Kako da

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokrenem FRST acessdenied - usporio komp do bola Ne otvara net brovsere nebitno Opera Chtome itd .. OP Win 7 64 bit..Nemoz da se pokrene MB ni AV ..Nemam nikakav izvestaj...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Bez izvestaja ne mogu da ti pomognem. Kako se to dogodilo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 04 Nov 2023 18:14

Nemam pojma instalirao sam neku aplikaciju sa nekog ruskog sajta i od tada ludilo,,,otvara sam tabove , koci kursor misa , zamrzne tastaturu., Proverio sam sistem sa sfc i dijagnostiku memorije jer sam posumnjao na hardverski problem ,ali sve je u redu ., jeste matora masina ...Uspeo sam delimicno da sredim pomocu programa UnHackMe - online .jedini koji se pokrenuo ...Malwerbyte nema vise za win 7 ....Ako uspem da pokrenem neki od alata kacim izvestaj. Poz.

Dopuna: 04 Nov 2023 18:27

Evo uspeo sam
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2023
Ran by leon (administrator) on KANTA (04-11-2023 18:20:25)
Running from C:\Users\leon\Desktop\FRST64 (1).exe
Loaded Profiles: leon
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s] => RTHDVCPL (No File)
HKLM\...\Run: ["C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui] => AvastUI.exe (No File)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Run: [Opera Browser Assistant] => C:\Users\leon\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4140448 2023-03-08] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [12] AVbr.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [13] AV_br.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [14] KVRT.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [15] cureit.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [16] FRST64.exe => removed successfully
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [17] eset_internet_security_live_installer.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [18] esetonlinescanner.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [19] eset_nod32_antivirus_live_installer.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [20] MBSetup.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [21] PANDAFREEAV.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [22] bitdefender_avfree.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [23] drweb-12.0-ss-win.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [24] Cureit.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [25] TDSSKiller.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [26] KVRT(1).exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {68174963-8175-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {a67cf8fa-8169-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {a67d085a-8169-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {bcca6160-8b86-11ed-82d0-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe [2023-11-01] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * Partizan
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13349731-8CD3-487E-9568-42329F24C6DD} - \Microsoft\Windows\Wininet\winser -> No File <==== ATTENTION
Task: {16B8D735-8D31-4033-B52E-76CE2735FDFF} - \UpdateTaskMachineQC -> No File <==== ATTENTION
Task: {1F251418-9D92-4E6F-AD5A-D3F0D71AE421} - \Microsoft\Windows\WindowsBackup\OnlogonCheck -> No File <==== ATTENTION
Task: {43834092-44AC-4F8A-9579-71E3171C575E} - \Microsoft\Windows\MapInfoK\RecoveryTask -> No File <==== ATTENTION
