE3A} - System32\Tasks\TweakBit\FixMyPC\Start FixMyPC оn logon => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {DD5C0582-8178-48AE-B47D-2E71FF5BBFE4} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
C:\Program Files (x86)\TweakBit
C:\Program Files (x86)\Microleaves
AutoConfigURL: [S-1-5-21-2074145577-3370247828-3654133457-1000] => hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917
ManualProxies: 0hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917
Shortcut: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Korisnik\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat (No File)
ShortcutWithArgument: C:\Users\Korisnik\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
C:\Users\Korisnik\Desktop\visit www.nosteam.ro.lnk
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi Unicode.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Uradio
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017
Ran by Korisnik (12-09-2017 23:12:40) Run:1
Running from C:\Users\Korisnik\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files\Reimage
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
() C:\Program Files\ByteFence\rsLggr.exe
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\...\MountPoints2: {e4454438-a0ff-11e6-a6f5-74d4353a995d} - H:\setup.exe
H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk [2017-01-31]
ShortcutTarget: MegaBackup.lnk -> C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe (MegaBackup Corp)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2074145577-3370247828-3654133457-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\33805822.js [2017-03-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\33805822.cfg [2017-03-23] <==== ATTENTION
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-08-22] ()
C:\Program Files\ByteFence
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8594800 2017-08-15] (Reimage®)
C:\Program Files\MegaBackup Corp
R2 DokanMb; C:\Windows\System32\DRIVERS\dokanMb.sys [65616 2015-07-28] (MegaBackup Corp)
C:\Windows\System32\DRIVERS\dokanMb.sys
2017-09-11 21:45 - 2017-09-11 21:45 - 000004294 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-09-11 21:45 - 2017-09-11 21:45 - 000001939 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-09-11 21:45 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-09-11 21:44 - 2017-09-11 21:46 - 000000150 _____ C:\Windows\Reimage.ini
2017-09-11 21:44 - 2017-09-11 21:44 - 000604928 _____ (Reimage) C:\Users\Korisnik\Downloads\ReimageRepair.exe
2017-08-17 14:48 - 2017-08-17 14:48 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-08-17 14:45 - 2017-09-11 21:58 - 000000342 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-08-17 14:45 - 2017-09-11 18:48 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-08-17 14:45 - 2017-08-17 14:45 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-08-17 14:45 - 2017-08-17 14:45 - 000003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-08-17 14:45 - 2017-08-17 14:45 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microleaves
2017-08-17 14:45 - 2017-08-17 18:18 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-08-17 14:45 - 2017-08-17 14:45 - 000003574 _____ C:\Windows\System32\Tasks\FastDataX Task Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [0.IconShell32] -> {94763686-13FB-47B5-A193-A9CD37391BAC} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\OverlayIconShell64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers1: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers5: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers6: [MegaBackupAppShell32 Class] -> {8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => C:\Program Files\MegaBackup Corp\MegaBackup\Current\ShellCtx64.dll [2015-10-22] (MegaBackup Corp)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {02E18AD9-5AE7-4F8A-A5F9-4A239497584B} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {15A3A790-D1AC-466F-8DD6-B843AAF3910D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2501767F-3E8D-4F11-97CA-2145535FF192} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {4937EE16-B6EC-475A-8464-B09B01B1C816} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {846E9C2F-2AE4-448C-9EC3-6E1F4F500728} - System32\Tasks\MegaBackupSystemIsIdleChecker => C:\Windows\System32\rundll32.exe "C:\Program Files\MegaBackup Corp\MegaBackup\Current\InstallUtil.dll" ComputerIsIdle
Task: {D2633AFD-935D-444F-A7F0-774B7506388C} - System32\Tasks\MegaBackupUpdater => C:\Program Files\MegaBackup Corp\MegaBackup\Current\Installer.exe [2015-10-09] (MegaBackup Corp)
Task: {8AF48E46-43A6-4836-849D-E27453A8008E} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {AE5ADE85-9053-4068-B430-698F2D74E11B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-08-15] (Reimage®) <==== ATTENTION
Task: {B7617A5A-1EEE-4C64-8AE4-C24C9582A21A} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {BFB804B3-67B6-4CF4-9E6D-DDA5E828FE0D} - System32\Tasks\TweakBit\FixMyPC\Time for deal => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe <==== ATTENTION
Task: {E2423210-17BC-44AB-8C9D-22F2B658DE3A} - System32\Tasks\TweakBit\FixMyPC\Start FixMyPC оn logon => C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {DD5C0582-8178-48AE-B47D-2E71FF5BBFE4} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
C:\Program Files (x86)\TweakBit
C:\Program Files (x86)\Microleaves
AutoConfigURL: [S-1-5-21-2074145577-3370247828-3654133457-1000] => hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917
ManualProxies: 0hxxp://noblok.org/wpad.dat?09f571407848f1dcd5f90247abb3b3f626716917
Shortcut: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Korisnik\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat (No File)
ShortcutWithArgument: C:\Users\Korisnik\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlCBKjchx0cXu%2FWvKgfTY2WZrLYXt9uUKVGEc3lzH72d7yDhid%2BHxuIVWmQPZfzqA%3D%3D
C:\Users\Korisnik\Desktop\visit nosteam.ro.lnk
EmptyTemp:
*****************

