Zaraza? rspark.com

Zaraza? rspark.com

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Napisano: 15 Avg 2017 21:08

Dobro veče,

Pojavljuje mi se ovaj browser (https://search.rspark.com/?hyt), a prilično sam siguran da ga nisam instalirao....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by Darija - Marija (administrator) on DESKTOP-7QKE611 (15-08-2017 21:01:59)
Running from C:\Users\Darija - Marija\Desktop
Loaded Profiles: Darija - Marija (Available Profiles: Darija - Marija & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(MegaBackup Corp) C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.8326.2073\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-10-30] (Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2617608 2015-05-25] (FSPro Labs)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-18] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3827435117-1390399911-1139452206-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{54f08b9f-8d67-444c-a9e8-ea1e6311c805}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b527457b-a96d-4b5b-a30c-27fe04f601e9}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3827435117-1390399911-1139452206-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10192__161031__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-08-13] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-13] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fhvbjj9z.default-1502807209099
FF ProfilePath: C:\Users\Darija - Marija\AppData\Roaming\Mozilla\Firefox\Profiles\fhvbjj9z.default-1502807209099 [2017-08-15]
FF Extension: (HD Youtube Downloader) - C:\Users\Darija - Marija\AppData\Roaming\Mozilla\Firefox\Profiles\fhvbjj9z.default-1502807209099\Extensions\hd-youtube-downloader-toolbarteam101@gmail.com.xpi [2017-08-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-06] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-13] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-06] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-08-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-18] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-18] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-08] (AVAST Software)
R2 DokanMb; C:\WINDOWS\System32\DRIVERS\dokanMb.sys [57472 2015-07-28] (MegaBackup Corp)
R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-10-31] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2017-08-15] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [128728 2017-08-15] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-08-14] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 21:01 - 2017-08-15 21:02 - 000011663 _____ C:\Users\Darija - Marija\Desktop\FRST.txt
2017-08-15 21:01 - 2017-08-15 21:01 - 002395648 _____ (Farbar) C:\Users\Darija - Marija\Desktop\FRST64.exe
2017-08-15 21:01 - 2017-08-15 21:01 - 000000000 ____D C:\FRST
2017-08-15 20:45 - 2017-08-15 20:45 - 009791816 _____ (Piriform Ltd) C:\Users\Darija - Marija\Downloads\ccsetup533.exe
2017-08-15 16:09 - 2017-08-15 16:16 - 000000000 ____D C:\AdwCleaner
2017-08-15 14:01 - 2017-08-15 14:01 - 000128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-15 14:01 - 2017-08-15 14:01 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-15 14:00 - 2017-08-15 14:00 - 000092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-15 14:00 - 2017-08-15 14:00 - 000000000 ____D C:\Users\Darija - Marija\Desktop\mbar
2017-08-13 22:32 - 2017-08-13 22:32 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-13 22:30 - 2017-08-13 22:30 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-08-13 22:24 - 2017-08-13 22:24 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-08-13 22:24 - 2017-08-13 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-08-13 22:21 - 2017-08-13 22:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-13 22:08 - 2017-08-13 22:08 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Brčeli - 0602-2017-3350
2017-08-13 21:59 - 2017-08-13 21:59 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Plan rada za 2017. godinu
2017-08-13 21:50 - 2017-08-14 17:23 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-13 21:50 - 2017-08-13 21:50 - 000000000 ____D C:\Users\Darija - Marija\AppData\Local\Microsoft Help
2017-08-13 21:48 - 2017-08-13 22:19 - 000351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-11 21:54 - 2017-08-12 00:08 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Vodovod Bar - inicijativa UZZKD 09.08.2017 - 0602-2017-9218
2017-08-11 21:21 - 2017-08-13 00:58 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Sa USB 11.08.2017. godine
2017-08-09 14:10 - 2017-08-14 00:02 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Stoliv
2017-08-09 14:10 - 2017-08-10 21:34 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Budva - hotel Astoria
2017-08-09 00:31 - 2017-08-10 21:34 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Slike sa terena 7 i 8 avgust
2017-08-05 01:35 - 2017-08-05 01:35 - 000510906 _____ C:\Users\Darija - Marija\Desktop\Zakon o regularizaciji neformalnih objekata.pdf