Task: {B274758D-FF15-4944-A261-5E3A8C957F83} - \Microsoft\Windows\WindowsBackup\SystemSupport -> No File <==== ATTENTION
Task: {C51EDEDB-058F-413B-9BF8-D54D628398B9} - \Microsoft\Windows\Wininet\winsers -> No File <==== ATTENTION
Task: {CAC70BE9-C049-4658-BCFA-31143A2B20C6} - \Microsoft\Windows\WindowsBackup\CleanCash -> No File <==== ATTENTION
Task: {D1E63120-1831-45F4-8DB1-FF78FB960484} - \Microsoft\Windows\MapInfoK\pgBDaej3R -> No File <==== ATTENTION
Task: {E5F991D1-60CD-4E30-B022-23F1974C4EC3} - \Microsoft\Windows\WindowsBackup\WinlogonCheck -> No File <==== ATTENTION
Task: {804353F6-80BD-42BA-8AE0-C5CCAEBED29A} - System32\Tasks\{8C8E56E8-7C2A-4543-B464-1FE4B49DAC88} => C:\Windows\system32\pcalua.exe [9728 2022-11-09] (Microsoft Windows -> Microsoft Corporation) -> -a "E:\grafika i audio drajveri\6305_Vista_PG537\Vista64\RTLCPL.exe" -d "E:\grafika i audio drajveri\6305_Vista_PG537\Vista64"
Task: {EF3C617A-8BBB-4611-843E-60B063E6EA2D} - System32\Tasks\{E546EDA9-C515-463F-984F-3BA38128A0EE} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2465048 2023-01-24] (Google LLC -> Google LLC)
Task: {4E61A048-F99E-46AD-B5B2-9F1648DCBE29} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{AD54918E-BBF5-43AE-B38A-B6731A32169A} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2023-11-01] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0DB2F1EA-0AE9-46B3-AE70-09EC2EFF73A4} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{C548C76D-2E80-46D1-94A4-871F1F1C12DB} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2023-11-01] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {87DA35CD-C443-4C4C-8D52-F8AEAE16F9A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-11-09] (Google Inc -> Google LLC)
Task: {85B94C28-A849-47F2-9DD7-CACDAB88E0FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-11-09] (Google Inc -> Google LLC)
Task: {A8CFB28A-08A4-425E-82F7-90B0AD7C6D68} - System32\Tasks\Microsoft\Windows\MapInfoK\RecoveryHosts => C:\ProgramData\Microsoft\MapData\pgBDaej3R\MapInfoK.bat [2760 2023-10-25] () [File not signed] <==== ATTENTION
Task: {218F12CE-E8BB-4B97-8D1B-177627AEB712} - System32\Tasks\Microsoft\Windows\WindowsBackup\RecoveryManager => C:\Windows\SysWOW64\unsecapp.exe (No File)
Task: {CC33232B-DB19-441B-9998-08775B914633} - System32\Tasks\Opera scheduled assistant Autoupdate 1668026271 => C:\Users\leon\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\leon\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6AC827D6-718B-461E-BD7B-4F5937057D1B} - System32\Tasks\Opera scheduled Autoupdate 1668026266 => C:\Users\leon\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
Task: {936E591D-69F2-4FEA-BD29-1CAA9E6D29BC} - System32\Tasks\WinSysCleanUC => C:\Program Files\WinSysClean X12 FREE\WinSysClean.exe [19880672 2022-05-11] (Ultimate Systems S.R.L -> Ultimate Systems, SRL)
Task: {8929BCD8-EF17-4EFE-A13C-10F51DE4CF45} - System32\Tasks\WpsExternal_leon_20231018211941 => C:\Users\leon\AppData\Local\Kingsoft\WPS Office\12.2.0.13266\office6\wpscloudsvr.exe [965520 2023-10-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {C4098A71-7FBB-4C37-BE68-443011A33189} - System32\Tasks\WpsUpdateTask_leon => C:\Users\leon\AppData\Local\Kingsoft\WPS Office\12.2.0.13266\office6\wpsupdate.exe [1494416 2023-10-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{A0F90B31-0C21-4E88-A90E-C739121F4241}: [DhcpNameServer] 89.216.1.30 89.216.1.40 89.216.1.50