Restore point was successfully created.
C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe => No running process found
C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe => No running process found
"C:\Program Files\Reimage" => not found.
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe => No running process found
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe => No running process found
C:\Program Files\ByteFence\rsLggr.exe => No running process found
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4454438-a0ff-11e6-a6f5-74d4353a995d} => key removed successfully
HKLM\Software\Classes\CLSID\{e4454438-a0ff-11e6-a6f5-74d4353a995d} => key not found.
"H:\setup.exe" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MegaBackup.lnk => not found.
C:\Program Files\MegaBackup Corp\MegaBackup\Current\App.exe => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\33805822.js => moved successfully
C:\Program Files (x86)\mozilla firefox\33805822.cfg => moved successfully
C:\Program Files\ByteFence\ByteFence.exe => No running process found
ByteFenceService => service not found.
rtop => service not found.
"C:\Program Files\ByteFence" => not found.
DokanMbMounter => service not found.
ReimageRealTimeProtector => service not found.
"C:\Program Files\MegaBackup Corp" => not found.
DokanMb => service not found.
"C:\Windows\System32\DRIVERS\dokanMb.sys" => not found.
"C:\Windows\System32\Tasks\ReimageUpdater" => not found.
"C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" => not found.
"C:\ProgramData\Reimage Protector" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => not found.
C:\Windows\Reimage.ini => moved successfully
C:\Users\Korisnik\Downloads\ReimageRepair.exe => moved successfully
C:\ProgramData\Microleaves => moved successfully
C:\Windows\Tasks\Online Application V2G3.job => moved successfully
C:\Windows\Tasks\Online Application V2G2.job => moved successfully
C:\Windows\Tasks\Online Application V2G1.job => moved successfully
C:\Windows\Tasks\Updater_Online_Application.job => moved successfully
C:\Windows\System32\Tasks\Updater_Online_Application => moved successfully
C:\Windows\System32\Tasks\Online Application V2G3 => moved successfully
C:\Windows\System32\Tasks\Online Application V2G2 => moved successfully
C:\Windows\System32\Tasks\Online Application V2G1 => moved successfully
C:\Users\Korisnik\AppData\Roaming\Microleaves => moved successfully
C:\Program Files (x86)\FastDataX => moved successfully
"C:\Windows\System32\Tasks\FastDataX Task Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0.IconShell32 => key not found.
HKLM\Software\Classes\CLSID\{94763686-13FB-47B5-A193-A9CD37391BAC} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MegaBackupAppShell32 Class => key not found.
HKLM\Software\Classes\CLSID\{8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MegaBackupAppShell32 Class => key not found.
HKLM\Software\Classes\CLSID\{8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\MegaBackupAppShell32 Class => key not found.
HKLM\Software\Classes\CLSID\{8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MegaBackupAppShell32 Class => key not found.
HKLM\Software\Classes\CLSID\{8706D3C1-8CF7-48C3-95DB-9E13ECB8BC12} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => key not found.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02E18AD9-5AE7-4F8A-A5F9-4A239497584B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02E18AD9-5AE7-4F8A-A5F9-4A239497584B} => key removed successfully
C:\Windows\System32\Tasks\Online Application V2G2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15A3A790-D1AC-466F-8DD6-B843AAF3910D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15A3A790-D1AC-466F-8DD6-B843AAF3910D} => key removed successfully
C:\Windows\System32\Tasks\Online Application V2G3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2501767F-3E8D-4F11-97CA-2145535FF192} => key not found.
C:\Windows\System32\Tasks\ByteFence => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4937EE16-B6EC-475A-8464-B09B01B1C816} => key not found.
C:\Windows\System32\Tasks\ByteFence Scan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846E9C2F-2AE4-448C-9EC3-6E1F4F500728} => key not found.
C:\Windows\System32\Tasks\MegaBackupSystemIsIdleChecker => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MegaBackupSystemIsIdleChecker => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2633AFD-935D-444F-A7F0-774B7506388C} => key not found.
C:\Windows\System32\Tasks\MegaBackupUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MegaBackupUpdater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF48E46-43A6-4836-849D-E27453A8008E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF48E46-43A6-4836-849D-E27453A8008E} => key removed successfully
C:\Windows\System32\Tasks\Online Application V2G1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE5ADE85-9053-4068-B430-698F2D74E11B} => key not found.
C:\Windows\System32\Tasks\ReimageUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7617A5A-1EEE-4C64-8AE4-C24C9582A21A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7617A5A-1EEE-4C64-8AE4-C24C9582A21A} => key removed successfully
C:\Windows\System32\Tasks\Updater_Online_Application => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFB804B3-67B6-4CF4-9E6D-DDA5E828FE0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB804B3-67B6-4CF4-9E6D-DDA5E828FE0D} => key removed successfully
C:\Windows\System32\Tasks\TweakBit\FixMyPC\Time for deal => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\FixMyPC\Time for deal => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2423210-17BC-44AB-8C9D-22F2B658DE3A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2423210-17BC-44AB-8C9D-22F2B658DE3A} => key removed successfully
C:\Windows\System32\Tasks\TweakBit\FixMyPC\Start FixMyPC оn logon => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\FixMyPC\Start FixMyPC оn logon => key removed successfully
C:\Windows\Tasks\Online Application V2G1.job => not found.
C:\Windows\Tasks\Online Application V2G2.job => not found.
C:\Windows\Tasks\Online Application V2G3.job => not found.
C:\Windows\Tasks\Updater_Online_Application.job => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD5C0582-8178-48AE-B47D-2E71FF5BBFE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD5C0582-8178-48AE-B47D-2E71FF5BBFE4} => key removed successfully
C:\Windows\System32\Tasks\FastDataX Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task => key removed successfully
"C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE" => not found.
"C:\Program Files (x86)\TweakBit" => not found.
C:\Program Files (x86)\Microleaves => moved successfully
HKU\S-1-5-21-2074145577-3370247828-3654133457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk => moved successfully
C:\Users\Korisnik\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Korisnik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Korisnik\Desktop\visit nosteam.ro.lnk => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 86295781 B
Java, Flash, Steam htmlcache => 172835769 B
Windows/system/drivers => 97377966 B
Edge => 0 B
Chrome => 554487895 B
Firefox => 430797626 B
Opera => 23291307 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100554 B
systemprofile32 => 160570 B
LocalService => 0 B
NetworkService => 2552 B
Korisnik => 1533211865 B