2017-08-05 01:11 - 2017-08-05 01:11 - 000708208 _____ C:\Users\Darija - Marija\Desktop\Osnivanje Uprave za inspekcijske poslove - objašnjenje.pdf
2017-08-03 20:52 - 2017-08-03 20:52 - 000000000 ____D C:\Users\Darija - Marija\AppData\Local\NexonLauncher
2017-08-03 20:51 - 2017-08-03 20:53 - 000000000 ____D C:\Users\Darija - Marija\AppData\Roaming\NexonLauncher
2017-08-03 20:51 - 2017-08-03 20:51 - 000000001 _____ C:\end
2017-08-03 20:51 - 2017-08-03 20:51 - 000000000 ____D C:\Program Files (x86)\Nexon
2017-08-02 23:23 - 2017-08-02 23:23 - 000000000 ____D C:\Users\Darija - Marija\Documents\Custom Office Templates
2017-07-27 00:15 - 2017-07-27 00:15 - 000262027 _____ C:\Users\Darija - Marija\Desktop\Zakon o drzavnim sluzbenicima i namjestenicima.pdf
2017-07-27 00:15 - 2017-07-27 00:15 - 000249858 _____ C:\Users\Darija - Marija\Desktop\Zakon o upravnom postupku.pdf
2017-07-27 00:15 - 2017-07-27 00:15 - 000164651 _____ C:\Users\Darija - Marija\Desktop\Zakon o drzavnoj upravi.pdf
2017-07-19 08:03 - 2017-07-19 08:03 - 000351560 _____ C:\Users\Darija - Marija\Desktop\0602-2017-6038-6.pdf
2017-07-19 07:55 - 2017-07-19 07:55 - 000135449 _____ C:\Users\Darija - Marija\Desktop\0602-2017-6956-6.pdf
2017-07-18 19:46 - 2017-07-18 19:46 - 000400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-07-17 17:32 - 2017-07-19 19:02 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Zapisnici - primjeri
2017-07-17 13:50 - 2017-07-17 13:50 - 000127976 _____ C:\Users\Darija - Marija\Desktop\0602-2017-6956-5-.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 21:02 - 2016-10-30 14:48 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Precice
2017-08-15 20:47 - 2017-01-08 01:19 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-08-15 20:47 - 2017-01-08 01:12 - 000000000 ____D C:\Users\Administrator
2017-08-15 20:41 - 2016-11-18 17:12 - 000000000 ____D C:\Users\Darija - Marija\AppData\LocalLow\Mozilla
2017-08-15 17:00 - 2017-01-08 01:12 - 000000000 ____D C:\Users\Darija - Marija
2017-08-15 14:33 - 2017-03-18 16:49 - 000000000 ____D C:\Users\Darija - Marija\AppData\Roaming\.minecraft
2017-08-15 11:24 - 2017-01-08 01:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-15 00:49 - 2016-10-30 15:38 - 000000000 ____D C:\Users\Darija - Marija\AppData\Roaming\BitTorrent
2017-08-14 22:47 - 2016-10-30 15:32 - 000037344 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2017-08-13 23:36 - 2016-12-18 03:02 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Muzika
2017-08-13 22:45 - 2016-12-16 01:43 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Podloge
2017-08-13 22:34 - 2016-10-30 15:11 - 000000000 ____D C:\Users\Darija - Marija\AppData\Local\MSfree Inc
2017-08-13 22:31 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-13 22:30 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-13 22:19 - 2017-01-08 01:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-13 22:18 - 2016-10-30 15:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-13 22:18 - 2016-10-30 14:33 - 000000000 ____D C:\Users\Darija - Marija\AppData\Local\Packages
2017-08-13 22:18 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-13 22:18 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-13 22:18 - 2016-07-16 08:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-13 22:14 - 2016-11-18 16:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-13 22:14 - 2016-10-30 15:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-13 22:12 - 2016-07-16 13:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-13 22:12 - 2015-07-10 13:04 - 000000139 _____ C:\WINDOWS\win.ini
2017-08-13 21:52 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-13 18:56 - 2016-10-30 15:22 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-13 00:44 - 2017-06-03 16:10 - 000000000 ____D C:\Users\Darija - Marija\Desktop\Desktop na dan 03.06.2017. godine
2017-08-12 00:06 - 2016-10-30 15:36 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-12 00:06 - 2016-10-30 15:36 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-10 18:19 - 2017-01-08 01:19 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 18:15 - 2016-10-31 23:20 - 000000000 ____D C:\ProgramData\ProductData
2017-08-06 21:05 - 2016-10-30 14:56 - 000000000 ____D C:\Users\Darija - Marija\AppData\Local\Adobe
2017-08-06 21:05 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-06 21:05 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-03 09:27 - 2016-10-30 14:28 - 000004288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-22 21:48 - 2017-02-18 00:03 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-18 19:46 - 2017-06-07 01:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-18 19:45 - 2017-02-18 00:03 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-07-18 19:45 - 2017-02-18 00:03 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-07-18 19:45 - 2017-02-18 00:03 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-07-18 19:45 - 2017-02-18 00:03 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys

==================== Files in the root of some directories =======

2017-05-02 12:32 - 2017-05-02 12:32 - 000007605 _____ () C:\Users\Darija - Marija\AppData\Local\Resmon.ResmonCfg
2017-01-08 01:11 - 2017-01-08 01:11 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-02 12:30 - 2017-05-02 12:30 - 000019535 _____ () C:\ProgramData\empty.ico
2016-10-30 15:32 - 2017-01-11 17:12 - 000000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-08-13 22:56 - 2017-08-14 22:52 - 000000000 _____ () C:\Users\Darija - Marija\AppData\Local\Temp\6a246669c4722113966d0cbd29442eb9.dll
2017-08-13 22:56 - 2017-08-14 22:48 - 000000093 _____ () C:\Users\Darija - Marija\AppData\Local\Temp\ea677c13ecb420b56d4e03e17a5ef3cc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-14 23:14

==================== End of FRST.txt ============================



https://www.mycity.rs/must-login.png

Dopuna: 15 Avg 2017 21:16

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF Extension: (HD Youtube Downloader) - C:\Users\Darija - Marija\AppData\Roaming\Mozilla\Firefox\Profiles\fhvbjj9z.default-1502807209099\Extensions\hd-youtube-downloader-toolbarteam101@gmail.com.xpi [2017-08-15]
R2 DokanMbMounter; C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe [36176 2015-07-28] (MegaBackup Corp)
MegaBackup (HKLM\...\{403CC8F3-B54C-4510-8325-813CDFEAD562}) (Version: 1.0.1006.0 - MegaBackup Corp) Hidden
Task: {C968195D-FBFC-4B36-922A-59B7BEC8BCDE} - System32\Tasks\MegaBackupSystemIsIdleChecker => C:\Windows\System32\rundll32.exe "C:\Program Files\MegaBackup Corp\MegaBackup\Current\InstallUtil.dll" ComputerIsIdle


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Hvala na odgovoru...
Odradio sam, samo mi nije bilo baš najjasnije gdje se nalazi "Encoding izaberi UTF-8"...


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Sada si u mogućnosti da deinstaliraš MegaBackup te ga deinstaliraj.



Question

Kakvo je stanje sad?

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Napisano: 15 Avg 2017 22:32

Brate svaka ti čast:)
Izvini na Caps Lock ali HVALA PUNO Smile

Dopuna: 15 Avg 2017 22:35

Nisam našao MegaBackUp u control panel - uninstal programs Sad

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Onda obriši ručno C:\Program Files\MegaBackup Corp.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Izvinjavam se što tek sad odgovaram, bio sam na poslu.

Hvala puno na izdvojenom vremenu.

Ko je trenutno na forumu
 

Ukupno su 651 korisnika na forumu :: 9 registrovanih, 0 sakrivenih i 642 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojank, DPera, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, nemkea71, opt1