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default [2023-11-03]
CHR Notifications: Default -> hxxps://en.softonic.com; hxxps://mail.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Google Docs Offline) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-09]

Opera:
=======
OPR Profile: C:\Users\leon\AppData\Roaming\Opera Software\Opera Stable [2023-11-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\leon\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-10-18]
OPR Extension: (Opera Wallet) - C:\Users\leon\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-19]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\leon\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-11-09]

Brave:
=======
BRA Profile: C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-11-03]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-11-02]
BRA Extension: (Brave NTP background images) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-12-30]
BRA Extension: (Wallet Data Files Updater) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-02-04]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-11-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-11-02]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-11-02]
BRA Extension: (Brave Ads Resources) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2023-11-02]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-11-02]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-11-02]
BRA Extension: (Brave Ads Resources) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2023-11-02]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\leon\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-11-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe [442416 2019-09-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 BITS_bkp; C:\Windows\System32\qmgr.dll [849920 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2023-11-01] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2023-11-01] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2023-10-28] (Stas'M Corp.) [File not signed] <==== ATTENTION (no ServiceDLL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [965520 2023-10-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S2 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [2420736 2010-11-21] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-11] (Emsisoft GmbH -> Emsisoft GmbH)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH -> Emsisoft GmbH)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 LSI_SAS3; C:\Windows\system32\drivers\lsi_sas3.sys [88776 2014-09-25] (LSI Corporation -> LSI Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2023-09-19] (Malwarebytes Inc -> Malwarebytes)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [60104 2014-07-03] (LSI Corporation -> LSI Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2022-12-23] (ASUSTeK Computer Inc. -> )
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-04 18:20 - 2023-11-04 18:21 - 000020616 _____ C:\Users\leon\Desktop\FRST.txt
2023-11-04 18:19 - 2023-11-04 18:19 - 002383872 _____ (Farbar) C:\Users\leon\Desktop\FRST64 (1).exe
2023-11-04 18:18 - 2023-11-04 18:18 - 002383872 _____ (Farbar) C:\Users\leon\Desktop\FRST64.exe
2023-11-03 17:29 - 2023-11-03 17:29 - 001930292 _____ C:\Users\leon\Downloads\Uplatnica za SBB na dan 03.11.2023.pdf
2023-11-02 23:09 - 2019-12-09 10:06 - 000001368 _____ C:\Program Files\README.txt
2023-11-02 23:08 - 2019-12-09 10:06 - 000001368 _____ C:\Program Files (x86)\README.txt
2023-11-02 23:05 - 2023-11-02 23:05 - 000241057 _____ C:\Users\leon\Downloads\advapi32 (2).zip
2023-11-02 23:04 - 2023-11-02 23:04 - 000302992 _____ C:\Users\leon\Downloads\advapi32 (1).zip
2023-11-02 23:03 - 2023-11-02 23:03 - 000240998 _____ C:\Users\leon\Downloads\advapi32.zip
2023-11-02 22:41 - 2023-11-02 22:41 - 000000000 ____D C:\Program Files (x86)\Kingsoft
2023-11-01 20:29 - 2023-11-01 20:29 - 000002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-11-01 20:28 - 2023-11-01 20:28 - 000002318 _____ C:\Users\Public\Desktop\Brave.lnk
2023-11-01 20:26 - 2023-11-01 20:26 - 000000000 ____D C:\Program Files\BraveSoftware
2023-11-01 20:24 - 2023-11-02 20:18 - 000003390 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{C548C76D-2E80-46D1-94A4-871F1F1C12DB}
2023-11-01 20:24 - 2023-11-02 20:18 - 000003262 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{AD54918E-BBF5-43AE-B38A-B6731A32169A}
2023-11-01 20:07 - 2023-11-01 20:07 - 000000000 ____D C:\ProgramData\ASUS
2023-11-01 20:07 - 2023-11-01 20:07 - 000000000 ____D C:\Program Files (x86)\ASUS
2023-11-01 20:07 - 2019-04-09 11:27 - 000033832 _____ C:\Windows\system32\Drivers\AsIO2.sys
2023-11-01 20:07 - 2019-04-09 10:22 - 000120880 _____ C:\Windows\system32\AsIO2.dll
2023-11-01 20:07 - 2019-04-09 10:22 - 000095280 _____ C:\Windows\SysWOW64\AsIO2.dll
2023-11-01 18:28 - 2023-11-01 18:28 - 000000000 ____D C:\Program Files\scoped_dir4736_1822182400
2023-11-01 18:12 - 2023-11-01 18:12 - 000000000 ____D C:\Users\leon\AppData\Local\unali-792890
2023-11-01 18:12 - 2023-11-01 18:12 - 000000000 ____D C:\Users\leon\AppData\Local\unali-790035
