offline
- Brksi
- Ex KGB officer
- Pridružio: 18 Jul 2003
- Poruke: 4204
- Gde živiš: U zlatnom kavezu
|
Molim proveru, jer sumnjam na virusnu infekciju.... jako mi je bitno da se obavi u naredna dva dana, jer vrsim neka elektronska placanja - pa ako sam zarazen ne zelim jos vecu havariju i glavobolju.... Dakle ne trazim od vas da mi dezinfikujete komp za 48h samo da potvrdimo ili boze daj odbacimo sumnju na infekciju... Da znam da odlozim uplate.
Simptomi su sledeci:
Pre neki dan premetio sam da mi se iz cista mira poremetio preset Photoshopa... radno okruzenje i paleta boja vise nisu bili onakvi kakve koristim, pa sam morao da obrisem profil folder iz Aplication data kako bih resetovao preset PS-a. Sto je jasno vidljivo iz sadrzaja mog recycled foldera 
Danas mi se u toku popodneva jezik na facebooku sam od sebe pretvorio u arapski - to sam resio refreshovanjem stranice (daj boze da je do facebooka).....
Kada sam sekinirao sistem sa FIRSTom javio mi je da nije uspeo da ga azurira i pokretao se duze nego uobicajno i progres bar koji jurisa s' kraja na kraj prozora dok sekenira je zapinjao u animaciji.
Sazetak rizicnog ponasanja:
Ovih dana sdam u potrazi za jednim filmom (prekjuce) otvarao neke sajtove i pokusavao da ga pustim preko par playera na sta je kaspersky reagovao obavestenjem da je prekinuo rizicnu vezu ispisijuci svoj baner preko cele stranice u browseru - nista ne ubicajno kada pustate online player, ali eto da prijavim sta sam radio. Osim navedenog nisam imao drugih rizicnih aktivnosti na ovom kompu. Opterecenost procesora i overload RAMa nisu detektovani do sada.
Napomena
U scheduled tasku primeticete zatdake poput "gasi_bre" i "disable update" to su moje skripte koje sluze za automatizovano gasenje kompa i iskljucenje win updatea, te skripte sam sam pisao kakbih iskljucio servis win update koji hoce sam da se ukljuci iako je disableovan - pa se ova skripta ciklicno ponavlja, jer ne azuriram win 10 zbog zastarelosti konfiguracije i detektovanih nekompatibilnosti koje dovode do sporog podizanja sistema.
Izveštaj skeniranja od Farbar Recovery Scan Tool (FRST) (x64) Verzija: 07-02-2023
Pokrenuo Brksi (administrator) na EX-MAXIMUS (07-02-2023 19:22:02)
Pokrenuto sa C:\Users\Brksi\Desktop
Učitani Profili: Brksi
Platform: Microsoft Windows 10 Pro Verzija 21H1 19043.928 (X64) Jezik: engleski (Ujedinjeno Kraljevstvo) -> srpski (latinica, Srbija)
Podrazumevani pregledač: Chrome
Režim pokretanja sistema: Normal
==================== Procesi (Na Beloj Listi) =================
(Ukoliko je stavka unešena u fixlist, proces ce biti zatvoren. Datoteka nece biti premešten.)
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> ColorPickerUI) C:\Program Files\PowerToys\modules\ColorPicker\ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerLauncher.exe
(explorer.exe ->) (NetSeT Global Solutions d.o.o.) [Datoteka nije potpisana] C:\Program Files\TrustEdgeID\TokenUtil.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Skutta, Kristjan -> ) F:\Program Files\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
(svchost.exe ->) (ASUSTEK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.22031.10091.0_x64__8wekyb3d8bbwe\Music.UI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registar (Na Beloj Listi) ===================
(Ukoliko je stavka unešena u fixlist, registru stavka ce biti vraćena na podrazumevanu vrednost ili uklonjena. Datoteka neće biti premeštena.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrikcije <==== Pažnja
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrikcije <==== Pažnja
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restrikcije <==== Pažnja
HKU\S-1-5-21-3380670731-386509780-2705612084-1001\...\Run: [Steam] => F:\Program Files\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3380670731-386509780-2705612084-1001\...\Run: [EpicGamesLauncher] => F:\Program Files\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32696784 2022-10-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3380670731-386509780-2705612084-1001\...\Run: [WallpaperEngine] => F:\Program Files\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3050080 2022-10-28] (Skutta, Kristjan -> )
HKU\S-1-5-21-3380670731-386509780-2705612084-1001\...\Command Processor: prompt $D$B$T$BDje si Brksi $P <==== Pažnja
HKLM\...\Windows x64\Print Processors\hpcpp101: C:\Windows\System32\spool\prtprocs\x64\hpcpp101.dll [323584 2010-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datoteka nije potpisana]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Token Manager.lnk [2022-06-13]
ShortcutTarget: Token Manager.lnk -> C:\Program Files\TrustEdgeID\TokenUtil.exe (NetSeT Global Solutions d.o.o.) [Datoteka nije potpisana]
Startup: C:\Users\Brksi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2022-01-17]
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
GroupPolicy: Restrikcije ? <==== Pažnja
Policies: C:\ProgramData\NTUSER.pol: Restrikcije <==== Pažnja
==================== Planirani Zadaci (Na Beloj Listi) ============
(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)
Task: {141924CA-2BE6-4451-B2BF-86B540DA573E} - System32\Tasks\Gasi bre => C:\Users\Brksi\Desktop\s.bat [59 2022-01-18] () [Datoteka nije potpisana]
Task: {2B2F8854-8B65-46D5-A845-E7810DD5C5DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-16] (Google LLC -> Google LLC)
Task: {389FC08B-A805-48C9-BB1B-D10CF9CC4755} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [109697976 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {7B87702C-BA00-4F2A-922B-F379DDE159ED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8335FA3B-D7D4-41C8-A9D5-0F6F8BD0A703} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2416640 2019-08-14] (ASUSTEK COMPUTER INC. -> ASUSTek COMPUTER INC.)