RecycleBin => 12346780 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:15:00 ====

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 515

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Zatim:

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"


Nakon toga javi kakvo je stanje.

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Napisano: 13 Sep 2017 17:07

mycity.rs/must-login.png
Inače je u izveštaju stajalo više stavki sa današnjim datumima i na svima piše" Website blocked"

Dopuna: 13 Sep 2017 17:28

mycity.rs/must-login.png

Dopuna: 13 Sep 2017 22:48

Zaboravio sam da napišem da mistalno ovo izbacuje na desktop

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 515

Website Blocked se javlja zato što koristiš Premium verziju MBAM-a. Pažljivo promotri moje upute, pa ćeš vidjeti kako to isključiti.
Što se greške tiče, isključi Adobe Speed Launch sa startup liste preko msconfiga.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Da,prevideo sam to u uputstvu...isključiću. U startup listi nemam Adobe Speed Launch

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 515

Instaliraj novu verziju Adobe Readera.

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Ok,hvala,uradiću to.

Ko je trenutno na forumu
 

Ukupno su 533 korisnika na forumu :: 37 registrovanih, 7 sakrivenih i 489 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aljosa7, annon, aramis s, Bahuss, bulovic, damirZR, Dimitrise93, doklevise, Dorcolac2, dr.mijatovic, DucicM, francis begbie, goxin, Ilija Cvorovic, jaeger, Jezekijel, kuzmar, lakiluciano, Lancerux, messerschmitt, Milos822, Mirage 2000N, mladen.zovko, MrNo, nenad812, Panter, Radovan Vinčić, ray ban11, Ričard, rulic zoran, S-lash, Srki94, StefanNBG90, vathra, Vazduhoplovac, Vojkan Petrovic, W123