2023-11-01 15:01 - 2023-11-01 15:01 - 000000000 _____ C:\Users\leon\AppData\Local\{85AE986C-DB7E-47C8-8DBF-FB718576CC61}
2023-10-31 17:44 - 2023-10-31 17:44 - 000000000 ___HD C:\AomeiRecovery
2023-10-31 15:54 - 2023-10-31 15:54 - 000003544 ____N C:\bootsqm.dat
2023-10-31 13:09 - 2023-10-31 13:09 - 000000000 _____ C:\scannow
2023-10-28 13:48 - 2023-10-28 13:48 - 000000000 ____D C:\Users\leon\AppData\Roaming\RMS_settings
2023-10-28 13:47 - 2023-10-28 13:47 - 000000000 __SHD C:\ProgramData\Windows Tasks Service
2023-10-28 13:47 - 2023-10-28 13:47 - 000000000 ___HD C:\Program Files\RDP Wrapper
2023-10-25 20:12 - 2023-10-25 20:14 - 000000000 ____D C:\Users\leon\AppData\Local\MSfree Inc
2023-10-25 20:12 - 2023-10-25 20:12 - 000000000 __SHD C:\Users\leon\AppData\Roaming\Sysfiles
2023-10-25 20:12 - 2023-10-25 20:12 - 000000000 __SHD C:\Program Files\QuickCPU
2023-10-25 20:12 - 2023-10-25 20:12 - 000000000 __SHD C:\Program Files\NETGATE
2023-10-25 20:12 - 2023-10-25 20:12 - 000000000 ____D C:\Program Files (x86)\MSI
2023-10-25 20:11 - 2023-11-04 18:21 - 000000000 ____D C:\FRST
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Users\leon\Downloads\AV_block_remover
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Users\leon\Downloads\AutoLogger
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Users\leon\Desktop\AV_block_remover
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Users\leon\Desktop\AutoLogger
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\WavePad
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\RobotDemo
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\PuzzleMedia
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\princeton-produce
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\Norton
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\McAfee
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\MB3Install
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\grizzly
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\FingerPrint
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\Evernote
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\ESET
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\Doctor Web
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\BookManager
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\ProgramData\360safe
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Transmission
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\SUPERAntiSpyware
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\SpyHunter
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\RogueKiller
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Ravantivirus
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Rainmeter
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Process Lasso
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Process Hacker 2
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Loaris Trojan Remover
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\HitmanPro
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\ESET
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\EnigmaSoft
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Enigma Software Group
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\DrWeb
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\COMODO
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Common Files\Doctor Web
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Common Files\AV
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Cezurity
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\ByteFence
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\Bitdefender Agent
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files\AVG
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Transmission
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\SpeedFan
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Moo0
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\GPU Temp
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\AVG
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\Program Files (x86)\360
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\KVRT2020_Data
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 __SHD C:\KVRT_Data
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 ____D C:\Windows\speechstracing
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 ____D C:\ProgramData\Avira
2023-10-25 20:11 - 2023-10-25 20:11 - 000000000 ____D C:\Program Files\CPUID
2023-10-25 20:10 - 2023-11-02 22:51 - 000000000 __SHD C:\ProgramData\RunDLL
2023-10-25 20:10 - 2023-10-28 13:51 - 000000000 __SHD C:\ProgramData\Install
2023-10-25 20:10 - 2023-10-28 13:49 - 000000000 __SHD C:\ProgramData\WindowsTask
2023-10-25 20:10 - 2023-10-28 13:45 - 000000000 __SHD C:\ProgramData\ReaItekHD
2023-10-25 20:10 - 2023-10-25 20:10 - 000000000 ____D C:\ProgramData\System32
2023-10-25 20:09 - 2023-10-28 13:48 - 000000000 __SHD C:\ProgramData\Setup
2023-10-18 20:19 - 2023-10-18 20:19 - 000004216 _____ C:\Windows\system32\Tasks\WpsExternal_leon_20231018211941
2023-10-18 20:19 - 2023-10-18 20:19 - 000003812 _____ C:\Windows\system32\Tasks\WpsUpdateTask_leon