Task: {98410117-E0B5-4C5C-BA7D-F88C9AE572D1} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => F:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [131776 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0D62CCA-5DC4-40EC-B9AA-044E8905CD8D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {A2CAB4FC-5088-43B7-9EF9-BD115EE71947} - System32\Tasks\disable update => D:\D\Moji programi\Skripte\disable_update.bat [93 2022-02-17] () [Datoteka nije potpisana]
Task: {B208BB11-A307-4F7B-B20C-5E40EE339DA0} - System32\Tasks\PowerToys\Autorun for Brksi => C:\Program Files\PowerToys\PowerToys.exe [1235312 2020-12-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {B394E1A3-6256-4611-9483-23316FA3936C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B63E70DB-0B18-411D-989C-DC7B2BD320BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFE8889C-0A2D-43E3-82B8-F43884C5BF40} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {C9537A09-710D-43B4-8A8D-0E6F9C60C412} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D63BF3A7-267F-4118-BEE9-786EBCEE4FF6} - System32\Tasks\CCleanerSkipUAC - Brksi => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D66396EB-5303-4AC9-896E-05DDBF2071B0} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2022-01-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {D76A77C1-C180-4A62-84E5-C2ECF311A7CB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E58B55DB-5A46-4C04-84A3-02BCB39B19A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE896B9E-26BB-47C0-BD9E-F3D57872E213} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F418292A-E74A-40BA-B5C1-D7D60FFAA2FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-16] (Google LLC -> Google LLC)
(Ukoliko je stavka unešena u fixlist, planirani zadaci (.job) datoteke će biti premeštene. Datoteka koju zadatak izvršava neće biti uklonjena.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Na Beloj Listi) ====================
(Ukoliko je stavka unešena u fixlist, ako je to registru stavka, biće uklonjena ili vraćena na podrazumevanu vrednost.)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{ff280d70-178a-4a22-8a91-db32ff66afa9}: [DhcpNameServer] 89.216.1.30 89.216.1.40 89.216.1.50
Edge:
=======
Edge Profile: C:\Users\Brksi\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-18]
Edge Extension: (Kaspersky Protection) - C:\Users\Brksi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2022-02-06]
Edge HKU\S-1-5-21-3380670731-386509780-2705612084-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
FireFox:
========
FF DefaultProfile: sgxgber2.default
FF ProfilePath: C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\sgxgber2.default [2022-01-18]
FF ProfilePath: C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\m3tnuth6.default-release [2023-02-05]
FF Extension: (AdBlocker Ultimate) - C:\Users\Brksi\AppData\Roaming\Mozilla\Firefox\Profiles\m3tnuth6.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2023-01-27]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => nije pronađena
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => nije pronađena
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Nema Datoteke]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Nema Datoteke]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Nema Datoteke]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-01-18] <==== Pažnja (Ukazuje na .cfg datoteku)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-01-18] <==== Pažnja
Chrome:
=======
CHR Profile: C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default [2023-01-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-01-26]
CHR Extension: (Google документи офлајн) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-26]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Brksi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-16]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
==================== Servisi (Na Beloj Listi) ===================
(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [184768 2021-07-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9844328 2022-10-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [Datoteka nije potpisana]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [Datoteka nije potpisana]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2022-01-17] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2022-01-17] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2579840 2022-09-15] (Rockstar Games, Inc. -> Rockstar Games)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S3 VSStandardCollectorService140; F:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drajveri (Na Beloj Listi) ===================
(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datoteka nije potpisana]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [237288 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [105280 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [206600 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [119568 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [522504 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [717448 2022-11-24] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1729160 2022-11-24] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [244832 2022-11-21] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1049864 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [90896 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [104728 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [107328 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [78088 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [88328 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [382304 2022-09-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [359976 2022-12-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [190048 2022-12-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [270672 2022-09-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [150280 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [325400 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [294680 2022-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239672 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249584 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S1 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [24680 2011-01-26] (Ghisler Software GmbH -> CaptainFlint Software)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2022-11-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [469288 2022-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 mdf16; \??\C:\Users\Brksi\AppData\Local\Temp\mdf16.sys [X] <==== Pažnja
S3 mvd23; \??\C:\Users\Brksi\AppData\Local\Temp\mvd23.sys [X] <==== Pažnja
==================== NetSvcs (Na Beloj Listi) ===================
(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)
==================== Mesec dana (kreirane) (Na Beloj Listi) =========
(Ukoliko je stavka unešena u fixlist, Datoteka/Fascikla će biti premeštena.)