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-04 18:13 - 2022-11-09 21:59 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-04 18:01 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-04 18:00 - 2022-12-22 19:21 - 000000248 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2023-11-03 18:07 - 2009-07-14 05:45 - 000036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-11-03 18:07 - 2009-07-14 05:45 - 000036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-11-03 17:38 - 2022-11-14 21:41 - 000000000 ___RD C:\Users\leon\Desktop\Alati
2023-11-03 17:35 - 2023-01-15 23:00 - 000000000 ____D C:\Users\leon\AppData\Roaming\XnView
2023-11-03 17:35 - 2022-11-16 18:58 - 000000000 ____D C:\Users\leon\AppData\Local\CrashDumps
2023-11-03 17:34 - 2023-03-20 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2023-11-03 16:45 - 2009-07-14 06:08 - 000032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-11-02 22:55 - 2022-12-21 18:25 - 000000000 ____D C:\Users\leon\AppData\Local\UnHackMe
2023-11-02 22:54 - 2023-04-10 21:16 - 000000000 ____D C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vTubeGo
2023-11-02 22:52 - 2022-12-21 18:25 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2023-11-02 22:48 - 2022-12-21 18:24 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2023-11-02 21:57 - 2022-11-21 18:55 - 000000000 ___RD C:\Users\leon\Desktop\Office
2023-11-02 21:55 - 2022-11-23 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2023-11-02 21:45 - 2022-12-04 12:29 - 000004028 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1668026266
2023-11-02 20:26 - 2022-11-19 22:59 - 000000000 ___RD C:\Users\leon\Desktop\Audio
2023-11-02 20:26 - 2022-11-14 21:41 - 000000000 ___RD C:\Users\leon\Desktop\Igre
2023-11-01 20:24 - 2022-12-30 16:40 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2023-11-01 18:54 - 2022-12-09 17:17 - 000000000 ____D C:\Windows\MiniDump
2023-11-01 18:54 - 2022-12-09 17:05 - 000000000 ____D C:\Program Files\WinSysClean X12 FREE
2023-11-01 18:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2023-11-01 18:37 - 2009-07-14 04:20 - 000000000 ____D C:\PerfLogs
2023-11-01 18:27 - 2023-06-09 18:45 - 000000000 ____D C:\Users\leon\AppData\Local\ChemTable Software
2023-11-01 18:19 - 2022-12-09 17:05 - 000000000 ____D C:\Users\leon\AppData\Local\IIIQF
2023-11-01 18:13 - 2022-12-09 21:55 - 000000000 ____D C:\Program Files (x86)\EaseUS
2023-11-01 14:57 - 2022-12-05 23:10 - 000000208 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2023-11-01 14:57 - 2022-12-05 23:09 - 000000432 _____ C:\Windows\SysWOW64\winsevr.dat
2023-10-31 17:41 - 2022-12-05 23:10 - 000001024 ____H C:\SYSTAG.BIN
2023-10-31 17:32 - 2022-11-20 18:10 - 000000000 ____D C:\Program Files (x86)\DreamQuest
2023-10-31 12:59 - 2023-03-24 21:30 - 000581710 _____ C:\Windows\ntbtlog.txt
2023-10-30 21:05 - 2009-07-14 06:13 - 000781306 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-30 21:05 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2023-10-30 20:36 - 2022-12-09 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader Converter
2023-10-25 20:14 - 2023-04-01 18:23 - 000000000 ____D C:\Program Files\Microsoft Security Client
2023-10-25 20:12 - 2022-11-09 11:59 - 000000000 ____D C:\Users\leon\AppData\Roaming\Microsoft\Windows
2023-10-25 20:11 - 2022-12-14 18:03 - 000000000 __SHD C:\Program Files (x86)\IObit
2023-10-25 20:11 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\System
2023-10-25 19:36 - 2022-12-07 20:38 - 000003434 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-25 19:36 - 2022-12-07 20:38 - 000003306 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-18 22:51 - 2022-11-21 18:25 - 000000000 ____D C:\Users\leon\AppData\Roaming\Microsoft\Windows Photo Viewer

==================== Files in the root of some directories ========

2023-11-02 23:09 - 2020-08-12 22:00 - 000487240 _____ (Microsoft Corporation) C:\Program Files\advapi32.dll
2023-11-02 23:09 - 2019-12-09 10:06 - 000001368 _____ () C:\Program Files\README.txt
2023-11-02 23:08 - 2020-08-12 22:00 - 000487240 _____ (Microsoft Corporation) C:\Program Files (x86)\advapi32.dll
2023-11-02 23:08 - 2019-12-09 10:06 - 000001368 _____ () C:\Program Files (x86)\README.txt
2022-11-15 21:17 - 2022-11-15 21:17 - 000000064 _____ () C:\Users\leon\AppData\Roaming\changzhi_leidian.data
2022-12-01 20:13 - 2022-12-01 20:13 - 000001510 _____ () C:\Users\leon\AppData\Roaming\droid4xinstaller.log
2023-11-01 15:01 - 2023-11-01 15:01 - 000000000 _____ () C:\Users\leon\AppData\Local\{85AE986C-DB7E-47C8-8DBF-FB718576CC61}

==================== FLock ==============================

2023-09-01 21:52 C:\Program Files\Avast Software
2023-10-25 20:11 C:\Program Files\AVG
2023-10-25 20:11 C:\Program Files\Bitdefender Agent
2023-10-25 20:11 C:\Program Files\ByteFence
2023-10-25 20:11 C:\Program Files\Cezurity
2023-10-25 20:11 C:\Program Files\COMODO
2023-10-25 20:11 C:\Program Files\DrWeb
2023-10-25 20:11 C:\Program Files\Enigma Software Group
2023-10-25 20:11 C:\Program Files\EnigmaSoft
2023-10-25 20:11 C:\Program Files\ESET
2023-10-25 20:11 C:\Program Files\HitmanPro
2023-10-25 20:11 C:\Program Files\Kaspersky Lab
2023-10-25 20:11 C:\Program Files\Loaris Trojan Remover
2023-09-19 15:04 C:\Program Files\Malwarebytes
2023-10-25 20:12 C:\Program Files\NETGATE
2023-10-25 20:11 C:\Program Files\Process Hacker 2
2023-10-25 20:11 C:\Program Files\Process Lasso
2023-10-25 20:12 C:\Program Files\QuickCPU
2023-10-25 20:11 C:\Program Files\Rainmeter
2023-10-25 20:11 C:\Program Files\Ravantivirus
2023-10-25 20:11 C:\Program Files\RogueKiller
2023-10-25 20:11 C:\Program Files\SpyHunter
2023-10-25 20:11 C:\Program Files\SUPERAntiSpyware
2023-10-25 20:11 C:\Program Files\Transmission
2023-10-25 20:11 C:\Program Files (x86)\360
2023-10-25 20:11 C:\Program Files (x86)\AVAST Software
2023-10-25 20:11 C:\Program Files (x86)\AVG
2023-10-25 20:11 C:\Program Files (x86)\Cezurity
2023-10-25 20:11 C:\Program Files (x86)\GPU Temp
2023-10-25 20:11 C:\Program Files (x86)\GRIZZLY Antivirus
2023-10-25 20:11 C:\Program Files (x86)\Kaspersky Lab
2023-10-25 20:11 C:\Program Files (x86)\Moo0
2023-10-25 20:11 C:\Program Files (x86)\Panda Security
2023-10-25 20:11 C:\Program Files (x86)\SpeedFan
2023-10-25 20:11 C:\Program Files (x86)\SpyHunter
2023-10-25 20:11 C:\Program Files (x86)\Transmission
2023-10-25 20:11 C:\Program Files\Common Files\AV
2023-10-25 20:11 C:\Program Files\Common Files\Doctor Web
2023-10-25 20:11 C:\Program Files\Common Files\McAfee
2023-10-25 20:11 C:\ProgramData\360safe
2023-09-19 14:27 C:\ProgramData\Avast Software
2023-10-25 20:11 C:\ProgramData\Avira
2023-10-25 20:11 C:\ProgramData\BookManager
2023-10-25 20:11 C:\ProgramData\Doctor Web
2023-10-25 20:11 C:\ProgramData\ESET
2023-10-25 20:11 C:\ProgramData\Evernote
2023-10-25 20:11 C:\ProgramData\FingerPrint
2023-10-25 20:11 C:\ProgramData\grizzly
2023-10-25 20:11 C:\ProgramData\Kaspersky Lab
2023-10-25 20:11 C:\ProgramData\Kaspersky Lab Setup Files
2023-10-25 20:11 C:\ProgramData\McAfee
2023-10-25 20:11 C:\ProgramData\Norton
2023-10-25 20:11 C:\ProgramData\princeton-produce
2023-10-25 20:11 C:\ProgramData\PuzzleMedia
2023-10-25 20:11 C:\ProgramData\RobotDemo
2023-10-25 20:11 C:\ProgramData\WavePad
2023-10-25 20:11 C:\Users\leon\Desktop\AutoLogger
2023-10-25 20:11 C:\Users\leon\Desktop\AV_block_remover
2023-10-25 20:11 C:\Users\leon\Downloads\AutoLogger
2023-10-25 20:11 C:\Users\leon\Downloads\AV_block_remover
2023-10-25 20:12 C:\Users\leon\AppData\Roaming\Sysfiles