2023-02-07 19:22 - 2023-02-07 19:22 - 000026135 _____ C:\Users\Brksi\Desktop\FRST.txt
2023-02-07 19:21 - 2023-02-07 19:22 - 000000000 ____D C:\FRST
2023-02-07 19:20 - 2023-02-07 19:19 - 002378240 _____ (Farbar) C:\Users\Brksi\Desktop\FRST64.exe
2023-02-05 13:54 - 2023-02-06 11:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-15 15:50 - 2023-01-15 15:50 - 000002226 _____ C:\Users\Brksi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox приватно прегледање.lnk
2023-01-11 14:24 - 2023-01-26 17:45 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\Kodi
2023-01-11 14:24 - 2023-01-11 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
==================== Mesec dana (modifikovane) ==================
(Ukoliko je stavka unešena u fixlist, Datoteka/Fascikla će biti premeštena.)
2023-02-07 19:15 - 2022-01-16 15:18 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-07 18:55 - 2022-01-16 11:56 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-07 18:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-07 13:57 - 2022-01-16 17:11 - 000000000 ____D C:\Users\Brksi\AppData\LocalLow\Mozilla
2023-02-07 11:16 - 2022-01-16 11:02 - 000000000 ____D C:\Users\Brksi\AppData\Local\Packages
2023-02-07 11:16 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-07 11:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-07 11:15 - 2022-01-16 19:28 - 000000000 ____D C:\Program Files\CCleaner
2023-02-07 11:10 - 2022-01-16 11:05 - 000891884 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-07 11:10 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-07 11:07 - 2022-02-09 22:38 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-07 11:06 - 2022-04-09 20:28 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-07 11:06 - 2022-01-16 19:13 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2023-02-07 11:06 - 2022-01-16 11:56 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-07 11:06 - 2022-01-16 11:56 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-07 00:41 - 2022-01-16 19:14 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\ColorPicker
2023-02-07 00:41 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-02-06 18:57 - 2022-01-16 16:49 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\vlc
2023-02-06 11:05 - 2022-01-16 17:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-05 19:57 - 2022-01-18 11:38 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-05 19:57 - 2022-01-18 11:38 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-02-05 12:03 - 2022-01-16 11:56 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-02 20:21 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-02-01 18:21 - 2022-01-20 19:44 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\TeamViewer
2023-02-01 17:05 - 2022-01-17 12:08 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\tixati
2023-01-27 19:58 - 2022-01-16 11:50 - 000002456 __RSH C:\ProgramData\ntuser.pol
2023-01-27 19:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2023-01-27 11:45 - 2022-01-16 15:23 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-27 11:45 - 2022-01-16 15:23 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-26 17:18 - 2022-01-16 16:57 - 000000000 ____D C:\Users\Brksi\AppData\Local\CrashDumps
2023-01-26 15:41 - 2022-01-17 11:57 - 000000000 ____D C:\Users\Brksi\AppData\Roaming\Notepad++
2023-01-26 14:37 - 2022-01-17 13:58 - 000005867 _____ C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST2_x64.scan
2023-01-26 14:37 - 2022-01-17 13:58 - 000004712 _____ C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST3_x64.scan
2023-01-26 14:37 - 2022-01-17 13:58 - 000003712 _____ C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST2_x32.scan
2023-01-26 14:37 - 2022-01-17 13:58 - 000001571 _____ C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST3_x32.scan
2023-01-17 14:45 - 2022-01-17 12:19 - 000000000 ____D C:\Users\Brksi\.VirtualBox
2023-01-17 14:24 - 2022-01-17 12:19 - 000000000 ____D C:\ProgramData\VirtualBox
==================== Datoteke u korenu nekih direktorijuma ========
2022-01-16 16:06 - 2022-01-16 16:06 - 000000000 _____ () C:\Program Files (x86)\hackhound.txt
2022-01-17 13:58 - 2023-01-26 14:37 - 000003712 _____ () C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST2_x32.scan
2022-01-17 13:58 - 2023-01-26 14:37 - 000005867 _____ () C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST2_x64.scan
2022-01-17 13:58 - 2023-01-26 14:37 - 000001571 _____ () C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST3_x32.scan
2022-01-17 13:58 - 2023-01-26 14:37 - 000004712 _____ () C:\Users\Brksi\AppData\Roaming\plugin_scan_state_VST3_x64.scan
==================== SigCheck ============================
(Ne postoji automatizovan popravak za datoteke koji nisu prošle verifikaciju.)
==================== Kraj od FRST.txt ========================
https://www.mycity.rs/must-login.png
|