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-12-04 19:24
==================== End of FRST.txt ========================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde da probamo nesto da uradimo, pa kako bude.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [12] AVbr.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [13] AV_br.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [14] KVRT.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [15] cureit.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [16] FRST64.exe => removed successfully
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [17] eset_internet_security_live_installer.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [18] esetonlinescanner.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [19] eset_nod32_antivirus_live_installer.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [20] MBSetup.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [21] PANDAFREEAV.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [22] bitdefender_avfree.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [23] drweb-12.0-ss-win.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [24] Cureit.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [25] TDSSKiller.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\Policies\Explorer\DisallowRun: [26] KVRT(1).exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {68174963-8175-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {a67cf8fa-8169-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {a67d085a-8169-11ed-ad5d-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2238210743-901624104-413061593-1001\...\MountPoints2: {bcca6160-8b86-11ed-82d0-001e8cca32cb} - F:\HiSuiteDownLoader.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {13349731-8CD3-487E-9568-42329F24C6DD} - \Microsoft\Windows\Wininet\winser -> No File <==== ATTENTION
Task: {16B8D735-8D31-4033-B52E-76CE2735FDFF} - \UpdateTaskMachineQC -> No File <==== ATTENTION
Task: {1F251418-9D92-4E6F-AD5A-D3F0D71AE421} - \Microsoft\Windows\WindowsBackup\OnlogonCheck -> No File <==== ATTENTION
Task: {43834092-44AC-4F8A-9579-71E3171C575E} - \Microsoft\Windows\MapInfoK\RecoveryTask -> No File <==== ATTENTION
Task: {B274758D-FF15-4944-A261-5E3A8C957F83} - \Microsoft\Windows\WindowsBackup\SystemSupport -> No File <==== ATTENTION
Task: {C51EDEDB-058F-413B-9BF8-D54D628398B9} - \Microsoft\Windows\Wininet\winsers -> No File <==== ATTENTION
Task: {CAC70BE9-C049-4658-BCFA-31143A2B20C6} - \Microsoft\Windows\WindowsBackup\CleanCash -> No File <==== ATTENTION
Task: {D1E63120-1831-45F4-8DB1-FF78FB960484} - \Microsoft\Windows\MapInfoK\pgBDaej3R -> No File <==== ATTENTION
Task: {E5F991D1-60CD-4E30-B022-23F1974C4EC3} - \Microsoft\Windows\WindowsBackup\WinlogonCheck -> No File <==== ATTENTION
Task: {A8CFB28A-08A4-425E-82F7-90B0AD7C6D68} - System32\Tasks\Microsoft\Windows\MapInfoK\RecoveryHosts => C:\ProgramData\Microsoft\MapData\pgBDaej3R\MapInfoK.bat [2760 2023-10-25] () [File not signed] <==== ATTENTION
C:\ProgramData\Microsoft\MapData\pgBDaej3R
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2023-10-28] (Stas'M Corp.) [File not signed] <==== ATTENTION (no ServiceDLL)

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 05 Nov 2023 16:21

Nece ,jednostavno ne pronalazi fixlist.txt ...

Dopuna: 05 Nov 2023 17:35

Evo uspeo
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li je stanje sad malo bolje?
Probaj sad da instaliras neki antivirus.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 06 Nov 2023 19:42

Sad je sve ok ...

Dopuna: 06 Nov 2023 21:12

Nece AV ..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Daj mi ponovo novi FRST log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li si uspeo da pokrenes neki od antivirusa koje si instalirao i da obavis skeniranje? Ako jesi, postavi mi neki log.